LibXfont, LibXfont2: Arbitrary file access

LibXfont, LibXfont2: Arbitrary file access A vulnerability has been found in LibXfont and LibXfont2 which may allow for arbitrary file access. LibXfont, LibXfont2 2018-01-08 2018-01-08 639064 local 1.5.4 1.5.4 2.0.3 2.0.3

X.Org Xfont library.

It was discovered that libXfont incorrectly followed symlinks when opening font files.

A local unprivileged user could use this flaw to cause the X server to access arbitrary files, including special device files.

There is no known workaround at this time.

All LibXfont users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose ">=x11-libs/libXfont-1.5.4"

All LibXfont2 users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose ">=x11-libs/libXfont2-2.0.3"

CVE-2017-16611 jmbailey jmbailey