Описание
Security update for cairo
This update for cairo fixes the following issues:
- CVE-2017-7475: Fixed a segfault in get_bitmap_surface due to malformed font (bsc#1036789).
- CVE-2016-9082: fix a segfault when using >4GB images since int values were used for pointer operations (bsc#1007255).
Список пакетов
SUSE Linux Enterprise Desktop 12 SP2
libcairo-gobject2-1.15.2-24.1
libcairo-gobject2-32bit-1.15.2-24.1
libcairo-script-interpreter2-1.15.2-24.1
libcairo2-1.15.2-24.1
libcairo2-32bit-1.15.2-24.1
SUSE Linux Enterprise Server 12 SP2
libcairo-gobject2-1.15.2-24.1
libcairo-gobject2-32bit-1.15.2-24.1
libcairo-script-interpreter2-1.15.2-24.1
libcairo2-1.15.2-24.1
libcairo2-32bit-1.15.2-24.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
libcairo-gobject2-1.15.2-24.1
libcairo-script-interpreter2-1.15.2-24.1
libcairo2-1.15.2-24.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
libcairo-gobject2-1.15.2-24.1
libcairo-gobject2-32bit-1.15.2-24.1
libcairo-script-interpreter2-1.15.2-24.1
libcairo2-1.15.2-24.1
libcairo2-32bit-1.15.2-24.1
SUSE Linux Enterprise Software Development Kit 12 SP2
cairo-devel-1.15.2-24.1
Ссылки
- Link for SUSE-SU-2017:1671-1
- E-Mail link for SUSE-SU-2017:1671-1
- SUSE Security Ratings
- SUSE Bug 1007255
- SUSE Bug 1036789
- SUSE CVE CVE-2016-9082 page
- SUSE CVE CVE-2017-7475 page
Описание
Integer overflow in the write_png function in cairo 1.14.6 allows remote attackers to cause a denial of service (invalid pointer dereference) via a large svg file.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:libcairo-gobject2-1.15.2-24.1
SUSE Linux Enterprise Desktop 12 SP2:libcairo-gobject2-32bit-1.15.2-24.1
SUSE Linux Enterprise Desktop 12 SP2:libcairo-script-interpreter2-1.15.2-24.1
SUSE Linux Enterprise Desktop 12 SP2:libcairo2-1.15.2-24.1
Ссылки
- CVE-2016-9082
- SUSE Bug 1007255
Описание
Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:libcairo-gobject2-1.15.2-24.1
SUSE Linux Enterprise Desktop 12 SP2:libcairo-gobject2-32bit-1.15.2-24.1
SUSE Linux Enterprise Desktop 12 SP2:libcairo-script-interpreter2-1.15.2-24.1
SUSE Linux Enterprise Desktop 12 SP2:libcairo2-1.15.2-24.1
Ссылки
- CVE-2017-7475
- SUSE Bug 1036789