Your submission was sent successfully! Close

USN-3500-1: libXfont vulnerability

29 November 2017

libXfont could be made to access arbitrary files, including special device files.

Releases

Packages

Details

It was discovered that libXfont incorrectly followed symlinks when opening
font files. A local unprivileged user could use this issue to cause the X
server to access arbitrary files, including special device files.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 17.10
Ubuntu 17.04
Ubuntu 16.04
Ubuntu 14.04

After a standard system update you need to reboot your computer to make
all the necessary changes.

References