Описание
Security update for cairo
This update for cairo fixes the following issues:
- CVE-2016-3190: Fixed an out-of-bound read in the fill_xrgb32_lerp_opaque_spans function that might lead to a crash when processing a maliciously crafted image file (bsc#971964).
Список пакетов
SUSE Linux Enterprise Desktop 12
libcairo-gobject2-1.12.16-13.1
libcairo-gobject2-32bit-1.12.16-13.1
libcairo2-1.12.16-13.1
libcairo2-32bit-1.12.16-13.1
SUSE Linux Enterprise Desktop 12 SP1
libcairo-gobject2-1.12.16-13.1
libcairo-gobject2-32bit-1.12.16-13.1
libcairo-script-interpreter2-1.12.16-13.1
libcairo2-1.12.16-13.1
libcairo2-32bit-1.12.16-13.1
SUSE Linux Enterprise Server 12
libcairo-gobject2-1.12.16-13.1
libcairo-gobject2-32bit-1.12.16-13.1
libcairo2-1.12.16-13.1
libcairo2-32bit-1.12.16-13.1
SUSE Linux Enterprise Server 12 SP1
libcairo-gobject2-1.12.16-13.1
libcairo-gobject2-32bit-1.12.16-13.1
libcairo-script-interpreter2-1.12.16-13.1
libcairo2-1.12.16-13.1
libcairo2-32bit-1.12.16-13.1
SUSE Linux Enterprise Server for SAP Applications 12
libcairo-gobject2-1.12.16-13.1
libcairo-gobject2-32bit-1.12.16-13.1
libcairo2-1.12.16-13.1
libcairo2-32bit-1.12.16-13.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
libcairo-gobject2-1.12.16-13.1
libcairo-gobject2-32bit-1.12.16-13.1
libcairo-script-interpreter2-1.12.16-13.1
libcairo2-1.12.16-13.1
libcairo2-32bit-1.12.16-13.1
SUSE Linux Enterprise Software Development Kit 12
cairo-devel-1.12.16-13.1
libcairo-script-interpreter2-1.12.16-13.1
SUSE Linux Enterprise Software Development Kit 12 SP1
cairo-devel-1.12.16-13.1
Ссылки
- Link for SUSE-SU-2016:1100-1
- E-Mail link for SUSE-SU-2016:1100-1
- SUSE Security Ratings
- SUSE Bug 971964
- SUSE CVE CVE-2016-3190 page
Описание
The fill_xrgb32_lerp_opaque_spans function in cairo-image-compositor.c in cairo before 1.14.2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a negative span length.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:libcairo-gobject2-1.12.16-13.1
SUSE Linux Enterprise Desktop 12 SP1:libcairo-gobject2-32bit-1.12.16-13.1
SUSE Linux Enterprise Desktop 12 SP1:libcairo-script-interpreter2-1.12.16-13.1
SUSE Linux Enterprise Desktop 12 SP1:libcairo2-1.12.16-13.1
Ссылки
- CVE-2016-3190
- SUSE Bug 971964