[3.6] libxfont: Open files with O_NOFOLLOW (CVE-2017-16611)ID: oval:org.secpod.oval:def:1800458 | Date: (C)2018-03-28 (M)2023-12-20 |
Class: PATCH | Family: unix |
A non-privileged X client can instruct X server running under root to open any file by creating own directory with "fonts.dir","fonts.alias" or any font file being a symbolic link to any other file in the system. X server will then open it. This can be issue with special files such as /dev/watchdog. Fixed In Version: libXfont 1.5.4, libXfont2 2.0.3
Platform: |
Alpine Linux 3.6 |