Red Hat Local Security Checks : RedHat Update for fontconfig RHSA-2016:2601-02

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.871704

Categoría: Red Hat Local Security Checks

Título: RedHat Update for fontconfig RHSA-2016:2601-02

Resumen: The remote host is missing an update for the 'fontconfig'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'fontconfig'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Fontconfig is designed to locate fonts
within the system and select them according to requirements specified by
applications.

Security Fix(es):

* It was found that cache files were insufficiently validated in
fontconfig. A local attacker could create a specially crafted cache file to
trigger arbitrary free() calls, which in turn could lead to arbitrary code
execution. (CVE-2016-5384)

Red Hat would like to thank Tobias Stoeckmann for reporting this issue.

Additional Changes:

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 7.3 Release Notes linked from the References section.

Affected Software/OS:
fontconfig on Red Hat Enterprise Linux Server (v. 7)

Solution:
Please Install the Updated Packages.

CVSS Score:
4.6

CVSS Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2016-5384
92339
http://www.securityfocus.com/bid/92339
DSA-3644
http://www.debian.org/security/2016/dsa-3644
FEDORA-2016-6802f2e52a
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CJ45VRAMCIISHOVKFVOQYQUSTUJP7FC/
FEDORA-2016-e23ab56ce3
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGOS4YYB7UYAWX5AEXJZHDIX4ZMSXSW5/
RHSA-2016:2601
http://rhn.redhat.com/errata/RHSA-2016-2601.html
USN-3063-1
http://www.ubuntu.com/usn/USN-3063-1
[Fontconfig] 20160805 fontconfig: Branch 'master' - 3 commits
https://lists.freedesktop.org/archives/fontconfig/2016-August/005792.html
https://cgit.freedesktop.org/fontconfig/commit/?id=7a4a5bd7897d216f0794ca9dbce0a4a5c9d14940

Copyright Copyright (C) 2016 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.871704
Categoría:	Red Hat Local Security Checks
Título:	RedHat Update for fontconfig RHSA-2016:2601-02
Resumen:	The remote host is missing an update for the 'fontconfig'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'fontconfig' package(s) announced via the referenced advisory. Vulnerability Insight: Fontconfig is designed to locate fonts within the system and select them according to requirements specified by applications. Security Fix(es): * It was found that cache files were insufficiently validated in fontconfig. A local attacker could create a specially crafted cache file to trigger arbitrary free() calls, which in turn could lead to arbitrary code execution. (CVE-2016-5384) Red Hat would like to thank Tobias Stoeckmann for reporting this issue. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section. Affected Software/OS: fontconfig on Red Hat Enterprise Linux Server (v. 7) Solution: Please Install the Updated Packages. CVSS Score: 4.6 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-5384 92339 http://www.securityfocus.com/bid/92339 DSA-3644 http://www.debian.org/security/2016/dsa-3644 FEDORA-2016-6802f2e52a https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CJ45VRAMCIISHOVKFVOQYQUSTUJP7FC/ FEDORA-2016-e23ab56ce3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGOS4YYB7UYAWX5AEXJZHDIX4ZMSXSW5/ RHSA-2016:2601 http://rhn.redhat.com/errata/RHSA-2016-2601.html USN-3063-1 http://www.ubuntu.com/usn/USN-3063-1 [Fontconfig] 20160805 fontconfig: Branch 'master' - 3 commits https://lists.freedesktop.org/archives/fontconfig/2016-August/005792.html https://cgit.freedesktop.org/fontconfig/commit/?id=7a4a5bd7897d216f0794ca9dbce0a4a5c9d14940
Copyright	Copyright (C) 2016 Greenbone AG