Debian Security Advisory 3644-1

Debian Security Advisory 3644-1: Posted Aug 8, 2016; Authored by Debian | Site debian.org; Debian Linux Security Advisory 3644-1 - Tobias Stoeckmann discovered that cache files are insufficiently validated in fontconfig, a generic font configuration library. An attacker can trigger arbitrary free() calls, which in turn allows double free attacks and therefore arbitrary code execution. In combination with setuid binaries using crafted cache files, this could allow privilege escalation.; tags | advisory, arbitrary, code execution; systems | linux, debian; advisories | CVE-2016-5384; SHA-256 | 000cb9fd32aae09b27f1aa25c7b206d1852d92f35bde68b197699c3748653b2c; Download | Favorite | View

Debian Security Advisory 3644-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3644-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
August 08, 2016                       https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : fontconfig
CVE ID         : CVE-2016-5384
Debian Bug     : 833570

Tobias Stoeckmann discovered that cache files are insufficiently
validated in fontconfig, a generic font configuration library. An
attacker can trigger arbitrary free() calls, which in turn allows double
free attacks and therefore arbitrary code execution. In combination with
setuid binaries using crafted cache files, this could allow privilege
escalation.

For the stable distribution (jessie), this problem has been fixed in
version 2.11.0-6.3+deb8u1.

For the unstable distribution (sid), this problem has been fixed in
version 2.11.0-6.5.

We recommend that you upgrade your fontconfig packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJXqLSmAAoJEAVMuPMTQ89EiD4P/3KOmBFD+qXc+z3bYbaIU4ED
1D/y9kj6janO2Ud1A/BhGarBcMIUIeB2qzpFmPv4bvGUfzmqMu5gQu820A09ua5W
ACkV6cBkhCHFXQLgE5ACnVG/tz3bZjr41t6G7UIsyi0/GSTNkE2cgx8rYLERdGX9
EkU8HzSGUE9ksVCIDH55pjUOfpEWhS55IVkCq/dj7X6PpcgUyUfVeJto35UaaYJa
rfu+Wqz4MQ94L1x/U86+/7Px1VCAkf0UihyOwdpWVroPeMmHOq9ufx+A6m+S2UEO
JV/JyVb0f8oMlgKtogSdbOHXeC2WoodSZuvFn9/Tphr0urr28cwQaxxBCDzo6jCX
MEnTLgk/CCb2AymdtFdTnrCxzJRr65Y+7BkaH04uByBqZsz013frkAtSq4X+cDVQ
25OlvaCOx8cxdSQ5RfOxDaE9y8/YJ7g29aX6YMjL3WBAVbFXyjfQgR4BGnLT/ISC
AgStUOC1kxITMHfIh7WcAcxf2ERaZ9XMb639gn6WNBXveEk/97QqiRzFBjki42tu
FRYk5sBU9dphdlWCazVdi438r7phmZ5imPC2GSP5InoOQ3n56nftTeFHik92r1cU
BMYK2XNs0lLBwTYYtONgxeUOAByP2QY7JpNnYDju6mLRu5jLs/AT8KevUGE8mQnr
T5vbbxehs6hL+4yESxjk
=eJpz
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 300 files
Ubuntu 63 files
Debian 20 files
LiquidWorm 19 files
Apple 9 files
Gentoo 5 files
Google Security Research 4 files
Alter Prime 3 files
Chokri Hammedi 3 files
nu11secur1ty 2 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,163)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,928)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,326)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,981)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

Debian Security Advisory 3644-1

Debian Security Advisory 3644-1

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 3644-1

Share This

Debian Security Advisory 3644-1

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems