SUSE-SU-2018:1873-1

Опубликовано: 03 июл. 2018

Источник: suse-cvrf

Описание

Security update for cairo

This update for cairo fixes the following issues:

The following security vulnerability was addressed:

CVE-2017-9814: Fixed and out-of-bounds read in cairo-truetype-subset.c by replacing the malloc implementation with _cairo_malloc and checking the size before memory allocation (bsc#1049092)

Список пакетов

SUSE Linux Enterprise Module for Basesystem 15

cairo-devel-1.15.10-4.5.1

libcairo-gobject2-1.15.10-4.5.1

libcairo-script-interpreter2-1.15.10-4.5.1

libcairo2-1.15.10-4.5.1

SUSE Linux Enterprise Module for Desktop Applications 15

libcairo2-32bit-1.15.10-4.5.1

Ссылки

https://www.suse.com/support/update/announcement/2018/suse-su-20181873-1/
Link for SUSE-SU-2018:1873-1
https://lists.suse.com/pipermail/sle-security-updates/2018-July/004238.html
E-Mail link for SUSE-SU-2018:1873-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1049092
SUSE Bug 1049092
https://www.suse.com/security/cve/CVE-2017-9814/
SUSE CVE CVE-2017-9814 page

Описание

cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call.

Затронутые продукты

SUSE Linux Enterprise Module for Basesystem 15:cairo-devel-1.15.10-4.5.1

SUSE Linux Enterprise Module for Basesystem 15:libcairo-gobject2-1.15.10-4.5.1

SUSE Linux Enterprise Module for Basesystem 15:libcairo-script-interpreter2-1.15.10-4.5.1

SUSE Linux Enterprise Module for Basesystem 15:libcairo2-1.15.10-4.5.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-9814.html
CVE-2017-9814
https://bugzilla.suse.com/1049092
SUSE Bug 1049092

SUSE-SU-2018:1873-1

Описание

Список пакетов

SUSE Linux Enterprise Module for Basesystem 15

SUSE Linux Enterprise Module for Desktop Applications 15

Ссылки

Уязвимость: CVE-2017-9814

Описание

Затронутые продукты

Ссылки