Ubuntu Security Notice USN-3442-1

Ubuntu Security Notice USN-3442-1: Posted Oct 10, 2017; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 3442-1 - It was discovered that libXfont incorrectly handled certain patterns in PatternMatch. A local attacker could use this issue to cause libXfont to crash, resulting in a denial of service, or possibly obtain sensitive information. It was discovered that libXfont incorrectly handled certain malformed PCF files. A local attacker could use this issue to cause libXfont to crash, resulting in a denial of service, or possibly obtain sensitive information. Various other issues were also addressed.; tags | advisory, denial of service, local; systems | linux, ubuntu; advisories | CVE-2017-13720, CVE-2017-13722; SHA-256 | 30b27a28193951828312148232f8c01ea200f256709d21af384a940152c4fe92; Download | Favorite | View

Ubuntu Security Notice USN-3442-1

==========================================================================
Ubuntu Security Notice USN-3442-1
October 10, 2017

libxfont, libxfont1, libxfont2 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 17.04
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in libXfont.

Software Description:
- libxfont: X11 font rasterisation library
- libxfont1: X11 font rasterisation library
- libxfont2: X11 font rasterisation library

Details:

It was discovered that libXfont incorrectly handled certain patterns in
PatternMatch. A local attacker could use this issue to cause libXfont to
crash, resulting in a denial of service, or possibly obtain sensitive
information. (CVE-2017-13720)

It was discovered that libXfont incorrectly handled certain malformed PCF
files. A local attacker could use this issue to cause libXfont to crash,
resulting in a denial of service, or possibly obtain sensitive information.
(CVE-2017-13722)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.04:
  libxfont1                       1:1.5.2-4ubuntu0.1
  libxfont2                       1:2.0.1-3ubuntu0.1

Ubuntu 16.04 LTS:
  libxfont1                       1:1.5.1-1ubuntu0.16.04.3
  libxfont2                       1:2.0.1-3~ubuntu16.04.2

Ubuntu 14.04 LTS:
  libxfont1                       1:1.4.7-1ubuntu0.3

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
  https://www.ubuntu.com/usn/usn-3442-1
  CVE-2017-13720, CVE-2017-13722

Package Information:
  https://launchpad.net/ubuntu/+source/libxfont/1:2.0.1-3ubuntu0.1
  https://launchpad.net/ubuntu/+source/libxfont1/1:1.5.2-4ubuntu0.1
  https://launchpad.net/ubuntu/+source/libxfont/1:1.5.1-1ubuntu0.16.04.3
  https://launchpad.net/ubuntu/+source/libxfont2/1:2.0.1-3~ubuntu16.04.2
  https://launchpad.net/ubuntu/+source/libxfont/1:1.4.7-1ubuntu0.3

Top Authors In Last 30 Days

Red Hat 247 files
Ubuntu 90 files
indoushka 54 files
Jasper Nota 25 files
Willem Westerhof 19 files
Debian 13 files
Gentoo 11 files
Jim Blankendaal 11 files
Apple 9 files
Martijn Baalman 9 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,087)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,534)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,608)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,440)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,726)
UNIX (9,433)
UnixWare (187)
Windows (6,668)
Other

Ubuntu Security Notice USN-3442-1

Ubuntu Security Notice USN-3442-1

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Ubuntu Security Notice USN-3442-1

Share This

Ubuntu Security Notice USN-3442-1

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems