You are here
Home > Preporuke > Sigurnosni nedostaci programske biblioteke libxfont

Sigurnosni nedostaci programske biblioteke libxfont

by ncert - 0

==========================================================================
Ubuntu Security Notice USN-3442-1
October 10, 2017

libxfont, libxfont1, libxfont2 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 17.04
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in libXfont.

Software Description:
– libxfont: X11 font rasterisation library
– libxfont1: X11 font rasterisation library
– libxfont2: X11 font rasterisation library

Details:

It was discovered that libXfont incorrectly handled certain patterns in
PatternMatch. A local attacker could use this issue to cause libXfont to
crash, resulting in a denial of service, or possibly obtain sensitive
information. (CVE-2017-13720)

It was discovered that libXfont incorrectly handled certain malformed PCF
files. A local attacker could use this issue to cause libXfont to crash,
resulting in a denial of service, or possibly obtain sensitive information.
(CVE-2017-13722)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.04:
libxfont1 1:1.5.2-4ubuntu0.1
libxfont2 1:2.0.1-3ubuntu0.1

Ubuntu 16.04 LTS:
libxfont1 1:1.5.1-1ubuntu0.16.04.3
libxfont2 1:2.0.1-3~ubuntu16.04.2

Ubuntu 14.04 LTS:
libxfont1 1:1.4.7-1ubuntu0.3

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
https://www.ubuntu.com/usn/usn-3442-1
CVE-2017-13720, CVE-2017-13722

Package Information:
https://launchpad.net/ubuntu/+source/libxfont/1:2.0.1-3ubuntu0.1
https://launchpad.net/ubuntu/+source/libxfont1/1:1.5.2-4ubuntu0.1
https://launchpad.net/ubuntu/+source/libxfont/1:1.5.1-1ubuntu0.16.04.3
https://launchpad.net/ubuntu/+source/libxfont2/1:2.0.1-3~ubuntu16.04.2
https://launchpad.net/ubuntu/+source/libxfont/1:1.4.7-1ubuntu0.3

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAEBCgAGBQJZ3OmwAAoJEGVp2FWnRL6TZlAQAK8UZFoW4gvg2nbpNwYN1m/S
Op93xHIZG5GlCACeEYt6rbhkE1ES6FvO7Ut2XU3yvTQTEl3hnaCN0aebzoa+11VW
yM48OBHUfPFa37b4lrueUiR9BTXkfPsO1Qs76tFVqm8cDJFmUiu5KGT08vWpwbN3
MNcEQW9URChFwk1tazdwR+Nfuzumh64JHK/vKMFdUpo1czXyLNjXG/alpRpkIU/x
xsmke4NQMUvPhXztL2tlHoy/C3Gk4MVxGeoQTCD3eNKnUjcRLlZ6iwAeFiYcUZ66
VfPOM8rfVeP36IYEaoCojSASq5sy4o6iAXYGbMA3gNmeXwOxqKNER0mnOx6ZdxzT
+sqfE35cfeqVtjQDgFpuBgImOuHFXZ7uB+/M8jgl8Zw41lhmrY5dsDu2CMLNOcIw
WDfG7mzLd6FNOXBxqBg56T3jptXrDQ7cQ9RD/dpbQhRjEjlKMAMCQNNhubAfH61r
mXNIwS/T5oG6k8mJgoo3loqy+6aGshOMjVrCqHZKn7U1DZrUCFx+ULgCEQN2OuB2
Zv7w+/KJKp7ggtVmAWw5BtPIAFWNO5pky/jDTeA2xJgMX/PKdI8I6P80inqGl1by
9n1KJ4aEs7QlCFJ0xu0d9mrmzsFmwFcC5A4Kn9+QtpmJodNYFsSPhUs6xxWunhvi
b4HYmRuRH17ceaRaw073
=v7LA
—–END PGP SIGNATURE—–

ncert
Top
More in Preporuke
Sigurnosni nedostatak jezgre operacijskog sustava

Otkriven je sigurnosni nedostatak jezgre operacijskog sustava RHEL. Otkriveni nedostatak potencijalnim napadačima omogućuje stjecanje uvećanih ovlasti. Savjetuje se ažuriranje izdanim...

Close