it-securitynotifies AT lists.piratenpartei.de
Betreff: Sicherheitsankündigungen
Listenarchiv
- From: Salvatore Bonaccorso <carnil AT debian.org>
- To: debian-security-announce AT lists.debian.org
- Subject: [IT-SecNots] [SECURITY] [DSA 3644-1] fontconfig security update
- Date: Mon, 08 Aug 2016 16:36:46 +0000
- List-archive: https://lists.debian.org/msgid-search/E1bWnXi-0005zY-Er AT master.debian.org
- List-id: <debian-security-announce.lists.debian.org>
- List-url: <http://lists.debian.org/debian-security-announce/>
- Old-return-path: <carnil AT master.debian.org>
- Priority: urgent
- Resent-date: Mon, 8 Aug 2016 16:37:05 +0000 (UTC)
- Resent-from: debian-security-announce AT lists.debian.org
- Resent-message-id: <E_98PffYhKN.A.YoD.wULqXB@bendel>
- Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-3644-1 security AT debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
August 08, 2016 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : fontconfig
CVE ID : CVE-2016-5384
Debian Bug : 833570
Tobias Stoeckmann discovered that cache files are insufficiently
validated in fontconfig, a generic font configuration library. An
attacker can trigger arbitrary free() calls, which in turn allows double
free attacks and therefore arbitrary code execution. In combination with
setuid binaries using crafted cache files, this could allow privilege
escalation.
For the stable distribution (jessie), this problem has been fixed in
version 2.11.0-6.3+deb8u1.
For the unstable distribution (sid), this problem has been fixed in
version 2.11.0-6.5.
We recommend that you upgrade your fontconfig packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJXqLSmAAoJEAVMuPMTQ89EiD4P/3KOmBFD+qXc+z3bYbaIU4ED
1D/y9kj6janO2Ud1A/BhGarBcMIUIeB2qzpFmPv4bvGUfzmqMu5gQu820A09ua5W
ACkV6cBkhCHFXQLgE5ACnVG/tz3bZjr41t6G7UIsyi0/GSTNkE2cgx8rYLERdGX9
EkU8HzSGUE9ksVCIDH55pjUOfpEWhS55IVkCq/dj7X6PpcgUyUfVeJto35UaaYJa
rfu+Wqz4MQ94L1x/U86+/7Px1VCAkf0UihyOwdpWVroPeMmHOq9ufx+A6m+S2UEO
JV/JyVb0f8oMlgKtogSdbOHXeC2WoodSZuvFn9/Tphr0urr28cwQaxxBCDzo6jCX
MEnTLgk/CCb2AymdtFdTnrCxzJRr65Y+7BkaH04uByBqZsz013frkAtSq4X+cDVQ
25OlvaCOx8cxdSQ5RfOxDaE9y8/YJ7g29aX6YMjL3WBAVbFXyjfQgR4BGnLT/ISC
AgStUOC1kxITMHfIh7WcAcxf2ERaZ9XMb639gn6WNBXveEk/97QqiRzFBjki42tu
FRYk5sBU9dphdlWCazVdi438r7phmZ5imPC2GSP5InoOQ3n56nftTeFHik92r1cU
BMYK2XNs0lLBwTYYtONgxeUOAByP2QY7JpNnYDju6mLRu5jLs/AT8KevUGE8mQnr
T5vbbxehs6hL+4yESxjk
=eJpz
-----END PGP SIGNATURE-----
- [IT-SecNots] [SECURITY] [DSA 3644-1] fontconfig security update, Salvatore Bonaccorso, 08.08.2016
Archiv bereitgestellt durch MHonArc 2.6.19.