Explore top 10 tips to secure your open-source projects now. Read More
×
Date: Wed, 14 Dec 2016 18:00:22 -0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific LinuxFrom: Scott Reid Subject: Security ERRATA Moderate: fontconfig on SL7.x x86_64 MIME-Version: 1.0 Message-ID: <20161214180022.15406.26632@slpackages.fnal.gov> Synopsis: Moderate: fontconfig security and bug fix update Advisory ID: SLSA-2016:2601-2 Issue Date: 2016-11-03 CVE Numbers: CVE-2016-5384 -- Security Fix(es): * It was found that cache files were insufficiently validated in fontconfig. A local attacker could create a specially crafted cache file to trigger arbitrary free() calls, which in turn could lead to arbitrary code execution. (CVE-2016-5384) Additional Changes: -- SL7 x86_64 fontconfig-2.10.95-10.el7.i686.rpm fontconfig-2.10.95-10.el7.x86_64.rpm fontconfig-debuginfo-2.10.95-10.el7.i686.rpm fontconfig-debuginfo-2.10.95-10.el7.x86_64.rpm fontconfig-devel-2.10.95-10.el7.i686.rpm fontconfig-devel-2.10.95-10.el7.x86_64.rpm noarch fontconfig-devel-doc-2.10.95-10.el7.noarch.rpm - Scientific Linux Development Team