Описание
Security update for libcroco
This update for libcroco fixes the following issues:
Security issues fixed:
- CVE-2017-8834: Fixed denial of service (memory allocation error) via a crafted CSS file (bsc#1043898).
- CVE-2017-8871: Fixed denial of service (infinite loop and CPU consumption) via a crafted CSS file (bsc#1043899).
Список пакетов
Image SLES15-Azure-BYOS
libcroco-0_6-3-0.6.12-4.3.51
Image SLES15-EC2-CHOST-HVM-BYOS
libcroco-0_6-3-0.6.12-4.3.51
Image SLES15-EC2-HVM-BYOS
libcroco-0_6-3-0.6.12-4.3.51
Image SLES15-GCE-BYOS
libcroco-0_6-3-0.6.12-4.3.51
Image SLES15-OCI-BYOS
libcroco-0_6-3-0.6.12-4.3.51
Image SLES15-SAP-Azure
libcroco-0_6-3-0.6.12-4.3.51
Image SLES15-SAP-Azure-BYOS
libcroco-0_6-3-0.6.12-4.3.51
Image SLES15-SAP-Azure-LI-BYOS-Production
libcroco-0_6-3-0.6.12-4.3.51
Image SLES15-SAP-Azure-VLI-BYOS-Production
libcroco-0_6-3-0.6.12-4.3.51
Image SLES15-SAP-EC2-HVM
libcroco-0_6-3-0.6.12-4.3.51
Image SLES15-SAP-EC2-HVM-BYOS
libcroco-0_6-3-0.6.12-4.3.51
Image SLES15-SAP-GCE
libcroco-0_6-3-0.6.12-4.3.51
Image SLES15-SAP-GCE-BYOS
libcroco-0_6-3-0.6.12-4.3.51
Image SLES15-SAP-OCI-BYOS
libcroco-0_6-3-0.6.12-4.3.51
Image SLES15-SP1-Azure-BYOS
libcroco-0_6-3-0.6.12-4.3.51
Image SLES15-SP1-Azure-HPC-BYOS
libcroco-0_6-3-0.6.12-4.3.51
Image SLES15-SP1-CAP-Deployment-BYOS-EC2-HVM
libcroco-0_6-3-0.6.12-4.3.51
Image SLES15-SP1-CAP-Deployment-BYOS-GCE
libcroco-0_6-3-0.6.12-4.3.51
Image SLES15-SP1-CHOST-BYOS-Azure
libcroco-0_6-3-0.6.12-4.3.51
Image SLES15-SP1-CHOST-BYOS-EC2
libcroco-0_6-3-0.6.12-4.3.51
Image SLES15-SP1-CHOST-BYOS-GCE
libcroco-0_6-3-0.6.12-4.3.51
Image SLES15-SP1-EC2-HPC-HVM-BYOS
libcroco-0_6-3-0.6.12-4.3.51
Image SLES15-SP1-EC2-HVM-BYOS
libcroco-0_6-3-0.6.12-4.3.51
Image SLES15-SP1-GCE-BYOS
libcroco-0_6-3-0.6.12-4.3.51
Image SLES15-SP1-Manager-4-0-Azure-BYOS-Proxy
libcroco-0_6-3-0.6.12-4.3.51
Image SLES15-SP1-Manager-4-0-Azure-BYOS-Server
libcroco-0_6-3-0.6.12-4.3.51
Image SLES15-SP1-Manager-4-0-EC2-HVM-BYOS-Proxy
libcroco-0_6-3-0.6.12-4.3.51
Image SLES15-SP1-Manager-4-0-EC2-HVM-BYOS-Server
libcroco-0_6-3-0.6.12-4.3.51
Image SLES15-SP1-Manager-4-0-GCE-BYOS-Proxy
libcroco-0_6-3-0.6.12-4.3.51
Image SLES15-SP1-Manager-4-0-GCE-BYOS-Server
libcroco-0_6-3-0.6.12-4.3.51
Image SLES15-SP1-OCI-BYOS
libcroco-0_6-3-0.6.12-4.3.51
Image SLES15-SP1-SAP-Azure
libcroco-0_6-3-0.6.12-4.3.51
Image SLES15-SP1-SAP-Azure-BYOS
libcroco-0_6-3-0.6.12-4.3.51
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production
libcroco-0_6-3-0.6.12-4.3.51
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production
libcroco-0_6-3-0.6.12-4.3.51
Image SLES15-SP1-SAP-EC2-HVM
libcroco-0_6-3-0.6.12-4.3.51
Image SLES15-SP1-SAP-EC2-HVM-BYOS
libcroco-0_6-3-0.6.12-4.3.51
Image SLES15-SP1-SAP-GCE
libcroco-0_6-3-0.6.12-4.3.51
Image SLES15-SP1-SAP-GCE-BYOS
libcroco-0_6-3-0.6.12-4.3.51
Image SLES15-SP1-SAP-OCI-BYOS
libcroco-0_6-3-0.6.12-4.3.51
Image SLES15-SP1-SAPCAL-Azure
libcroco-0_6-3-0.6.12-4.3.51
Image SLES15-SP1-SAPCAL-EC2-HVM
libcroco-0_6-3-0.6.12-4.3.51
Image SLES15-SP1-SAPCAL-GCE
libcroco-0_6-3-0.6.12-4.3.51
SUSE Linux Enterprise Module for Basesystem 15 SP1
libcroco-0.6.12-4.3.51
libcroco-0_6-3-0.6.12-4.3.51
libcroco-0_6-3-32bit-0.6.12-4.3.51
libcroco-devel-0.6.12-4.3.51
Ссылки
- Link for SUSE-SU-2020:1535-1
- E-Mail link for SUSE-SU-2020:1535-1
- SUSE Security Ratings
- SUSE Bug 1043898
- SUSE Bug 1043899
- SUSE CVE CVE-2017-8834 page
- SUSE CVE CVE-2017-8871 page
Описание
The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (memory allocation error) via a crafted CSS file.
Затронутые продукты
Image SLES15-Azure-BYOS:libcroco-0_6-3-0.6.12-4.3.51
Image SLES15-EC2-CHOST-HVM-BYOS:libcroco-0_6-3-0.6.12-4.3.51
Image SLES15-EC2-HVM-BYOS:libcroco-0_6-3-0.6.12-4.3.51
Image SLES15-GCE-BYOS:libcroco-0_6-3-0.6.12-4.3.51
Ссылки
- CVE-2017-8834
- SUSE Bug 1043898
- SUSE Bug 1043899
Описание
The cr_parser_parse_selector_core function in cr-parser.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted CSS file.
Затронутые продукты
Image SLES15-Azure-BYOS:libcroco-0_6-3-0.6.12-4.3.51
Image SLES15-EC2-CHOST-HVM-BYOS:libcroco-0_6-3-0.6.12-4.3.51
Image SLES15-EC2-HVM-BYOS:libcroco-0_6-3-0.6.12-4.3.51
Image SLES15-GCE-BYOS:libcroco-0_6-3-0.6.12-4.3.51
Ссылки
- CVE-2017-8871
- SUSE Bug 1043898
- SUSE Bug 1043899