Re: [PATCH] libxfont: CVE-2017-13720, CVE-2017-13722

Openembedded Core Discussions
 help / color / mirror / Atom feed

From: Alexander Kanavin <alexander.kanavin@linux.intel.com>
To: Catalin Enache <catalin.enache@windriver.com>,
	openembedded-core@lists.openembedded.org
Subject: Re: [PATCH] libxfont: CVE-2017-13720, CVE-2017-13722
Date: Wed, 1 Nov 2017 19:07:33 +0200	[thread overview]
Message-ID: <1ce6fd9f-8a06-e64e-990a-295da4c17481@linux.intel.com> (raw)
In-Reply-To: <1509553729-22718-1-git-send-email-catalin.enache@windriver.com>

On 11/01/2017 06:28 PM, Catalin Enache wrote:
> In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2
> and 2.x before 2.0.2, an attacker with access to an X connection can cause
> a buffer over-read during pattern matching of fonts, leading to information
> disclosure or a crash (denial of service). This occurs because '\0'
> characters are incorrectly skipped in situations involving ? characters.
> 
> In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2
> and 2.x before 2.0.2, a missing boundary check (for PCF files) could be used
> by local attackers authenticated to an Xserver for a buffer over-read, for
> information disclosure or a crash of the X server.

If both 1.x and 2.x are vulnerable, you should update them both (not 
just 1.x). Also, it's better to update to a version that is not 
vulnerable, rather than backport patches.

Alex

next prev parent reply	other threads:[~2017-11-01 17:07 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-11-01 16:28 [PATCH] libxfont: CVE-2017-13720, CVE-2017-13722 Catalin Enache
2017-11-01 17:07 ` Alexander Kanavin [this message]
2017-11-03 17:50   ` Randy MacLeod

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1ce6fd9f-8a06-e64e-990a-295da4c17481@linux.intel.com \
    --to=alexander.kanavin@linux.intel.com \
    --cc=catalin.enache@windriver.com \
    --cc=openembedded-core@lists.openembedded.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox