drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in Fontconfig
Name: |
Ausführen beliebiger Kommandos in Fontconfig |
|
ID: |
USN-3063-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 12.04 LTS, Ubuntu 14.04 LTS, Ubuntu 16.04 LTS |
|
Datum: |
Mi, 17. August 2016, 20:31 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5384 |
|
Applikationen: |
Fontconfig |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============3035258632716275643== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="hVaDr8wMcfjF9du72DWVPt8I3rGatBOHQ"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --hVaDr8wMcfjF9du72DWVPt8I3rGatBOHQ Content-Type: multipart/mixed; boundary="MWQattfablhU0is48oxpPhuvLeHGW8vAk" From: Marc Deslauriers <marc.deslauriers@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <4268d388-6f37-2869-334f-a3829050bf39@canonical.com> Subject: [USN-3063-1] Fontconfig vulnerability
--MWQattfablhU0is48oxpPhuvLeHGW8vAk Content-Type: text/plain; charset=utf- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-3063-1 August 17, 2016
fontconfig vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS
Summary:
Fontconfig be made to crash or run programs if it opened a specially crafted file.
Software Description: - fontconfig: generic font configuration library
Details:
Tobias Stoeckmann discovered that Fontconfig incorrectly handled cache files. A local attacker could possibly use this issue with a specially crafted cache file to elevate privileges.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 LTS: fontconfig 2.11.94-0ubuntu1.1 libfontconfig1 2.11.94-0ubuntu1.1
Ubuntu 14.04 LTS: fontconfig 2.11.0-0ubuntu4.2 libfontconfig1 2.11.0-0ubuntu4.2
Ubuntu 12.04 LTS: fontconfig 2.8.0-3ubuntu9.2 libfontconfig1 2.8.0-3ubuntu9.2
After a standard system update you need to restart your session to make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-3063-1 CVE-2016-5384
Package Information: https://launchpad.net/ubuntu/+source/fontconfig/2.11.94-0ubuntu1.1 https://launchpad.net/ubuntu/+source/fontconfig/2.11.0-0ubuntu4.2 https://launchpad.net/ubuntu/+source/fontconfig/2.8.0-3ubuntu9.2
--MWQattfablhU0is48oxpPhuvLeHGW8vAk--
--hVaDr8wMcfjF9du72DWVPt8I3rGatBOHQ Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iQIcBAEBCgAGBQJXtJ4CAAoJEGVp2FWnRL6TZMIQAJC+83YwIe4m4qcC2cpbzFBE 7/SuMT7jL6WA/3tKu0/LkFNq5as7vwjOkQSkJRXj/LeRweYGJQJWdXC+TTwVMuqJ 7NHyh9fY2Hjkn7moxMNW9hPgOd+npb5ByCCLrBaqqigczy4wf4bFmem2OE/7sV7u hGEvSwwXiB2JsFbI4wkT0KmLWBYO4CYXf9WN7ElaLD71nMwc3Sbw1XABDxcGKpcB vhXvBhej27bV1sL+p+N3gcKM/UDmXhdOhftdqy2dVuVjgXvdAEu5hkCOJM5Il83C hbK6lUVc1YBsN6E/sS9glo39VoIR+J6otUCQAxmN2g9izgBfPlddKsLHJlwn1nru d4H+U5Jgte0Qo0lDMwBr5vbV68D7zkmYgqsHtNGaig445Z5rr4nHg+CszaC5nnNn qkzQ3XzEi49W0s7y7iJ/6NWi9lxN/DvyC3vcms6pvXtJTHC8cZwQha6rsav+RwZs QEG+KeEUvVpkPy35wHMQ4A7YIXveyYT1kUeM8kTB7JbO6FuQ+NJSp3epUATcFEwR TssVhiKLsEJFPmGfiVBYbLpmve9F56/XHl95zmoxd4gJFHDjGz5iOEKi9BakgtKK 4gwF3AqGWODYs1A44AjWlDRDeQER/86yPDiTuVCsmu73fDSpMvqnH8d2SPMgSyfv rGuDRsytzqd8vZlUS5wY =qZpr -----END PGP SIGNATURE-----
--hVaDr8wMcfjF9du72DWVPt8I3rGatBOHQ--
--===============3035258632716275643== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============3035258632716275643==--
|
|
|
|