fontconfig (SL7) | Scientific Linux

Synopsis: Moderate: fontconfig security and bug fix update
Advisory ID: SLSA-2016:2601-2
Issue Date: 2016-11-03
CVE Numbers: CVE-2016-5384
—

Security Fix(es):

* It was found that cache files were insufficiently validated in
fontconfig. A local attacker could create a specially crafted cache file
to trigger arbitrary free() calls, which in turn could lead to arbitrary
code execution. (CVE-2016-5384)

Additional Changes:
—

SL7
x86_64
fontconfig-2.10.95-10.el7.i686.rpm
fontconfig-2.10.95-10.el7.x86_64.rpm
fontconfig-debuginfo-2.10.95-10.el7.i686.rpm
fontconfig-debuginfo-2.10.95-10.el7.x86_64.rpm
fontconfig-devel-2.10.95-10.el7.i686.rpm
fontconfig-devel-2.10.95-10.el7.x86_64.rpm
noarch
fontconfig-devel-doc-2.10.95-10.el7.noarch.rpm

– Scientific Linux Development Team

SL Security Errata