Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2016:2190-1

Опубликовано: 30 авг. 2016
Источник: suse-cvrf

Описание

Security update for fontconfig

This update for fontconfig fixes the following issues:

  • security update:
    • CVE-2016-5384: Possible double free due to insufficiently validated cache files [bsc#992534]

Список пакетов

SUSE Linux Enterprise Desktop 12 SP1
fontconfig-2.11.0-6.1
fontconfig-32bit-2.11.0-6.1
SUSE Linux Enterprise Server 12 SP1
fontconfig-2.11.0-6.1
fontconfig-32bit-2.11.0-6.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
fontconfig-2.11.0-6.1
fontconfig-32bit-2.11.0-6.1
SUSE Linux Enterprise Software Development Kit 12 SP1
fontconfig-devel-2.11.0-6.1

Ссылки

Описание

fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:fontconfig-2.11.0-6.1
SUSE Linux Enterprise Desktop 12 SP1:fontconfig-32bit-2.11.0-6.1
SUSE Linux Enterprise Server 12 SP1:fontconfig-2.11.0-6.1
SUSE Linux Enterprise Server 12 SP1:fontconfig-32bit-2.11.0-6.1
Ссылки