========================================================================== Ubuntu Security Notice USN-3442-1 October 10, 2017 libxfont, libxfont1, libxfont2 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 17.04 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in libXfont. Software Description: - libxfont: X11 font rasterisation library - libxfont1: X11 font rasterisation library - libxfont2: X11 font rasterisation library Details: It was discovered that libXfont incorrectly handled certain patterns in PatternMatch. A local attacker could use this issue to cause libXfont to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2017-13720) It was discovered that libXfont incorrectly handled certain malformed PCF files. A local attacker could use this issue to cause libXfont to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2017-13722) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 17.04: libxfont1 1:1.5.2-4ubuntu0.1 libxfont2 1:2.0.1-3ubuntu0.1 Ubuntu 16.04 LTS: libxfont1 1:1.5.1-1ubuntu0.16.04.3 libxfont2 1:2.0.1-3~ubuntu16.04.2 Ubuntu 14.04 LTS: libxfont1 1:1.4.7-1ubuntu0.3 After a standard system update you need to reboot your computer to make all the necessary changes. References: https://www.ubuntu.com/usn/usn-3442-1 CVE-2017-13720, CVE-2017-13722 Package Information: https://launchpad.net/ubuntu/+source/libxfont/1:2.0.1-3ubuntu0.1 https://launchpad.net/ubuntu/+source/libxfont1/1:1.5.2-4ubuntu0.1 https://launchpad.net/ubuntu/+source/libxfont/1:1.5.1-1ubuntu0.16.04.3 https://launchpad.net/ubuntu/+source/libxfont2/1:2.0.1-3~ubuntu16.04.2 https://launchpad.net/ubuntu/+source/libxfont/1:1.4.7-1ubuntu0.3