CLD-72 Details
Other IDs this deficiency may be known by:
Basic Information:
Affected Package(s) |
xorg-libraries |
Deficiency Type |
SECURITY |
Date Created |
2017-10-10 17:49:13 |
Date Last Modified |
2017-10-11 11:30:20 |
Version Specific Information:
Cucumber 1.0 i686 | fixed in xorg-libraries-7.7-i686-3 |
Cucumber 1.0 x86_64 | fixed in xorg-libraries-7.7-x86_64-3 and xorg-libraries-lib_i686-7.7-lib_i686-3 |
Cucumber 1.1 i686 |
fixed in xorg-libraries-7.7-i686-3 |
Cucumber 1.1 x86_64 |
fixed in xorg-libraries-7.7-x86_64-3 and xorg-libraries-lib_i686-7.7-lib_i686-3 |
Details:
This vulnerability was originally reported by the Debian security team in
DSA 3995-1, along with CVE-2017-13722. They claim the following:
Two vulnerabilities were found in libXfont, the X11 font rasterisation library,
which could result in denial of service or memory disclosure
(https://www.debian.org/security/2017/dsa-3995).
The Xorg developers released a patch and had this to say:
If a pattern contains '?' character, any character in the string is skipped,
even if it is '\0'. The rest of the matching then reads invalid memory
(https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d1e670a4a8704b8708e493ab6155589bcd570608).