- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201711-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: LibXfont, LibXfont2: Multiple vulnerabilities Date: November 11, 2017 Bugs: #634044 ID: 201711-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in LibXfont and Libxfont2, the worst of which could allow attackers to cause a Denial of Service condition. Background ========== X.Org Xfont library Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 x11-libs/libXfont2 < 2.0.2 >= 2.0.2 2 x11-libs/libXfont < 1.5.3 >= 1.5.3 ------------------------------------------------------------------- 2 affected packages Description =========== Multiple vulnerabilities have been discovered in LibXfont and LibXfont2. Please review the referenced CVE identifiers for details. Impact ====== Local attackers could obtain sensitive information or possibly cause a Denial of Service condition. Workaround ========== There is no known workaround at this time. Resolution ========== All LibXfont2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=x11-libs/libXfont2-2.0.2" All LibXfont users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=x11-libs/libXfont-1.5.3" References ========== [ 1 ] CVE-2017-13720 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13720 [ 2 ] CVE-2017-13722 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13722 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201711-08 Concerns?