PublicDateAtUSN: 2017-11-28
Candidate: CVE-2017-16611
PublicDate: 2017-12-01 17:29:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16611
 http://www.openwall.com/lists/oss-security/2017/11/28/7
 https://marc.info/?l=freedesktop-xorg-announce&m=151188049718337&w=2
 https://marc.info/?l=freedesktop-xorg-announce&m=151188044218304&w=2
 https://ubuntu.com/security/notices/USN-3500-1
Description:
 In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can
 open (but not read) files on the system as root, triggering tape rewinds,
 watchdogs, or similar mechanisms that can be triggered by opening files.
Ubuntu-Description: 
Notes: 
Bugs: 
Priority: medium
Discovered-by:
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H [5.5 MEDIUM]
 nvd: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H [5.5 MEDIUM]

Patches_libxfont:
 upstream: https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=7b377456f95d2ec3ead40f4fb74ea620191f88c8 (2.0)
 upstream: https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?h=libXfont-1.5-branch&id=5ed8ac0e4f063825b8ecda48e9a111d3ce92e825 (1.5)
upstream_libxfont: released (1.5.4,2.0.3)
precise/esm_libxfont: DNE
trusty_libxfont: released (1:1.4.7-1ubuntu0.4)
trusty/esm_libxfont: released (1:1.4.7-1ubuntu0.4)
xenial_libxfont: released (1:1.5.1-1ubuntu0.16.04.4)
esm-infra/xenial_libxfont: released (1:1.5.1-1ubuntu0.16.04.4)
zesty_libxfont: released (1:2.0.1-3ubuntu0.2)
artful_libxfont: released (1:2.0.1-3ubuntu1.1)
devel_libxfont: released (1:2.0.1-4ubuntu1)

Patches_libxfont1:
upstream_libxfont1: released (1.5.4)
precise/esm_libxfont1: DNE
trusty_libxfont1: DNE
trusty/esm_libxfont1: DNE
xenial_libxfont1: DNE
zesty_libxfont1: released (1:1.5.2-4ubuntu0.2)
artful_libxfont1: released (1:1.5.2-4ubuntu1.1)
devel_libxfont1: released (1:1.5.2-4ubuntu2)

Patches_libxfont2:
upstream_libxfont2: released (2.0.3)
precise/esm_libxfont2: DNE
trusty_libxfont2: DNE
trusty/esm_libxfont2: DNE
xenial_libxfont2: released (1:2.0.1-3~ubuntu16.04.3)
esm-infra/xenial_libxfont2: released (1:2.0.1-3~ubuntu16.04.3)
zesty_libxfont2: DNE
artful_libxfont2: DNE
devel_libxfont2: DNE