Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2017.2538 libxfont security update 11 October 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: libxfont Publisher: Debian Operating System: Debian GNU/Linux 8 Debian GNU/Linux 9 UNIX variants (UNIX, Linux, OSX) Impact/Access: Denial of Service -- Existing Account Access Confidential Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2017-13722 CVE-2017-13720 Original Bulletin: http://www.debian.org/security/2017/dsa-3995 Comment: This advisory references vulnerabilities in products which run on platforms other than Debian. It is recommended that administrators running libxfont check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-3995-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff October 10, 2017 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : libxfont CVE ID : CVE-2017-13720 CVE-2017-13722 Two vulnerabilities were found in libXfont, the X11 font rasterisation library, which could result in denial of service or memory disclosure. For the oldstable distribution (jessie), these problems have been fixed in version 1:1.5.1-1+deb8u1. For the stable distribution (stretch), these problems have been fixed in version 1:2.0.1-3+deb9u1. We recommend that you upgrade your libxfont packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlndHYIACgkQEMKTtsN8 TjZ+UA//RHU5Pix6t6J5L06g97GJCgZ4aafve1mr3Xqsm4dFRhrBK+YZk92AYhvy Uzw3OPQlAs+iEIHfQ4Z53wNB0I/18l8xriEtryqZm986vLEpdQiVuTMLAj9784Jq C/2yUOB+p+orMR+Q/5MlmSXAmdiqVmP9+iV9PGQkp803Vn/PMcuvtD02oVvu5VMw YUz9PKJv19rW4XYb3E1+SgNPgXqc09MfdUmG+kITFtGKpSQEKn+fTG58VH7yGMZw SE8rqeyAQ068Z1nXU2hzneMSJgGwrfawQ6ZX9NWiQCn5r2eEuOJRwnOKeT4f4Bsb NZbQvBh3IfJYeCBQJ/31KIQxqA/TDOGYI/iokpsABcbmQN6Pyy9UScLf6FoVmdLD RaeF+s04GnWNMHJ7gbRSvfp7U5hlsW6aO8qLOGkNMY0aX6F1Jxm47u6jqHJJu58a 9FerNY3vEaZG2V0rteNAcjAtBbeOx1LwUDFH5rPmI5gGiDKWb0DgksxTEOKlZL0E EIzwDqGS4GFYIY7CVbfEIMaZzc4oRzmalzCsclZWORiIQxRmDOK7hZIQH4FpdYK1 xY4McWNcbkV+/14OitWUnHq65KlkMTSBrUVX45eAw//28CeFySY+LWkv2rbekLuT 7I44gPtT/dR7yUxwvp5qwcgsA6MrYldNuv7OAeSpHpsuTnR2/i4= =y1vG - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWd2E2ox+lLeg9Ub1AQi34w//WOMlljXpPQdFayIuioyiY4gRdZtn1gZy d4+00jx/Qw9dIIbJ+PACnjQmBKf9jhuPaVVidCKkU6k7B+vP802djk993cmIcbio poV6IHeR3w1p+8VXWjyXNpgqaskOVUZhqvQV4nhLnXMoPMOFHKhbDrQ6u8N1HEyX gygRD+gFw/3MstMZPGsP1E5UZxjeiW38RiPeJJBPXwZtarltT5H8HfUN8ek7IWlA MCpDRDfLCmCcUaEN1PEdJMZszVtMPlFK59KFZkMRbrxhcEHOVek1U8Rx1KWjLM1i MqM5cWIfVKvBZ2oNu0X7zAtR3Chxcy9SU/yRZ4KDUGa14I2l8r1kzHfmEpyxuM47 vpkTbtIFx4/PHbl7HW29xsqjkjZITi+C6OaG2C7ILm+IZi+jxlv7odYsgLfG/Odn +6P/Nv0nw6miyhozq1VzT3wLAKxnvJDbkTgIiKI3SG5dBSSz+QBIHANWrwcJw2zH V7puwLbf4JVKIkT4SmJpMkhVYQ1xz8Ufy95J4baq8haASBFPEJCX5GMwYnbXkXf9 i2Xdnlja0zOMy3Zb04PMPHDnmQmbp4B6rS8zH58u3JlO8u6kTCAkl2dNi7veFzs9 M5JvyM8j1f+8/kxPzdewZj1U/63aa5rRgtoXVT+XyyKqQUIOiAqtXhKfq5RQThUD ZFvLWQJ6A90= =EKjy -----END PGP SIGNATURE-----