MGASA-2016-0287

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2016-0287.html

Import Source

https://advisories.mageia.org/MGASA-2016-0287.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2016-0287

Related

CVE-2016-5384

Published

2016-08-31T15:32:33Z

Modified

2016-08-31T15:20:50Z

Summary

Updated fontconfig packages fix security vulnerability

Details

Tobias Stoeckmann discovered that cache files are insufficiently validated in fontconfig, a generic font configuration library. An attacker can trigger arbitrary free() calls, which in turn allows double free attacks and therefore arbitrary code execution. In combination with setuid binaries using crafted cache files, this could allow privilege escalation (CVE-2016-5384).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:5 / fontconfig

Package

Name: fontconfig
Purl: pkg:rpm/mageia/fontconfig?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.11.1-4.1.mga5

Ecosystem specific

{
    "section": "core"
}