Ubuntu has issued an advisory on November 29: https://usn.ubuntu.com/usn/usn-3500-1/ Mageia 5 and Mageia 6 are also affected.
Whiteboard: (none) => MGA6TOO, MGA5TOOCC: (none) => nicolas.salguero
There is no registered maintainer for libxfont. The registered maintainer of libxfont2 is tv, who has too many bugs assigned to him. Assigning this report to all packagers collectively and CC'ing tv.
Assignee: bugsquad => pkg-bugsCC: (none) => marja11, thierry.vignaud
Suggested advisory: ======================== The updated packages fix a security vulnerability: Open files with O_NOFOLLOW. (CVE-2017-16611) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16611 https://usn.ubuntu.com/usn/usn-3500-1/ ======================== Updated packages in 5/core/updates_testing: ======================== lib(64)xfont1-1.5.1-1.2.mga5 lib(64)xfont-devel-1.5.1-1.2.mga5 from SRPMS: libxfont-1.5.1-1.2.mga5.src.rpm Updated packages in 6/core/updates_testing: ======================== lib(64)xfont1-1.5.2-1.2.mga6 lib(64)xfont-devel-1.5.2-1.2.mga6 lib(64)xfont2_2-2.0.1-4.2.mga6 lib(64)xfont2-devel-2.0.1-4.2.mga6 from SRPMS: libxfont-1.5.2-1.2.mga6.src.rpm libxfont2-2.0.1-4.2.mga6.src.rpm
Version: Cauldron => 6Assignee: pkg-bugs => qa-bugsWhiteboard: MGA6TOO, MGA5TOO => MGA5TOOStatus: NEW => ASSIGNEDCVE: (none) => CVE-2017-16611
Installed an tested without issues. System: Mageia 5, x86_64, Plasma DE, Intel CPU, nVidia GPU with nvidia340 proprietary driver. Since libxfont1 is used by the xorg server, to test I simply restarted the Xorg server and session to be certain the new library was loaded and used. No regressions noticed. $ uname -a Linux marte 4.4.103-desktop-1.mga5 #1 SMP Thu Nov 30 12:44:39 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux $ rpm -q lib64xfont1 lib64xfont1-1.5.1-1.2.mga5 $ urpmq --whatrequires lib64xfont1 | egrep -v ^lib | sort -u bdftopcf tigervnc-server x11-server-xdmx x11-server-xephyr x11-server-xfake x11-server-xfbdev x11-server-xnest x11-server-xorg x11-server-xvfb x11-server-xwayland
CC: (none) => mageiaWhiteboard: MGA5TOO => MGA5TOO MGA5-64-OK
Mageia 6 on x86_64 Tried out bdftopcf before updating and it failed. Looks like the bdf files on the system are imcompatible with bdftopc. The libraries updated cleanly and the session restarted fine after logging out. Mate desktop re-established with all settings as they were including firefox tabs.
CC: (none) => tarazed25Whiteboard: MGA5TOO MGA5-64-OK => MGA5TOO MGA5-64-OK MGA6-64-OK
Re comment 4. Should have noted that the Mageia 6 updates have xfont1 and xfont2 libraries. $ rpm -qa | grep xfont lib64xfont-devel-1.5.2-1.2.mga6 lib64xfont2_2-2.0.1-4.2.mga6 lib64xfont1-1.5.2-1.2.mga6 lib64xfont2-devel-2.0.1-4.2.mga6
MGA6-32 on Dell Latitude D600 MATE No installation issues. Restarted session after update, no adverse effects seen. Run bdftopcf as normal user and as root. In both cases the command seems to hang forever. However: # journalctl -b | grep bdf dec 02 11:36:36 xxx.yyy.zzz [RPM][2662]: install bdftopcf-1.0.5-1.mga6.i586: success dec 02 11:36:43 xxx.yyy.zzz [RPM][2662]: install bdftopcf-1.0.5-1.mga6.i586: success Seems good to go.
CC: (none) => herman.viaeneWhiteboard: MGA5TOO MGA5-64-OK MGA6-64-OK => MGA5TOO MGA5-64-OK MGA6-64-OK MGA6-32-OK
MGA5-32 on Dell Latitude D600 Xfce No installation issues. Restarted session after update, no adverse effects seen. Similar result with bdftopcf as Comment 6. Good enough for me.
Whiteboard: MGA5TOO MGA5-64-OK MGA6-64-OK MGA6-32-OK => MGA5TOO MGA5-64-OK MGA6-64-OK MGA6-32-OK MGA5-32-OK
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2017-0442.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED