Описание
Security update for cairo
This update for cairo fixes the following issues:
The following security vulnerability was addressed:
- CVE-2017-9814: Fixed and out-of-bounds read in cairo-truetype-subset.c by replacing the malloc implementation with _cairo_malloc and checking the size before memory allocation (bsc#1049092)
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.0
cairo-1.15.10-lp150.3.3.1
cairo-devel-1.15.10-lp150.3.3.1
cairo-devel-32bit-1.15.10-lp150.3.3.1
cairo-tools-1.15.10-lp150.3.3.1
libcairo-gobject2-1.15.10-lp150.3.3.1
libcairo-gobject2-32bit-1.15.10-lp150.3.3.1
libcairo-script-interpreter2-1.15.10-lp150.3.3.1
libcairo-script-interpreter2-32bit-1.15.10-lp150.3.3.1
libcairo2-1.15.10-lp150.3.3.1
libcairo2-32bit-1.15.10-lp150.3.3.1
Ссылки
- E-Mail link for openSUSE-SU-2018:1895-1
- SUSE Security Ratings
Описание
cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call.
Затронутые продукты
openSUSE Leap 15.0:cairo-1.15.10-lp150.3.3.1
openSUSE Leap 15.0:cairo-devel-1.15.10-lp150.3.3.1
openSUSE Leap 15.0:cairo-devel-32bit-1.15.10-lp150.3.3.1
openSUSE Leap 15.0:cairo-tools-1.15.10-lp150.3.3.1
Ссылки
- CVE-2017-9814
- SUSE Bug 1049092