Ubuntu Security Notification for Fontconfig Vulnerability (USN-3063-1)——漏洞银行丨0DAY BANK

It was discovered that Fontconfig incorrectly handled cache files.

A local attacker could possibly use this issue with a specially crafted cache file to elevate privileges.

Refer to Ubuntu advisory USN-3063-1 for affected packages and patching details, or update with your package manager.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

USN-3063-1: 14.04 (Kylin) on src (fontconfig)

USN-3063-1: 12.04 (Precise) on src (libfontconfig1)

USN-3063-1: 16.04 (Xenial) on src (fontconfig)

USN-3063-1: 16.04 (Xenial) on src (libfontconfig1)

USN-3063-1: 14.04 (Kylin) on src (libfontconfig1)

USN-3063-1: 12.04 (Precise) on src (fontconfig)