Main Vulnerability Database SB2017112813

SB2017112813 - Privilege escalation in libxfont

Published: November 28, 2017 Updated: December 4, 2017

Security Bulletin ID SB2017112813

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Privilege escalation (CVE-ID: CVE-2017-16611)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to improper privileges control. A local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files.

Remediation

Install update from vendor's website.

References

https://marc.info/?l=freedesktop-xorg-announce&m=151188049718337&w=2
https://marc.info/?l=freedesktop-xorg-announce&m=151188044218304&w=2