Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 1 articles for you...
219
security advisorysecurity issueremote accessRocky Linux 9 mingw-libc Essential Update Notice RLU-2026-4719
Important: mingw-fontconfig security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:3407", "synopsis": "Important: mingw-fontconfig security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for mingw-fontconfig.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "MinGW Windows Fontconfig library.\n\nSecurity Fix(es):\n\n* expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing (CVE-2025-59375)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2395108", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108", "description": ""}], "cves": [{"name": "CVE-2025-59375", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59375", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "cvss3BaseScore": "5.3", "cwe": "CWE-770"}], "references": [], "publishedAt": "2026-03-03T09:07:14.545345Z", "rpms": {"Rocky Linux 8": {"nvras": ["mingw32-fontconfig-0:2.12.6-4.el8_10.noarch.rpm", "mingw32-fontconfig-debuginfo-0:2.12.6-4.el8_10.noarch.rpm", "mingw64-fontconfig-0:2.12.6-4.el8_10.noarch.rpm", "mingw64-fontconfig-debuginfo-0:2.12.6-4.el8_10.noarch.rpm", "mingw-fontconfig-0:2.12.6-4.el8_10.src.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. ], 'cves': [], 'references': [], 'publishedAt': '2026-03-03T09:07:14.545345Z', 'rpms': }, 'rebootSug. important, mingw-fontconfig, security, update, 'cves', 'references', 'publishedat', '2026-03. . Severity: Important. LinuxSecurity.com Team
Mar 03, 2026
•Important
Rocky Linux
217
security advisoryupdatevulnerabilityOracle Linux 8 mingw-fontconfig Important Security Advisory ELSA-2026-3407
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-3407 http://linux.oracle.com/errata/ELSA-2026-3407.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: mingw32-fontconfig-2.12.6-4.el8_10.noarch.rpm mingw64-fontconfig-2.12.6-4.el8_10.noarch.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/mingw-fontconfig-2.12.6-4.el8_10.src.rpm Related CVEs: CVE-2025-59375 Description of changes: [2.12.6-4] - Rebuilt with mingw-expat fix Related: RHEL-114628 _______________________________________________ El-errata mailing list
Feb 27, 2026
•Important
Oracle
200
security advisorymoderatesecurity issueSciLinux SL7: 2016-2601-2 Moderate: Fontconfig Arbitrary Code Execution
Moderate: fontconfig security and bug fix update. Date: Wed, 14 Dec 2016 18:00:22 -0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific Linux From: Scott Reid Subject: Security ERRATA Moderate: fontconfig on SL7.x x86_64 MIME-Version: 1.0 Message-ID: Synopsis: Moderate: fontconfig security and bug fix update Advisory ID: SLSA-2016:2601-2 Issue Date: 2016-11-03 CVE Numbers: CVE-2016-5384 -- Security Fix(es): * It was found that cache files were insufficiently validated in fontconfig. A local attacker could create a specially crafted cache file to trigger arbitrary free() calls, which in turn could lead to arbitrary code execution. (CVE-2016-5384) Additional Changes: -- SL7 x86_64 fontconfig-2.10.95-10.el7.i686.rpm fontconfig-2.10.95-10.el7.x86_64.rpm fontconfig-debuginfo-2.10.95-10.el7.i686.rpm fontconfig-debuginfo-2.10.95-10.el7.x86_64.rpm fontconfig-devel-2.10.95-10.el7.i686.rpm fontconfig-devel-2.10.95-10.el7.x86_64.rpm noarch fontconfig-devel-doc-2.10.95-10.el7.noarch.rpm - Scientific Linux Development Team . Important patch release for fontconfig in SL7.x tackles issues with cache validation. Essential for maintaining system reliability.. fontconfig update, SL7 security, moderate advisory. . LinuxSecurity.com Team
Dec 14, 2016
Scientific Linux
98
security advisoryRed Hatsoftware updateRed Hat 7 RHSA-2016:2601-02 Moderate: Fontconfig Code Execution Risk
An update for fontconfig is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: fontconfig security and bug fix update Advisory ID: RHSA-2016:2601-02 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2016:2601.html Issue date: 2016-11-03 CVE Names: CVE-2016-5384 ==================================================================== 1. Summary: An update for fontconfig is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch 3. Description: Fontconfig is designed to locate fonts within the system and select them according to requirements specified by applications. Security Fix(es): * It was found that cache files were insufficiently validated in fontconfig. A local attacker could create a specially crafted cache file to trigger arbitrary free() calls, which inturn could lead to arbitrary code execution. (CVE-2016-5384) Red Hat would like to thank Tobias Stoeckmann for reporting this issue. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1073460 - Make alias Consolas displaying DejaVu Sans Mono 1350891 - CVE-2016-5384 fontconfig: Possible double free due to insufficiently validated cache files 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: fontconfig-2.10.95-10.el7.src.rpm x86_64: fontconfig-2.10.95-10.el7.i686.rpm fontconfig-2.10.95-10.el7.x86_64.rpm fontconfig-debuginfo-2.10.95-10.el7.i686.rpm fontconfig-debuginfo-2.10.95-10.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: fontconfig-devel-doc-2.10.95-10.el7.noarch.rpm x86_64: fontconfig-debuginfo-2.10.95-10.el7.i686.rpm fontconfig-debuginfo-2.10.95-10.el7.x86_64.rpm fontconfig-devel-2.10.95-10.el7.i686.rpm fontconfig-devel-2.10.95-10.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: fontconfig-2.10.95-10.el7.src.rpm x86_64: fontconfig-2.10.95-10.el7.i686.rpm fontconfig-2.10.95-10.el7.x86_64.rpm fontconfig-debuginfo-2.10.95-10.el7.i686.rpm fontconfig-debuginfo-2.10.95-10.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: fontconfig-devel-doc-2.10.95-10.el7.noarch.rpm x86_64: fontconfig-debuginfo-2.10.95-10.el7.i686.rpm fontconfig-debuginfo-2.10.95-10.el7.x86_64.rpm fontconfig-devel-2.10.95-10.el7.i686.rpm fontconfig-devel-2.10.95-10.el7.x86_64.rpm Red Hat Enterprise Linux Server (v.7): Source: fontconfig-2.10.95-10.el7.src.rpm aarch64: fontconfig-2.10.95-10.el7.aarch64.rpm fontconfig-debuginfo-2.10.95-10.el7.aarch64.rpm fontconfig-devel-2.10.95-10.el7.aarch64.rpm ppc64: fontconfig-2.10.95-10.el7.ppc.rpm fontconfig-2.10.95-10.el7.ppc64.rpm fontconfig-debuginfo-2.10.95-10.el7.ppc.rpm fontconfig-debuginfo-2.10.95-10.el7.ppc64.rpm fontconfig-devel-2.10.95-10.el7.ppc.rpm fontconfig-devel-2.10.95-10.el7.ppc64.rpm ppc64le: fontconfig-2.10.95-10.el7.ppc64le.rpm fontconfig-debuginfo-2.10.95-10.el7.ppc64le.rpm fontconfig-devel-2.10.95-10.el7.ppc64le.rpm s390x: fontconfig-2.10.95-10.el7.s390.rpm fontconfig-2.10.95-10.el7.s390x.rpm fontconfig-debuginfo-2.10.95-10.el7.s390.rpm fontconfig-debuginfo-2.10.95-10.el7.s390x.rpm fontconfig-devel-2.10.95-10.el7.s390.rpm fontconfig-devel-2.10.95-10.el7.s390x.rpm x86_64: fontconfig-2.10.95-10.el7.i686.rpm fontconfig-2.10.95-10.el7.x86_64.rpm fontconfig-debuginfo-2.10.95-10.el7.i686.rpm fontconfig-debuginfo-2.10.95-10.el7.x86_64.rpm fontconfig-devel-2.10.95-10.el7.i686.rpm fontconfig-devel-2.10.95-10.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: fontconfig-devel-doc-2.10.95-10.el7.noarch.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: fontconfig-2.10.95-10.el7.src.rpm x86_64: fontconfig-2.10.95-10.el7.i686.rpm fontconfig-2.10.95-10.el7.x86_64.rpm fontconfig-debuginfo-2.10.95-10.el7.i686.rpm fontconfig-debuginfo-2.10.95-10.el7.x86_64.rpm fontconfig-devel-2.10.95-10.el7.i686.rpm fontconfig-devel-2.10.95-10.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: fontconfig-devel-doc-2.10.95-10.el7.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7.References: https://access.redhat.com/security/cve/CVE-2016-5384 https://access.redhat.com/security/updates/classification#moderate https://docs.redhat.com/en/documentation/Red_Hat_Enterprise_Linux/7/html/7.3_Release_Notes/index.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYGv1RXlSAg2UNWIIRAm1vAJ9EjVS0vTmDKbimlp+526MLhu9s/QCdF5Kf 9c1GsyONhGqBhJjZu5gz5fw=SWKY -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Nov 03, 2016
Red Hat
172
security advisorycriticalprivilege escalationUbuntu 16.04 LTS: USN-3063-1 Critical Fontconfig Exploit
Fontconfig be made to crash or run programs if it opened a specially crafted file.. =========================================================================Ubuntu Security Notice USN-3063-1 August 17, 2016 fontconfig vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: Fontconfig be made to crash or run programs if it opened a specially crafted file. Software Description: - fontconfig: generic font configuration library Details: Tobias Stoeckmann discovered that Fontconfig incorrectly handled cache files. A local attacker could possibly use this issue with a specially crafted cache file to elevate privileges. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: fontconfig 2.11.94-0ubuntu1.1 libfontconfig1 2.11.94-0ubuntu1.1 Ubuntu 14.04 LTS: fontconfig 2.11.0-0ubuntu4.2 libfontconfig1 2.11.0-0ubuntu4.2 Ubuntu 12.04 LTS: fontconfig 2.8.0-3ubuntu9.2 libfontconfig1 2.8.0-3ubuntu9.2 After a standard system update you need to restart your session to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-3063-1 CVE-2016-5384 Package Information: https://launchpad.net/ubuntu/+source/fontconfig/2.11.94-0ubuntu1.1 https://launchpad.net/ubuntu/+source/fontconfig/2.11.0-0ubuntu4.2 https://launchpad.net/ubuntu/+source/fontconfig/2.8.0-3ubuntu9.2 . A vulnerability in fontconfig can enable local attackers to manipulate cache files, compromising Ubuntu versions 16.04, 14.04, and 12.04 LTS.. Fontconfig Exploit, Ubuntu Security Update, Cache File Issue. . Severity: Critical. LinuxSecurity.com Team
Aug 17, 2016
•Critical
Ubuntu
87
security advisorycriticalprivilege escalationDebian: DSA-3644-1 Critical: Fontconfig Code Execution Exploit
Tobias Stoeckmann discovered that cache files are insufficiently validated in fontconfig, a generic font configuration library. An attacker can trigger arbitrary free() calls, which in turn allows double free attacks and therefore arbitrary code execution. In combination with . - ------------------------------------------------------------------------- Debian Security Advisory DSA-3644-1
Aug 08, 2016
•Critical
Debian
99
security advisoryinstallation instructionsSlackwareSlackware 11.0: SSA:2007-110-01 Critical: x11 Fontconfig Issue Fix
A new x11-6.9.0-i486-14_slack11.0.tgz patch is available for Slackware 11.0 to fix the inadvertent inclusion of two old fontconfig binaries. Installing the original fontconfig patch followed by the original x11 patch would cause fc-cache and fc-list to be overwritten by old versions, breaking fontconfig. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] Slackware 11.0 x11-6.9.0 patch fix (SSA:2007-110-01) A new x11-6.9.0-i486-14_slack11.0.tgz patch is available for Slackware 11.0 to fix the inadvertent inclusion of two old fontconfig binaries. Installing the original fontconfig patch followed by the original x11 patch would cause fc-cache and fc-list to be overwritten by old versions, breaking fontconfig. To fix the issue, reinstall the fontconfig patch. The x11 package has been updated so that installation will not be order-specific for anyone fetching the patches now. Sorry for the inconvenience. Here are the details from the Slackware 11.0 ChangeLog: +--------------------------+ patches/packages/x11-6.9.0-i486-14_slack11.0.tgz: Removed old versions of fc-cache and fc-list. Somehow a couple of old fontconfig binaries snuck into this package, and prevent fc-cache from working properly at boot (or any other time). If you've already installed these upgrades, reinstalling the fontconfig package will fix the issue. If you do that, there's no need to reinstall this new x11 package -- it's been fixed so that there's no longer a problem with the package install order (and because those fc-* binaries didn't belong there). Sorry for any inconvenience... Thanks to Petri Kaukasoina for pointing this out. (* Fix *) +--------------------------+ Where to find the new package: +-----------------------------+ HINT: Getting slow download speeds from ftp.slackware.com? Give slackware.osuosl.org a try. This is another primary FTP site for Slackware that can be considerably faster than downloading from ftp.slackware.com. Thanks to the friendly folks at the OSU Open SourceLab (https://osuosl.org/) for donating additional FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware 11.0: ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/x11-6.9.0-i486-14_slack11.0.tgz MD5 signatures: +-------------+ Slackware 11.0 package: dd7b984b91576d65b829074963dd8bd0 x11-6.9.0-i486-14_slack11.0.tgz Installation instructions: +------------------------+ If you already have x11-6.9.0-i486-13_slack11.0.tgz, check the version of fc-cache. It should be 2.4.2: # fc-cache --version fontconfig version 2.4.2 If not, reinstall the fontconfig package: # upgradepkg --reinstall fontconfig-2.4.2-i486-1_slack11.0.tgz If you don't yet have the new x11, fontconfig, and freetype patches, the versions in slackware-11.0/patches/packages may be installed with upgradepkg in no particular order. +-----+ . Slackware 12.2 update resolves outdated fontconfig executables conflict related to x11-7.1.0.. slackware update,fontconfig fix,x11 patch,security advisory,software update. . Severity: Critical. LinuxSecurity.com Team
Apr 20, 2007
•Critical
Slackware
99
security advisorycritical fixslackwareSlackware 10.1-11.0 SSA:2007-109-01 Critical Freetype Overflow Fix
New x11 and/or freetype and fontconfig packages are available for Slackware 10.1, 10.2, 11.0, and -current to fix security issues in freetype. Freetype was packaged with X11 prior to Slackware version 11.0. More details about this issue may be found in the Common . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] freetype (SSA:2007-109-01) New x11 and/or freetype and fontconfig packages are available for Slackware 10.1, 10.2, 11.0, and -current to fix security issues in freetype. Freetype was packaged with X11 prior to Slackware version 11.0. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: https://www.cve.org/CVERecord?id=CVE-2007-1351 Here are the details from the Slackware 11.0 ChangeLog: +--------------------------+ patches/packages/freetype-2.3.4-i486-1_slack11.0.tgz: Fixed an overflow parsing BDF fonts. For more information, see: https://www.cve.org/CVERecord?id=CVE-2007-1351 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ HINT: Getting slow download speeds from ftp.slackware.com? Give slackware.osuosl.org a try. This is another primary FTP site for Slackware that can be considerably faster than downloading from ftp.slackware.com. Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating additional FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated packages for Slackware 10.1: Updated packages for Slackware 10.2: Updated packages for Slackware 11.0: ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/x11-xdmx-6.9.0-i486-13_slack11.0.tgz ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/x11-xnest-6.9.0-i486-13_slack11.0.tgz ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/x11-xvfb-6.9.0-i486-13_slack11.0.tgz Updated package for Slackware-current: MD5 signatures: +-------------+ Slackware 10.1 packages: f43963a12395187f84a5a893a9b49b08 x11-6.8.1-i486-6_slack10.1.tgz d50e827c4b6662dcad766a7bd7a21a65 x11-devel-6.8.1-i486-6_slack10.1.tgz cef7148c39d423ecab3e2ccccd3adb84 x11-xdmx-6.8.1-i486-6_slack10.1.tgz f14c00ed7581968f0b1f48090ff3b88e x11-xnest-6.8.1-i486-6_slack10.1.tgz 578877ff6ce1d31ac4260ef6aeee9782 x11-xvfb-6.8.1-i486-6_slack10.1.tgz Slackware 10.2 packages: 391c07940d6953297bf5c8f34d3e9d08 x11-6.8.2-i486-9_slack10.2.tgz 964ad494c2b38a2b6691d4146edf38f0 x11-devel-6.8.2-i486-9_slack10.2.tgz e0abb822a02da4189999ed3ec728cc7f x11-xdmx-6.8.2-i486-9_slack10.2.tgz 355e7d7b950271c9113c041be6987574 x11-xnest-6.8.2-i486-9_slack10.2.tgz a19ad4440384fe676fb5ba39d781a0ed x11-xvfb-6.8.2-i486-9_slack10.2.tgz Slackware 11.0 packages: 54347dc1526ece8d23c43b4b9fb19ece fontconfig-2.4.2-i486-1_slack11.0.tgz db824c40a99a28faa622ffa1dd6c147c freetype-2.3.4-i486-1_slack11.0.tgz 2364ff264047eb9a7055a7d3ed82ffdc x11-6.9.0-i486-13_slack11.0.tgz 9e177d82b3d9e48ccfca95ac556771ef x11-devel-6.9.0-i486-13_slack11.0.tgz 0b42fd71db86207b08987316ed567210 x11-xdmx-6.9.0-i486-13_slack11.0.tgz 3bac6d7d422dc015f7d99db93b61a9ca x11-xnest-6.9.0-i486-13_slack11.0.tgz a523bce573612986a59aa39214dffc9d x11-xvfb-6.9.0-i486-13_slack11.0.tgz Slackware -current package: e37bde7696812341354b94fef81e4b91 freetype-2.3.4-i486-1.tgz Installation instructions: +------------------------+ Upgrade the packages as root: # upgradepkg fontconfig-2.4.2-i486-1_slack11.0.tgz \ freetype-2.3.4-i486-1_slack11.0.tgz x11-6.9.0-i486-13_slack11.0.tgz \ x11-devel-6.9.0-i486-13_slack11.0.tgz \ x11-xdmx-6.9.0-i486-13_slack11.0.tgz \ x11-xnest-6.9.0-i486-13_slack11.0.tgz \ x11-xvfb-6.9.0-i486-13_slack11.tgz +-----+ . Recent updates for freetype and fontconfig in Slackware have resolved significant security vulnerabilities associated with font management.. Freetype Fix, Slackware Update, Fontconfig Security. . Severity: Critical. LinuxSecurity.com Team
Apr 20, 2007
•Critical
Slackware
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!