Lucene search
RedHatRHSA-2016:2601HistoryNov 03, 2016 - 6:07 a.m.
(RHSA-2016:2601) Moderate: fontconfig security and bug fix update
2016-11-0306:07:16
access.redhat.com
11
0.0004 Low
EPSS
Percentile
5.1%
Fontconfig is designed to locate fonts within the system and select them according to requirements specified by applications.
Security Fix(es):
- It was found that cache files were insufficiently validated in fontconfig. A local attacker could create a specially crafted cache file to trigger arbitrary free() calls, which in turn could lead to arbitrary code execution. (CVE-2016-5384)
Red Hat would like to thank Tobias Stoeckmann for reporting this issue.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | 7 | s390x | fontconfig-devel | < 2.10.95-10.el7 | fontconfig-devel-2.10.95-10.el7.s390x.rpm |
| RedHat | 7 | aarch64 | fontconfig-devel | < 2.10.95-10.el7 | fontconfig-devel-2.10.95-10.el7.aarch64.rpm |
| RedHat | 7 | x86_64 | fontconfig-debuginfo | < 2.10.95-10.el7 | fontconfig-debuginfo-2.10.95-10.el7.x86_64.rpm |
| RedHat | 7 | ppc | fontconfig | < 2.10.95-10.el7 | fontconfig-2.10.95-10.el7.ppc.rpm |
| RedHat | 7 | s390 | fontconfig-devel | < 2.10.95-10.el7 | fontconfig-devel-2.10.95-10.el7.s390.rpm |
| RedHat | 7 | noarch | fontconfig-devel-doc | < 2.10.95-10.el7 | fontconfig-devel-doc-2.10.95-10.el7.noarch.rpm |
| RedHat | 7 | ppc | fontconfig-debuginfo | < 2.10.95-10.el7 | fontconfig-debuginfo-2.10.95-10.el7.ppc.rpm |
| RedHat | 7 | ppc64le | fontconfig-devel | < 2.10.95-10.el7 | fontconfig-devel-2.10.95-10.el7.ppc64le.rpm |
| RedHat | 7 | ppc64 | fontconfig | < 2.10.95-10.el7 | fontconfig-2.10.95-10.el7.ppc64.rpm |
| RedHat | 7 | i686 | fontconfig-debuginfo | < 2.10.95-10.el7 | fontconfig-debuginfo-2.10.95-10.el7.i686.rpm |
Related
nessus
nessus
Ubuntu 14.04 LTS / 16.04 LTS : Fontconfig vulnerability (USN-3063-1)
2016-08-18 00:00:00
Debian DLA-587-1 : fontconfig security update
2016-08-10 00:00:00
freebsd
freebsd
fontconfig -- insufficiently cache file validation
2016-08-05 00:00:00
openvas
openvas
Debian Security Advisory DSA 3644-1 (fontconfig - security update)
2016-08-08 00:00:00
Huawei EulerOS: Security Advisory for fontconfig (EulerOS-SA-2016-1077)
2020-01-23 00:00:00
Mageia: Security Advisory (MGASA-2016-0287)
2022-01-28 00:00:00
centos
centos
fontconfig security update
2016-11-25 15:24:27
osv
osv
fontconfig - security update
2016-08-09 00:00:00
fontconfig - security update
2016-08-08 00:00:00
oraclelinux
oraclelinux
fontconfig security and bug fix update
2016-11-09 00:00:00
cloudfoundry
cloudfoundry
USN-3063-1 Fontconfig vulnerability | Cloud Foundry
2016-08-25 00:00:00
ibm
ibm
ubuntu
ubuntu
Fontconfig vulnerability
2016-08-17 00:00:00
debian
debian
[SECURITY] [DLA 587-1] fontconfig security update
2016-08-09 15:08:42
[SECURITY] [DSA 3644-1] fontconfig security update
2016-08-08 16:36:46
[SECURITY] [DSA 3644-1] fontconfig security update
2016-08-08 16:36:46
fedora
fedora
[SECURITY] Fedora 24 Update: fontconfig-2.11.94-7.fc24
2016-08-08 20:30:44
[SECURITY] Fedora 23 Update: fontconfig-2.11.94-5.fc23
2016-08-18 00:53:57
mageia
mageia
Updated fontconfig packages fix security vulnerability
2016-08-31 18:32:33
debiancve
debiancve
CVE-2016-5384
2016-08-13 01:59:05
cvelist
cvelist
CVE-2016-5384
2016-08-12 16:00:00
redhatcve
redhatcve
CVE-2016-5384
2016-12-15 20:18:56
prion
prion
Double free
2016-08-13 01:59:00
ubuntucve
ubuntucve
CVE-2016-5384
2016-08-08 00:00:00
nvd
nvd
CVE-2016-5384
2016-08-13 01:59:05
cve
cve
CVE-2016-5384
2016-08-13 01:59:05