星球 - USN-3063-1: Fontconfig vulnerability

來自:Ubuntu security notices | 2016/8/18 5:35:34

Ubuntu Security Notice USN-3063-1


17th August, 2016


fontconfig vulnerability


A security issue affects these releases of Ubuntu and its
derivatives:




  • Ubuntu 16.04 LTS


  • Ubuntu 14.04 LTS


  • Ubuntu 12.04 LTS





Summary


Fontconfig be made to crash or run programs if it opened a specially
crafted file.





Software description





  • fontconfig
    - generic font configuration library











Details


Tobias Stoeckmann discovered that Fontconfig incorrectly handled cache
files. A local attacker could possibly use this issue with a specially
crafted cache file to elevate privileges.



Update instructions


The problem can be corrected by updating your system to the following
package version:




Ubuntu 16.04 LTS:




fontconfig

2.11.94-0ubuntu1.1






libfontconfig1

2.11.94-0ubuntu1.1





Ubuntu 14.04 LTS:




fontconfig

2.11.0-0ubuntu4.2






libfontconfig1

2.11.0-0ubuntu4.2





Ubuntu 12.04 LTS:




fontconfig

2.8.0-3ubuntu9.2






libfontconfig1

2.8.0-3ubuntu9.2






To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.


After a standard system update you need to restart your session to make
all the necessary changes.





References




CVE-2016-5384