LibXfont, LibXfont2: Multiple vulnerabilities — GLSA 201711-08

Multiple vulnerabilities have been found in LibXfont and Libxfont2, the worst of which could allow attackers to cause a Denial of Service condition.

Affected packages

x11-libs/libXfont2 on all architectures
Affected versions < 2.0.2
Unaffected versions >= 2.0.2
x11-libs/libXfont on all architectures
Affected versions < 1.5.3
Unaffected versions >= 1.5.3

Background

X.Org Xfont library

Description

Multiple vulnerabilities have been discovered in LibXfont and LibXfont2. Please review the referenced CVE identifiers for details.

Impact

Local attackers could obtain sensitive information or possibly cause a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All LibXfont2 users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=x11-libs/libXfont2-2.0.2"
 

All LibXfont users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=x11-libs/libXfont-1.5.3"
 

References

Release date
November 11, 2017

Latest revision
November 11, 2017: 1

Severity
normal

Exploitable
local

Bugzilla entries