CLD-155 Details

Other IDs this deficiency may be known by:

CVE ID CVE-2017-16611 (nvd) (mitre) (debian) (archlinux) (red hat) (suse) (ubuntu)
Other ID(s)

Basic Information:

Affected Package(s) xorg-libraries
Deficiency Type SECURITY
Date Created 2017-11-28 10:33:28
Date Last Modified 2017-11-28 11:53:50

Version Specific Information:

Cucumber 1.0 i686fixed in xorg-libraries-7.7-i686-4
Cucumber 1.0 x86_64fixed in xorg-libraries-7.7-x86_64-4 and xorg-libraries-lib_i686-7.7-lib_i686-4

Cucumber 1.1 i686 fixed in xorg-libraries-7.7-i686-4
Cucumber 1.1 x86_64 fixed in xorg-libraries-7.7-x86_64-4 and xorg-libraries-lib_i686-7.7-lib_i686-4


================================ Initial Report ================================

From Openwall (


X.Org has just release libXfont 1.5.4 and libXfont2 2.0.3 which
contain the following security fix:

Author:     Michal Srb 
AuthorDate: Thu Oct 26 09:48:13 2017 +0200
Commit:     Matthieu Herrb 
CommitDate: Sat Nov 25 11:46:50 2017 +0100

    Open files with O_NOFOLLOW. (CVE-2017-16611)

    A non-privileged X client can instruct X server running under root
    to open any file by creating own directory with "fonts.dir",
    "fonts.alias" or any font file being a symbolic link to any other
    file in the system. X server will then open it. This can be issue
    with special files such as /dev/watchdog.
Matthieu Herrb

================================= Our Analysis =================================

----- Fix for this Vulnerability -----
This vulnerability was fixed by the Xorg developers in commit 
which has been applied in release 1.5.4 of libXfont.

----- Affected Products -----
Any systems using a version of libXfont prior to 1.5.4 that have not applied
the aforementioned patch are vulnerable to this vulnerability. This includes
Cucumber Linux 1.0 and 1.1 (as of Tue Nov 28 11:22:08 EST 2017) since they both
use libXfont 1.5.1.

----- Scope and Impact of this Vulnerability -----
It appears that this vulnerability can result in information disclosure. It
allows for an unprivileged user to open an arbitrary file as root.

================================= Our Solution =================================

We have patched this vulnerability by applying the upstream patch
to the xorg-libraries package (effective in xorg-libraries-7.7-i686-4). It
worked without modification.