openSUSE-SU-2016:2272-1

Опубликовано: 09 сент. 2016

Источник: suse-cvrf

Описание

Security update for fontconfig

This update for fontconfig fixes the following issues:

security update:
- CVE-2016-5384: Possible double free due to insufficiently validated cache files [bsc#992534]

This update was imported from the SUSE:SLE-12:Update update project.

Список пакетов

openSUSE Leap 42.1

fontconfig-2.11.0-5.1

fontconfig-32bit-2.11.0-5.1

fontconfig-devel-2.11.0-5.1

fontconfig-devel-32bit-2.11.0-5.1

Ссылки

https://lists.opensuse.org/opensuse-updates/2016-09/msg00036.html
E-Mail link for openSUSE-SU-2016:2272-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file.

Затронутые продукты

openSUSE Leap 42.1:fontconfig-2.11.0-5.1

openSUSE Leap 42.1:fontconfig-32bit-2.11.0-5.1

openSUSE Leap 42.1:fontconfig-devel-2.11.0-5.1

openSUSE Leap 42.1:fontconfig-devel-32bit-2.11.0-5.1

Ссылки

https://www.suse.com/security/cve/CVE-2016-5384.html
CVE-2016-5384
https://bugzilla.suse.com/1123116
SUSE Bug 1123116
https://bugzilla.suse.com/992534
SUSE Bug 992534

openSUSE-SU-2016:2272-1

Описание

Список пакетов

openSUSE Leap 42.1

Ссылки

Уязвимость: CVE-2016-5384

Описание

Затронутые продукты

Ссылки