[SECURITY] [DLA 2901-1] libxfont security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2901-1] libxfont security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Tue, 25 Jan 2022 22:20:04 +0000 (UTC)
Message-id: <[🔎] alpine.DEB.2.21.2201252219120.27264@postfach.intern.alteholz.me>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2901-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
January 25, 2022                              https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : libxfont
Version        : 1:2.0.1-3+deb9u2
CVE ID         : CVE-2017-16611


n issue has been found in libxfont, an X11 font rasterisation library.

By creating symlinks, a local attacker can open (but not read) local filesas user root. This might create unwanted actions with special files like/dev/watchdog.



For Debian 9 stretch, this problem has been fixed in version
1:2.0.1-3+deb9u2.

We recommend that you upgrade your libxfont packages.

For the detailed security status of libxfont please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libxfont

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmHwd5RfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEf25w/9FewnRby8l//fXBTG8JfK4Zs3HMaPQ3WYlPYN3rDm/iCafshjQo18r0o7
/IkkXWKdIClhiLQL4H5R407oEF5zM5QdCcV30gwEv+pyeXgPio0yH0AQKiqi8LAm
iwicYrXciusRd6dDeM4sIR4LCKef4/L5g0hH9ItmgbLyl5SI0a7ioQDV/auDE80F
hfpeb2fz3xOFbcaHwcuCpRpZqtTtrj2NwZQQIM/8eyuPkGNdjGWDQTU+vh5w/sBp
9vaEHZLL23HSFSr0S/tFYt8Q64ZtgNz3iUyXnbmL2g8S8WfJbCcWa9lHmVuPwccd
FcuIEDNQSH2UQWscuoopr5jnyn/R06KQQhX0K7FkLO0q000MtDNemeTkjYTD12wL
2HnPukXsBra7eG4OJQByHWZ+j+MCnBT9kix7lHS9ROAt29HD8CqDFUhWhIoi6+PX
nGoiWSrp3FoOIglih+arQddPr6VS2nUD/uW42wdQS53TidY+Xiwcjhq1N0oHvEsz
jotolZ7RSRW4Hw/Ty43L5uLnvVcljQkAuqBGpzkyo9+L2QRNyA6PDFhoeZdoC81k
V7WbTI4EVujHbWxl2eAIXAIN8Kkv8qQArpo2QN03XVIgqvjjyjx3EELWf3HIfpVR
TH0rY73Zp6jxI+IOqs61lzvps0Q/36y8GXzp3kwTcNffhoOOS1E=
=K8Zl
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2900-1] lrzsz security update
Next by Date: [SECURITY] [DLA 2883-2] uriparser security update
Previous by thread: [SECURITY] [DLA 2900-1] lrzsz security update
Next by thread: [SECURITY] [DLA 2883-2] uriparser security update
Index(es):
- Date
- Thread