SciLinux: 2016-2601-2 Moderate: Fontconfig Security Update

SciLinux SL7: 2016-2601-2 Moderate: Fontconfig Arbitrary Code Execution

Moderate: fontconfig security and bug fix update

Date: Wed, 14 Dec 2016 18:00:22 -0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Scott Reid 
Subject: Security ERRATA Moderate: fontconfig on SL7.x x86_64
MIME-Version: 1.0
Message-ID: <20161214180022.15406.26632@slpackages.fnal.gov>

Synopsis: Moderate: fontconfig security and bug fix update
Advisory ID: SLSA-2016:2601-2
Issue Date: 2016-11-03
CVE Numbers: CVE-2016-5384
--

Security Fix(es):

* It was found that cache files were insufficiently validated in
fontconfig. A local attacker could create a specially crafted cache file
to trigger arbitrary free() calls, which in turn could lead to arbitrary
code execution. (CVE-2016-5384)

Additional Changes:
--

SL7
 x86_64
 fontconfig-2.10.95-10.el7.i686.rpm
 fontconfig-2.10.95-10.el7.x86_64.rpm
 fontconfig-debuginfo-2.10.95-10.el7.i686.rpm
 fontconfig-debuginfo-2.10.95-10.el7.x86_64.rpm
 fontconfig-devel-2.10.95-10.el7.i686.rpm
 fontconfig-devel-2.10.95-10.el7.x86_64.rpm
 noarch
 fontconfig-devel-doc-2.10.95-10.el7.noarch.rpm

- Scientific Linux Development Team