Lucene search

DebianDEBIAN:DLA-1126-1:5E693

HistoryOct 07, 2017 - 9:06 a.m.

[SECURITY] [DLA 1126-1] libxfont security update

2017-10-0709:06:50

lists.debian.org

3.6 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:N/A:P

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.7%

JSON

Package : libxfont
Version : 1:1.4.5-5+deb7u1
CVE IDs : CVE-2017-13720 CVE-2017-13722

It was discovered that there two vulnerabilities the library providing
font selection and rasterisation, libxfont:

CVE-2017-13720: If a pattern contained a '?' character any character
in the string is skipped even if it was a '\0'. The rest of the
matching then read invalid memory.
CVE-2017-13722: A malformed PCF file could cause the library to make
reads from random heap memory that was behind the strings buffer,
leading to an application crash or a information leak.

For Debian 7 "Wheezy", this issue has been fixed in libxfont version
1:1.4.5-5+deb7u1.

We recommend that you upgrade your libxfont packages.

Regards,

  ,&#x27;&#x27;`.
 : :&#x27;  :     Chris Lamb
 `. `&#x27;`      [email protected] / chris-lamb.co.uk
   `-

OSVersionArchitecturePackageVersionFilename
Debian7amd64libxfont-dev< 1:1.4.5-5+deb7u1libxfont-dev_1:1.4.5-5+deb7u1_amd64.deb
Debian7armhflibxfont-dev< 1:1.4.5-5+deb7u1libxfont-dev_1:1.4.5-5+deb7u1_armhf.deb
Debian7i386libxfont-dev< 1:1.4.5-5+deb7u1libxfont-dev_1:1.4.5-5+deb7u1_i386.deb
Debian7armellibxfont-dev< 1:1.4.5-5+deb7u1libxfont-dev_1:1.4.5-5+deb7u1_armel.deb
Debian7armhflibxfont1-udeb< 1:1.4.5-5+deb7u1libxfont1-udeb_1:1.4.5-5+deb7u1_armhf.deb
Debian7amd64libxfont1< 1:1.4.5-5+deb7u1libxfont1_1:1.4.5-5+deb7u1_amd64.deb
Debian7armellibxfont1-udeb< 1:1.4.5-5+deb7u1libxfont1-udeb_1:1.4.5-5+deb7u1_armel.deb
Debian7i386libxfont1-udeb< 1:1.4.5-5+deb7u1libxfont1-udeb_1:1.4.5-5+deb7u1_i386.deb
Debian7armellibxfont1< 1:1.4.5-5+deb7u1libxfont1_1:1.4.5-5+deb7u1_armel.deb
Debian7i386libxfont1< 1:1.4.5-5+deb7u1libxfont1_1:1.4.5-5+deb7u1_i386.deb

OS	Version	Architecture	Package	Version	Filename
Debian	7	amd64	libxfont-dev	< 1:1.4.5-5+deb7u1	libxfont-dev_1:1.4.5-5+deb7u1_amd64.deb
Debian	7	armhf	libxfont-dev	< 1:1.4.5-5+deb7u1	libxfont-dev_1:1.4.5-5+deb7u1_armhf.deb
Debian	7	i386	libxfont-dev	< 1:1.4.5-5+deb7u1	libxfont-dev_1:1.4.5-5+deb7u1_i386.deb
Debian	7	armel	libxfont-dev	< 1:1.4.5-5+deb7u1	libxfont-dev_1:1.4.5-5+deb7u1_armel.deb
Debian	7	armhf	libxfont1-udeb	< 1:1.4.5-5+deb7u1	libxfont1-udeb_1:1.4.5-5+deb7u1_armhf.deb
Debian	7	amd64	libxfont1	< 1:1.4.5-5+deb7u1	libxfont1_1:1.4.5-5+deb7u1_amd64.deb
Debian	7	armel	libxfont1-udeb	< 1:1.4.5-5+deb7u1	libxfont1-udeb_1:1.4.5-5+deb7u1_armel.deb
Debian	7	i386	libxfont1-udeb	< 1:1.4.5-5+deb7u1	libxfont1-udeb_1:1.4.5-5+deb7u1_i386.deb
Debian	7	armel	libxfont1	< 1:1.4.5-5+deb7u1	libxfont1_1:1.4.5-5+deb7u1_armel.deb
Debian	7	i386	libxfont1	< 1:1.4.5-5+deb7u1	libxfont1_1:1.4.5-5+deb7u1_i386.deb