Описание
Security update for cairo
This update for cairo fixes the following issues:
- CVE-2017-9814: out-of-bounds read in cairo-truetype-subset.c could lead to denial of service (bsc#1049092).
Список пакетов
SUSE Linux Enterprise Desktop 12 SP3
libcairo-gobject2-1.15.2-25.3.2
libcairo-gobject2-32bit-1.15.2-25.3.2
libcairo-script-interpreter2-1.15.2-25.3.2
libcairo2-1.15.2-25.3.2
libcairo2-32bit-1.15.2-25.3.2
SUSE Linux Enterprise Server 12 SP3
libcairo-gobject2-1.15.2-25.3.2
libcairo-gobject2-32bit-1.15.2-25.3.2
libcairo-script-interpreter2-1.15.2-25.3.2
libcairo2-1.15.2-25.3.2
libcairo2-32bit-1.15.2-25.3.2
SUSE Linux Enterprise Server for SAP Applications 12 SP3
libcairo-gobject2-1.15.2-25.3.2
libcairo-gobject2-32bit-1.15.2-25.3.2
libcairo-script-interpreter2-1.15.2-25.3.2
libcairo2-1.15.2-25.3.2
libcairo2-32bit-1.15.2-25.3.2
SUSE Linux Enterprise Software Development Kit 12 SP3
cairo-devel-1.15.2-25.3.2
Ссылки
- Link for SUSE-SU-2018:1195-1
- E-Mail link for SUSE-SU-2018:1195-1
- SUSE Security Ratings
- SUSE Bug 1049092
- SUSE CVE CVE-2017-9814 page
Описание
cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:libcairo-gobject2-1.15.2-25.3.2
SUSE Linux Enterprise Desktop 12 SP3:libcairo-gobject2-32bit-1.15.2-25.3.2
SUSE Linux Enterprise Desktop 12 SP3:libcairo-script-interpreter2-1.15.2-25.3.2
SUSE Linux Enterprise Desktop 12 SP3:libcairo2-1.15.2-25.3.2
Ссылки
- CVE-2017-9814
- SUSE Bug 1049092