Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2016:2186-1

Опубликовано: 30 авг. 2016
Источник: suse-cvrf

Описание

Security update for fontconfig

This update for fontconfig fixes the following issues:

  • security update:
    • CVE-2016-5384: Possible double free due to insufficiently validated cache files [bsc#992534]

Список пакетов

SUSE Linux Enterprise Server 11 SP4
fontconfig-2.6.0-10.19.1
fontconfig-32bit-2.6.0-10.19.1
fontconfig-x86-2.6.0-10.19.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
fontconfig-2.6.0-10.19.1
fontconfig-32bit-2.6.0-10.19.1
fontconfig-x86-2.6.0-10.19.1
SUSE Linux Enterprise Software Development Kit 11 SP4
fontconfig-devel-2.6.0-10.19.1
fontconfig-devel-32bit-2.6.0-10.19.1

Ссылки

Описание

fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:fontconfig-2.6.0-10.19.1
SUSE Linux Enterprise Server 11 SP4:fontconfig-32bit-2.6.0-10.19.1
SUSE Linux Enterprise Server 11 SP4:fontconfig-x86-2.6.0-10.19.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:fontconfig-2.6.0-10.19.1
Ссылки