Bug 1350891 (CVE-2016-5384)
Summary: | CVE-2016-5384 fontconfig: Possible double free due to insufficiently validated cache files | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Adam Mariš <amaris> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | alonbl, bmcclain, carnil, cfergeau, dblechte, lsurette, mgoldboi, michal.skrivanek, sardella, security-response-team, slawomir, spam.bugzillaredhat, srevivo, tagoh, ykaul |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
It was found that cache files were insufficiently validated in fontconfig. A local attacker could create a specially crafted cache file to trigger arbitrary free() calls, which in turn could lead to arbitrary code execution.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2019-06-08 02:55:58 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1355930, 1364439, 1364440, 1364442 | ||
Bug Blocks: | 1323912, 1350892 |
Description
Adam Mariš
2016-06-28 15:34:11 UTC
Acknowledgments: Name: Tobias Stoeckmann The fix has been pushed to the upstream git: https://lists.freedesktop.org/archives/fontconfig/2016-August/005792.html BTW no bugs for Fedora? Created mingw-fontconfig tracking bugs for this issue: Affects: fedora-all [bug 1364440] Created fontconfig tracking bugs for this issue: Affects: fedora-all [bug 1364439] Created mingw-fontconfig tracking bugs for this issue: Affects: epel-7 [bug 1364442] fontconfig-2.11.94-7.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report. fontconfig-2.11.94-5.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report. Our CVSS scoring reflects the fact that RHEL 7 and RHEL 6 contains no setuid root binaries which are linked to fontconfig. This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2016:2601 https://rhn.redhat.com/errata/RHSA-2016-2601.html Great job, now fontconfig doesn't use cache at all, causing every process to regenerate cache when started, and completely freezing my system at boot because I've had 2000+ fonts installed. |