Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

Debian: DLA-2901-1 Moderate: Libxfont Local File Access Threat

debian lts
Calendar Grey January 25, 2022
Dist Debian Esm H88
Debian LTS Advisory DLA-2902-1 tackles local directory traversal flaw in libgraphics. Urgent upgrade is advised.
n issue has been found in libxfont, an X11 font rasterisation library
Topics%20covered

Topics Covered

security advisory debian local file access libxfont X11 library

Summary

n issue has been found in libxfont, an X11 font rasterisation library.
By creating symlinks, a local attacker can open (but not read) local files
as user root. This might create unwanted actions with special files like
/dev/watchdog.


For Debian 9 stretch, this problem has been fixed in version
1:2.0.1-3+deb9u2.

We recommend that you upgrade your libxfont packages.

For the detailed security status of libxfont please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/libxfont

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



Package: libxfont
Version: 1:2.0.1-3+deb9u2
CVE ID: CVE-2017-16611

Topics%20covered

Topics Covered

security advisory debian local file access libxfont X11 library

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here