Huawei EulerOS: Security Advisory for libXfont (EulerOS-SA-2020-1459)

The remote host is missing an update for the Huawei EulerOS 'libXfont' package(s) announced via the EulerOS-SA-2020-1459 advisory.

In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files.(CVE-2017-16611) In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2 and 2.x before 2.0.2, a missing boundary check (for PCF files) could be used by local attackers authenticated to an Xserver for a buffer over-read, for information disclosure or a crash of the X server.(CVE-2017-13722) In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash (denial of service). This occurs because '\0' characters are incorrectly skipped in situations involving ? characters.(CVE-2017-13720)

'libXfont' package(s) on Huawei EulerOS Virtualization 3.0.2.2.

Checks if a vulnerable package version is present on the target host.

Please install the updated package(s).