CVE-2017-13720(https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13720): In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash (denial of service). This occurs because '\0' characters are incorrectly skipped in situations involving ? characters. Bug Reference:https://bugzilla.redhat.com/show_bug.cgi?id=1500690 Upstream Patch: https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d1e670a4a8704b8708e493ab6155589bcd570608 CVE-2017-13722(https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13722): In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2 and 2.x before 2.0.2, a missing boundary check (for PCF files) could be used by local attackers authenticated to an Xserver for a buffer over-read, for information disclosure or a crash of the X server. Bug Reference:https://bugzilla.redhat.com/show_bug.cgi?id=1500693 Upstream Patch: https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=672bb944311392e2415b39c0d63b1e1902905bcd @maintainer(s), proceed as necessary, call stabilization when ready. Thank you. Gentoo Security Padawan Daj Uan (jmbailey/mbailey_j)
Note that libXfont and libXfont2 are two different packages here.
commit 24a749d3dbff9d0697ad6ab5b86469eb3fd265be Author: Manuel Rüger <mrueg@gentoo.org> Date: Wed Oct 11 22:18:29 2017 +0200 x11-libs/libXfont2: Version bump to 2.0.2 Package-Manager: Portage-2.3.11, Repoman-2.3.3
(and we have libXfont package still in tree too, to be patched or something..).. so... separate bugs with a tracker?
(In reply to Manuel Rüger from comment #2) >x11-libs/libXfont2: Version bump to 2.0.2 > Package-Manager: Portage-2.3.11, Repoman-2.3.3 ...that was fast, thank you. Call stable when ready, please.
Please proceed :)
Meh, this should have been separated.
ppc/ppc64 stable
x86 stable Adding missing architectures.
amd64 stable
hppa stable
ia64 stable
tatt report for sparc: USE='-bzip2 -doc -ipv6 -static-libs -truetype' succeeded for =x11-libs/libXfont2-2.0.2 USE='-bzip2 doc ipv6 -static-libs -truetype' : REQUIRED_USE not satisfied (probably) USE='bzip2 -doc -ipv6 static-libs -truetype' succeeded for =x11-libs/libXfont2-2.0.2 USE='-bzip2 doc -ipv6 static-libs -truetype' : REQUIRED_USE not satisfied (probably) USE='bzip2 -doc -ipv6 -static-libs truetype' succeeded for =x11-libs/libXfont2-2.0.2 USE='bzip2 -doc ipv6 -static-libs truetype' succeeded for =x11-libs/libXfont2-2.0.2 USE='bzip2 doc ipv6 -static-libs truetype' : REQUIRED_USE not satisfied (probably) USE='-bzip2 -doc -ipv6 static-libs truetype' succeeded for =x11-libs/libXfont2-2.0.2 USE='-bzip2 doc -ipv6 static-libs truetype' : REQUIRED_USE not satisfied (probably) USE='-bzip2 -doc ipv6 static-libs truetype' succeeded for =x11-libs/libXfont2-2.0.2 USE='bzip2 -doc ipv6 static-libs truetype' succeeded for =x11-libs/libXfont2-2.0.2 USE='bzip2 doc ipv6 static-libs truetype' : REQUIRED_USE not satisfied (probably) FEATURES= test succeeded for =x11-libs/libXfont2-2.0.2 USE='-bzip2 -doc -ipv6 -static-libs -truetype' succeeded for =x11-libs/libXfont-1.5.3 USE='-bzip2 doc -ipv6 -static-libs -truetype' : REQUIRED_USE not satisfied (probably) USE='-bzip2 -doc ipv6 -static-libs -truetype' succeeded for =x11-libs/libXfont-1.5.3 USE='bzip2 -doc ipv6 -static-libs -truetype' succeeded for =x11-libs/libXfont-1.5.3 USE='bzip2 -doc -ipv6 static-libs -truetype' succeeded for =x11-libs/libXfont-1.5.3 USE='-bzip2 -doc ipv6 -static-libs truetype' succeeded for =x11-libs/libXfont-1.5.3 USE='bzip2 -doc ipv6 -static-libs truetype' succeeded for =x11-libs/libXfont-1.5.3 USE='-bzip2 doc ipv6 -static-libs truetype' : REQUIRED_USE not satisfied (probably) USE='-bzip2 -doc -ipv6 static-libs truetype' succeeded for =x11-libs/libXfont-1.5.3 USE='bzip2 -doc ipv6 static-libs truetype' succeeded for =x11-libs/libXfont-1.5.3 USE='bzip2 doc ipv6 static-libs truetype' : REQUIRED_USE not satisfied (probably) FEATURES= test succeeded for =x11-libs/libXfont-1.5.3 FEATURES= test USE=' ' succeeded for x11-base/xorg-server FEATURES= test USE=' ' succeeded for x11-apps/bdftopcf FEATURES= test USE='server ' succeeded for net-misc/tigervnc FEATURES= test USE=' ' succeeded for x11-base/xorg-server
sparc stable, thanks to Rolf Eike Beer
Stable on alpha.
@ Maintainer(s): Stabilization is complete, please clean the vulnerable versions from the tree.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b61b085c5df9cebc1b7ca642fa5864b8ab743ddf commit b61b085c5df9cebc1b7ca642fa5864b8ab743ddf Author: Matt Turner <mattst88@gentoo.org> AuthorDate: 2017-11-08 23:23:55 +0000 Commit: Matt Turner <mattst88@gentoo.org> CommitDate: 2017-11-08 23:37:09 +0000 x11-libs/libXfont2: Drop vulnerable version Bug: https://bugs.gentoo.org/634044 x11-libs/libXfont2/Manifest | 1 - x11-libs/libXfont2/libXfont2-2.0.1.ebuild | 33 ------------------------------- 2 files changed, 34 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=252fdf82acdd1c6b9187e3b76c75e96e58dcd7e4 commit 252fdf82acdd1c6b9187e3b76c75e96e58dcd7e4 Author: Matt Turner <mattst88@gentoo.org> AuthorDate: 2017-11-08 23:23:25 +0000 Commit: Matt Turner <mattst88@gentoo.org> CommitDate: 2017-11-08 23:37:09 +0000 x11-libs/libXfont: Drop vulnerable version Bug: https://bugs.gentoo.org/634044 x11-libs/libXfont/Manifest | 1 - x11-libs/libXfont/libXfont-1.5.2.ebuild | 34 --------------------------------- 2 files changed, 35 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7c1c02b4b226877cc1ea12bd46b2325472ac7410 commit 7c1c02b4b226877cc1ea12bd46b2325472ac7410 Author: Matt Turner <mattst88@gentoo.org> AuthorDate: 2017-11-08 23:36:14 +0000 Commit: Matt Turner <mattst88@gentoo.org> CommitDate: 2017-11-08 23:37:09 +0000 package.mask: Mask vulnerable versions of libXfont Bug: https://bugs.gentoo.org/634044 profiles/package.mask | 5 +++++ 1 file changed, 5 insertions(+)}
WTF. Somehow arm@ never got added.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=81db985d3c8042f98860e51f8e577adc92dac8c2 commit 81db985d3c8042f98860e51f8e577adc92dac8c2 Author: Matt Turner <mattst88@gentoo.org> AuthorDate: 2017-11-09 01:37:18 +0000 Commit: Matt Turner <mattst88@gentoo.org> CommitDate: 2017-11-09 01:38:05 +0000 Revert "x11-libs/libXfont: Drop vulnerable version" This reverts commit 252fdf82acdd1c6b9187e3b76c75e96e58dcd7e4. arm is not done yet. Bug: https://bugs.gentoo.org/634044 x11-libs/libXfont/Manifest | 1 + x11-libs/libXfont/libXfont-1.5.2.ebuild | 34 +++++++++++++++++++++++++++++++++ 2 files changed, 35 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=aecc9566af962c283b3ef0ac98b28817f7f90d06 commit aecc9566af962c283b3ef0ac98b28817f7f90d06 Author: Matt Turner <mattst88@gentoo.org> AuthorDate: 2017-11-09 01:37:11 +0000 Commit: Matt Turner <mattst88@gentoo.org> CommitDate: 2017-11-09 01:37:34 +0000 Revert "x11-libs/libXfont2: Drop vulnerable version" This reverts commit b61b085c5df9cebc1b7ca642fa5864b8ab743ddf. arm is not done yet. Bug: https://bugs.gentoo.org/634044 x11-libs/libXfont2/Manifest | 1 + x11-libs/libXfont2/libXfont2-2.0.1.ebuild | 33 +++++++++++++++++++++++++++++++ 2 files changed, 34 insertions(+)}
This issue was resolved and addressed in GLSA 201711-08 at https://security.gentoo.org/glsa/201711-08 by GLSA coordinator Aaron Bauman (b-man).
re-opened for arm and cleanup.
arm stable
Vulnerable versions removed.