[3.5] libxfont: Open files with O_NOFOLLOW (CVE-2017-16611)ID: oval:org.secpod.oval:def:1800070 | Date: (C)2018-03-28 (M)2022-02-21 |
Class: PATCH | Family: unix |
A non-privileged X client can instruct X server running under root to open any file by creating own directory with "fonts.dir","fonts.alias" or any font file being a symbolic link to any other file in the system. X server will then open it. This can be issue with special files such as /dev/watchdog. Fixed In Version libXfont 1.5.4, libXfont2 2.0.3
Platform: |
Alpine Linux 3.5 |