MiracleLinux 7 : fontconfig-2.10.95-10.el7 (AXSA:2016-1121:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2016-1121:01 advisory. Fontconfig is designed to locate fonts within the system and select them according to requirements specified by applications. Security issues fixed with this...

Linux Distros Unpatched Vulnerability : CVE-2016-5384

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and...

RHEL 6 : fontconfig (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - fontconfig: Possible double free due to insufficiently validated cache files CVE-2016-5384 Note that Nessus has not...

RHEL 6 : fontconfig (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - fontconfig: Possible double free due to insufficiently validated cache files CVE-2016-5384 Note that Nessus has not...

Huawei EulerOS: Security Advisory for fontconfig (EulerOS-SA-2016-1077)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: A vulnerability in fontconfig affects PowerKVM (CVE-2016-5384)

Summary PowerKVM is affected by a vulnerability in fontconfig. IBM has now addressed this vulnerability. Vulnerability Details CVEID: CVE-2016-5384 DESCRIPTION: Fontconfig could allow a local attacker to execute arbitrary code on the system, caused by the lack of offsets validation. By using a...

EulerOS 2.0 SP1 : fontconfig (EulerOS-SA-2016-1077)

According to the version of the fontconfig packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was found that cache files were insufficiently validated in fontconfig. A local attacker could create a specially crafted cache file to...

SUSE SLED12 / SLES12 Security Update : fontconfig (SUSE-SU-2016:2190-1)

This update for fontconfig fixes the following issues : - security update : - CVE-2016-5384: Possible double free due to insufficiently validated cache files bsc992534 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenabl...

SUSE SLES11 Security Update : fontconfig (SUSE-SU-2016:2186-1)

This update for fontconfig fixes the following issues : - security update : - CVE-2016-5384: Possible double free due to insufficiently validated cache files bsc992534 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenabl...

SUSE-SU-2016:2190-1 Security update for fontconfig

This update for fontconfig fixes the following issues: - security update: CVE-2016-5384: Possible double free due to insufficiently validated cache files bsc992534...

FreeBSD : fontconfig -- insufficiently cache file validation (44989c29-67d1-11e6-8b1d-c86000169601)

Debian security team reports : Tobias Stoeckmann discovered that cache files are insufficiently validated in fontconfig, a generic font configuration library. An attacker can trigger arbitrary free calls, which in turn allows double free attacks and therefore arbitrary code execution. In...

CVE-2016-5384

fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file...

CVE-2016-5384

fontconfig contains a vulnerability (CVE-2016-5384) due to unchecked cache offsets, allowing a local attacker to trigger arbitrary free calls and potentially execute code via a crafted cache file. Reports from multiple vendors describe the flaw as a local privilege scenario with possible arbitrar...

[SECURITY] [DSA 3644-1] fontconfig security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3644-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 08, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3644-1] fontconfig security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3644-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 08, 2016 https://www.debian.org/security/faq -...

Debian: Security Advisory (DSA-3644-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...