Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2016-0287)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2016.0287

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2016-0287)

Resumen: The remote host is missing an update for the 'fontconfig' package(s) announced via the MGASA-2016-0287 advisory.

Descripción: Summary:
The remote host is missing an update for the 'fontconfig' package(s) announced via the MGASA-2016-0287 advisory.

Vulnerability Insight:
Tobias Stoeckmann discovered that cache files are insufficiently
validated in fontconfig, a generic font configuration library. An
attacker can trigger arbitrary free() calls, which in turn allows
double free attacks and therefore arbitrary code execution. In
combination with setuid binaries using crafted cache files, this
could allow privilege escalation (CVE-2016-5384).

Affected Software/OS:
'fontconfig' package(s) on Mageia 5.

Solution:
Please install the updated package(s).

CVSS Score:
4.6

CVSS Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2016-5384
92339
http://www.securityfocus.com/bid/92339
DSA-3644
http://www.debian.org/security/2016/dsa-3644
FEDORA-2016-6802f2e52a
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CJ45VRAMCIISHOVKFVOQYQUSTUJP7FC/
FEDORA-2016-e23ab56ce3
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGOS4YYB7UYAWX5AEXJZHDIX4ZMSXSW5/
RHSA-2016:2601
http://rhn.redhat.com/errata/RHSA-2016-2601.html
USN-3063-1
http://www.ubuntu.com/usn/USN-3063-1
[Fontconfig] 20160805 fontconfig: Branch 'master' - 3 commits
https://lists.freedesktop.org/archives/fontconfig/2016-August/005792.html
https://cgit.freedesktop.org/fontconfig/commit/?id=7a4a5bd7897d216f0794ca9dbce0a4a5c9d14940

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2016.0287
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2016-0287)
Resumen:	The remote host is missing an update for the 'fontconfig' package(s) announced via the MGASA-2016-0287 advisory.
Descripción:	Summary: The remote host is missing an update for the 'fontconfig' package(s) announced via the MGASA-2016-0287 advisory. Vulnerability Insight: Tobias Stoeckmann discovered that cache files are insufficiently validated in fontconfig, a generic font configuration library. An attacker can trigger arbitrary free() calls, which in turn allows double free attacks and therefore arbitrary code execution. In combination with setuid binaries using crafted cache files, this could allow privilege escalation (CVE-2016-5384). Affected Software/OS: 'fontconfig' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 4.6 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-5384 92339 http://www.securityfocus.com/bid/92339 DSA-3644 http://www.debian.org/security/2016/dsa-3644 FEDORA-2016-6802f2e52a https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CJ45VRAMCIISHOVKFVOQYQUSTUJP7FC/ FEDORA-2016-e23ab56ce3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGOS4YYB7UYAWX5AEXJZHDIX4ZMSXSW5/ RHSA-2016:2601 http://rhn.redhat.com/errata/RHSA-2016-2601.html USN-3063-1 http://www.ubuntu.com/usn/USN-3063-1 [Fontconfig] 20160805 fontconfig: Branch 'master' - 3 commits https://lists.freedesktop.org/archives/fontconfig/2016-August/005792.html https://cgit.freedesktop.org/fontconfig/commit/?id=7a4a5bd7897d216f0794ca9dbce0a4a5c9d14940
Copyright	Copyright (C) 2022 Greenbone AG