|Category:||Red Hat Local Security Checks|
|Title:||RedHat Update for fontconfig RHSA-2016:2601-02|
|Summary:||The remote host is missing an update for the 'fontconfig'; package(s) announced via the referenced advisory.|
The remote host is missing an update for the 'fontconfig'
package(s) announced via the referenced advisory.
Fontconfig is designed to locate fonts
within the system and select them according to requirements specified by
* It was found that cache files were insufficiently validated in
fontconfig. A local attacker could create a specially crafted cache file to
trigger arbitrary free() calls, which in turn could lead to arbitrary code
Red Hat would like to thank Tobias Stoeckmann for reporting this issue.
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 7.3 Release Notes linked from the References section.
fontconfig on Red Hat Enterprise Linux Server (v. 7)
Please Install the Updated Packages.
Common Vulnerability Exposure (CVE) ID: CVE-2016-5384|
BugTraq ID: 92339
Debian Security Information: DSA-3644 (Google Search)
RedHat Security Advisories: RHSA-2016:2601
|Copyright||Copyright (C) 2016 Greenbone Networks GmbH|
|This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.