MiracleLinux 7 : fontconfig-2.10.95-10.el7 (AXSA:2016-1121:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2016-1121:01 advisory. Fontconfig is designed to locate fonts within the system and select them according to requirements specified by applications. Security issues fixed with this...

Linux Distros Unpatched Vulnerability : CVE-2016-5384

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and...

RHEL 6 : fontconfig (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - fontconfig: Possible double free due to insufficiently validated cache files CVE-2016-5384 Note that Nessus has not...

RHEL 6 : fontconfig (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - fontconfig: Possible double free due to insufficiently validated cache files CVE-2016-5384 Note that Nessus has not...

Huawei EulerOS: Security Advisory for fontconfig (EulerOS-SA-2016-1077)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: A vulnerability in fontconfig affects PowerKVM (CVE-2016-5384)

Summary PowerKVM is affected by a vulnerability in fontconfig. IBM has now addressed this vulnerability. Vulnerability Details CVEID: CVE-2016-5384 DESCRIPTION: Fontconfig could allow a local attacker to execute arbitrary code on the system, caused by the lack of offsets validation. By using a...

EulerOS 2.0 SP1 : fontconfig (EulerOS-SA-2016-1077)

According to the version of the fontconfig packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was found that cache files were insufficiently validated in fontconfig. A local attacker could create a specially crafted cache file to...

SUSE SLES11 Security Update : fontconfig (SUSE-SU-2016:2186-1)

This update for fontconfig fixes the following issues : - security update : - CVE-2016-5384: Possible double free due to insufficiently validated cache files bsc992534 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenabl...

SUSE SLED12 / SLES12 Security Update : fontconfig (SUSE-SU-2016:2190-1)

This update for fontconfig fixes the following issues : - security update : - CVE-2016-5384: Possible double free due to insufficiently validated cache files bsc992534 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenabl...

SUSE-SU-2016:2190-1 Security update for fontconfig

This update for fontconfig fixes the following issues: - security update: CVE-2016-5384: Possible double free due to insufficiently validated cache files bsc992534...

FreeBSD : fontconfig -- insufficiently cache file validation (44989c29-67d1-11e6-8b1d-c86000169601)

Debian security team reports : Tobias Stoeckmann discovered that cache files are insufficiently validated in fontconfig, a generic font configuration library. An attacker can trigger arbitrary free calls, which in turn allows double free attacks and therefore arbitrary code execution. In...

CVE-2016-5384

fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file...

CVE-2016-5384

fontconfig contains a vulnerability (CVE-2016-5384) due to unchecked cache offsets, allowing a local attacker to trigger arbitrary free calls and potentially execute code via a crafted cache file. Reports from multiple vendors describe the flaw as a local privilege scenario with possible arbitrar...

[SECURITY] [DSA 3644-1] fontconfig security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3644-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 08, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3644-1] fontconfig security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3644-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 08, 2016 https://www.debian.org/security/faq -...

Debian: Security Advisory (DSA-3644-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...