Описание
Security update for cairo
This update for cairo fixes the following issues:
- Fix a memory corruption in pango.
- Revert 'Correctly decode Adobe CMYK JPEGs in PDF export'.
- Add more FreeeType font color conversions to support COLR/CPAL.
- Fix crash when rendering Microsoft's Segoe UI Emoji Regular font.
- Fix memory leaks found by Coverity.
- Fix assertion failure in the freetype backend. (fdo#105746).
- Add cairo-CVE-2017-9814.patch: Replace malloc with _cairo_malloc and check cmap size before allocating (bsc#1049092)
Список пакетов
Image SLES15-SAP-Azure
libcairo2-1.16.0-4.8.1
Image SLES15-SAP-Azure-BYOS
libcairo2-1.16.0-4.8.1
Image SLES15-SAP-Azure-LI-BYOS-Production
libcairo-gobject2-1.16.0-4.8.1
libcairo2-1.16.0-4.8.1
Image SLES15-SAP-Azure-VLI-BYOS-Production
libcairo-gobject2-1.16.0-4.8.1
libcairo2-1.16.0-4.8.1
Image SLES15-SAP-EC2-HVM
libcairo2-1.16.0-4.8.1
Image SLES15-SAP-EC2-HVM-BYOS
libcairo2-1.16.0-4.8.1
Image SLES15-SAP-GCE
libcairo2-1.16.0-4.8.1
Image SLES15-SAP-GCE-BYOS
libcairo2-1.16.0-4.8.1
Image SLES15-SAP-OCI-BYOS
libcairo2-1.16.0-4.8.1
Image SLES15-SP1-EC2-HPC-HVM-BYOS
libcairo2-1.16.0-4.8.1
Image SLES15-SP1-SAP-Azure
libcairo2-1.16.0-4.8.1
Image SLES15-SP1-SAP-Azure-BYOS
libcairo2-1.16.0-4.8.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production
libcairo-gobject2-1.16.0-4.8.1
libcairo2-1.16.0-4.8.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production
libcairo-gobject2-1.16.0-4.8.1
libcairo2-1.16.0-4.8.1
Image SLES15-SP1-SAP-EC2-HVM
libcairo2-1.16.0-4.8.1
Image SLES15-SP1-SAP-EC2-HVM-BYOS
libcairo2-1.16.0-4.8.1
Image SLES15-SP1-SAP-GCE
libcairo2-1.16.0-4.8.1
Image SLES15-SP1-SAP-GCE-BYOS
libcairo2-1.16.0-4.8.1
Image SLES15-SP1-SAP-OCI-BYOS
libcairo2-1.16.0-4.8.1
Image SLES15-SP1-SAPCAL-Azure
cairo-devel-1.16.0-4.8.1
libcairo-gobject2-1.16.0-4.8.1
libcairo-script-interpreter2-1.16.0-4.8.1
libcairo2-1.16.0-4.8.1
Image SLES15-SP1-SAPCAL-EC2-HVM
cairo-devel-1.16.0-4.8.1
libcairo-gobject2-1.16.0-4.8.1
libcairo-script-interpreter2-1.16.0-4.8.1
libcairo2-1.16.0-4.8.1
Image SLES15-SP1-SAPCAL-GCE
cairo-devel-1.16.0-4.8.1
libcairo-gobject2-1.16.0-4.8.1
libcairo-script-interpreter2-1.16.0-4.8.1
libcairo2-1.16.0-4.8.1
SUSE Linux Enterprise Module for Basesystem 15 SP1
cairo-devel-1.16.0-4.8.1
libcairo-gobject2-1.16.0-4.8.1
libcairo-script-interpreter2-1.16.0-4.8.1
libcairo2-1.16.0-4.8.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP1
libcairo2-32bit-1.16.0-4.8.1
Ссылки
- Link for SUSE-SU-2020:1937-1
- E-Mail link for SUSE-SU-2020:1937-1
- SUSE Security Ratings
- SUSE Bug 1049092
- SUSE CVE CVE-2017-9814 page
Описание
cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call.
Затронутые продукты
Image SLES15-SAP-Azure-BYOS:libcairo2-1.16.0-4.8.1
Image SLES15-SAP-Azure-LI-BYOS-Production:libcairo-gobject2-1.16.0-4.8.1
Image SLES15-SAP-Azure-LI-BYOS-Production:libcairo2-1.16.0-4.8.1
Image SLES15-SAP-Azure-VLI-BYOS-Production:libcairo-gobject2-1.16.0-4.8.1
Ссылки
- CVE-2017-9814
- SUSE Bug 1049092