CVE-2017-16611

Priority
Medium
Description
In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can
open (but not read) files on the system as root, triggering tape rewinds,
watchdogs, or similar mechanisms that can be triggered by opening files.
References
Assigned-to
mdeslaur
Package
Upstream:released (1.5.4,2.0.3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (1:1.4.7-1ubuntu0.4)
Ubuntu 16.04 LTS (Xenial Xerus):released (1:1.5.1-1ubuntu0.16.04.4)
Ubuntu 17.04 (Zesty Zapus):released (1:2.0.1-3ubuntu0.2)
Ubuntu 17.10 (Artful Aardvark):released (1:2.0.1-3ubuntu1.1)
Ubuntu 18.04 LTS (Bionic Beaver):released (1:2.0.1-4ubuntu1)
Patches:
Upstream:https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=7b377456f95d2ec3ead40f4fb74ea620191f88c8 (2.0)
Upstream:https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?h=libXfont-1.5-branch&id=5ed8ac0e4f063825b8ecda48e9a111d3ce92e825 (1.5)
Package
Upstream:released (1.5.4)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 17.04 (Zesty Zapus):released (1:1.5.2-4ubuntu0.2)
Ubuntu 17.10 (Artful Aardvark):released (1:1.5.2-4ubuntu1.1)
Ubuntu 18.04 LTS (Bionic Beaver):released (1:1.5.2-4ubuntu2)
Package
Upstream:released (2.0.3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (1:2.0.1-3~ubuntu16.04.3)
Ubuntu 17.04 (Zesty Zapus):DNE
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
More Information

Updated: 2017-12-15 20:35:44 UTC (commit 13913)