Page MenuHomeSolus
Differential D1484

Update libxfont to 1.5.4 to address CVE-2017-16611
ClosedPublic
Actions

Authored by kyrios123 on Nov 28 2017, 8:10 PM.
Tags
  • Restricted Project
Referenced Files
F11047697: D1484.id3672.diff
Thu, Aug 10, 3:45 PM
F11047696: D1484.id.diff
Thu, Aug 10, 3:45 PM
F11033303: D1484.diff
Wed, Aug 9, 3:31 PM
Subscribers
None

Details

Reviewers
sunnyflunk
Group Reviewers
Triage Team
Commits
R1923:d9d55e1cf4c3: Update libxfont to 1.5.4 to address CVE-2017-16611
Summary

Open files with O_NOFOLLOW. (CVE-2017-16611)

A non-privileged X client can instruct X server running under root to open any file by creating own directory with "fonts.dir", "fonts.alias" or any font file being a symbolic link to any other file in the system. X server will then open it. This can be issue with special files such as /dev/watchdog.

Signed-off-by: Pierre-Yves <pyu@riseup.net>

Test Plan

Rebuild xorg-server and bdftopcf against this version

Diff Detail

Repository
R1923 libxfont
Branch
master
Lint
No Lint Coverage
Unit
No Test Coverage

Revision Contents
Changeset List

PathSize
6 lines
14 lines

Diff 3672

View Options

package.yml

Loading...
View Options

pspec_x86_64.xml

Loading...
Copyright © 2015-2021 Solus Project. The Solus logo is Copyright © 2016-2021 Solus Project. All Rights Reserved.