ALT-PU-2017-2733-1
Closed vulnerabilities
Published: 2017-11-06
BDU:2022-06035
Уязвимость библиотеки LibXfont, связанная с неверным определением символических ссылок перед доступом к файлу, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (5.5)
Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2017-12-01
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2017-16611
In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files.
Severity: MEDIUM (5.5)
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References:
- http://security.cucumberlinux.com/security/details.php?id=155
- http://security.cucumberlinux.com/security/details.php?id=155
- [oss-security] 20171128 CVE-2017-16611 libXfont Open files with O_NOFOLLOW
- [oss-security] 20171128 CVE-2017-16611 libXfont Open files with O_NOFOLLOW
- USN-3500-1
- USN-3500-1
- https://bugzilla.suse.com/show_bug.cgi?id=1050459
- https://bugzilla.suse.com/show_bug.cgi?id=1050459
- [debian-lts-announce] 20220125 [SECURITY] [DLA 2901-1] libxfont security update
- [debian-lts-announce] 20220125 [SECURITY] [DLA 2901-1] libxfont security update
- [freedesktop-xorg-announce] 20171128 libXfont2 2.0.3
- [freedesktop-xorg-announce] 20171128 libXfont2 2.0.3
- [freedesktop-xorg-announce] 20171128 libXfont 1.5.4
- [freedesktop-xorg-announce] 20171128 libXfont 1.5.4
- GLSA-201801-10
- GLSA-201801-10