libXfont: Changes to 'libXfont-1.5-branch'
Matthieu Herrb
herrb at kemper.freedesktop.org
Tue Nov 28 14:27:34 UTC 2017
src/fontfile/dirfile.c | 25 ++++++++++++++++++++++---
src/fontfile/fileio.c | 5 ++++-
2 files changed, 26 insertions(+), 4 deletions(-)
New commits:
commit 5ed8ac0e4f063825b8ecda48e9a111d3ce92e825
Author: Michal Srb <msrb at suse.com>
Date: Thu Oct 26 09:48:13 2017 +0200
Open files with O_NOFOLLOW. (CVE-2017-16611)
A non-privileged X client can instruct X server running under root to open any
file by creating own directory with "fonts.dir", "fonts.alias" or any font file
being a symbolic link to any other file in the system. X server will then open
it. This can be issue with special files such as /dev/watchdog.
Reviewed-by: Matthieu Herrb <matthieu at herrb.eu>
More information about the xorg-commit
mailing list