=========================================================================== Ubuntu Security Notice USN-3500-1 November 29, 2017 libxfont, libxfont1, libxfont2 vulnerability =========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 17.10 - Ubuntu 17.04 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: libXfont could be made to access arbitrary files, including special device files. Software Description: - libxfont: X11 font rasterisation library - libxfont1: X11 font rasterisation library - libxfont2: X11 font rasterisation library Details: It was discovered that libXfont incorrectly followed symlinks when opening font files. A local unprivileged user could use this issue to cause the X server to access arbitrary files, including special device files. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 17.10: libxfont1 1:1.5.2-4ubuntu1.1 libxfont2 1:2.0.1-3ubuntu1.1 Ubuntu 17.04: libxfont1 1:1.5.2-4ubuntu0.2 libxfont2 1:2.0.1-3ubuntu0.2 Ubuntu 16.04 LTS: libxfont1 1:1.5.1-1ubuntu0.16.04.4 libxfont2 1:2.0.1-3~ubuntu16.04.3 Ubuntu 14.04 LTS: libxfont1 1:1.4.7-1ubuntu0.4 After a standard system update you need to reboot your computer to make all the necessary changes. References: https://www.ubuntu.com/usn/usn-3500-1 CVE-2017-16611 Package Information: https://launchpad.net/ubuntu/+source/libxfont/1:2.0.1-3ubuntu1.1 https://launchpad.net/ubuntu/+source/libxfont1/1:1.5.2-4ubuntu1.1 https://launchpad.net/ubuntu/+source/libxfont/1:2.0.1-3ubuntu0.2 https://launchpad.net/ubuntu/+source/libxfont1/1:1.5.2-4ubuntu0.2 https://launchpad.net/ubuntu/+source/libxfont/1:1.5.1-1ubuntu0.16.04.4 https://launchpad.net/ubuntu/+source/libxfont2/1:2.0.1-3~ubuntu16.04.3 https://launchpad.net/ubuntu/+source/libxfont/1:1.4.7-1ubuntu0.4 --WJ7JgBuTe6ORGBWdaBhK9frScHNpf32qD--