|Category:||Debian Local Security Checks|
|Title:||Debian Security Advisory DSA 3644-1 (fontconfig - security update)|
|Summary:||Tobias Stoeckmann discovered that cache;files are insufficiently validated in fontconfig, a generic font configuration library. An;attacker can trigger arbitrary free() calls, which in turn allows double;free attacks and therefore arbitrary code execution. In combination with;setuid binaries using crafted cache files, this could allow privilege;escalation.|
Tobias Stoeckmann discovered that cache
files are insufficiently validated in fontconfig, a generic font configuration library. An
attacker can trigger arbitrary free() calls, which in turn allows double
free attacks and therefore arbitrary code execution. In combination with
setuid binaries using crafted cache files, this could allow privilege
fontconfig on Debian Linux
For the stable distribution (jessie), this
problem has been fixed in version 2.11.0-6.3+deb8u1.
For the unstable distribution (sid), this problem has been fixed in
We recommend that you upgrade your fontconfig packages.
Common Vulnerability Exposure (CVE) ID: CVE-2016-5384|
BugTraq ID: 92339
Debian Security Information: DSA-3644 (Google Search)
RedHat Security Advisories: RHSA-2016:2601
|Copyright||Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net|
|This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.