USN-3063-1 Fontconfig vulnerability

Severity

Medium

Vendor

Canonical Ubuntu, fontconfig

Versions Affected

Canonical Ubuntu 14.04 LTS

Description

Tobias Stoeckmann discovered that Fontconfig incorrectly handled cache files. A local attacker could possibly use this issue with a specially crafted cache file to elevate privileges.

Affected Products and Versions

Severity is medium unless otherwise noted.

All versions of Cloud Foundry cflinuxfs2 prior to v.1.76.0

Mitigation

Users of affected versions should apply the following mitigation:

The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 v.1.76.0 or later versions

Credit

Tobias Stoeckmann

References

http://www.ubuntu.com/usn/usn-3063-1/
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5384.html

USN-3063-1 Fontconfig vulnerability

Severity

Vendor

Versions Affected

Description

Affected Products and Versions

Mitigation

Credit

References

You Might Also Like

USN-4985-1: Intel Microcode vulnerabilities

USN-6698-1: Vim vulnerability

USN-5906-1: PostgreSQL vulnerability

Sign up for the Cloud Foundry Newsletter today!

Sign up for the
Cloud Foundry Newsletter today!