Описание
Security update for libcroco
This update for libcroco fixes the following issues:
Security issues fixed:
- CVE-2017-8834: Fixed denial of service (memory allocation error) via a crafted CSS file (bsc#1043898).
- CVE-2017-8871: Fixed denial of service (infinite loop and CPU consumption) via a crafted CSS file (bsc#1043899).
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.1
libcroco-0.6.12-lp151.4.3.1
libcroco-0_6-3-0.6.12-lp151.4.3.1
libcroco-0_6-3-32bit-0.6.12-lp151.4.3.1
libcroco-devel-0.6.12-lp151.4.3.1
Ссылки
- E-Mail link for openSUSE-SU-2020:0780-1
- SUSE Security Ratings
- SUSE Bug 1043898
- SUSE Bug 1043899
- SUSE CVE CVE-2017-8834 page
- SUSE CVE CVE-2017-8871 page
Описание
The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (memory allocation error) via a crafted CSS file.
Затронутые продукты
openSUSE Leap 15.1:libcroco-0.6.12-lp151.4.3.1
openSUSE Leap 15.1:libcroco-0_6-3-0.6.12-lp151.4.3.1
openSUSE Leap 15.1:libcroco-0_6-3-32bit-0.6.12-lp151.4.3.1
openSUSE Leap 15.1:libcroco-devel-0.6.12-lp151.4.3.1
Ссылки
- CVE-2017-8834
- SUSE Bug 1043898
- SUSE Bug 1043899
Описание
The cr_parser_parse_selector_core function in cr-parser.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted CSS file.
Затронутые продукты
openSUSE Leap 15.1:libcroco-0.6.12-lp151.4.3.1
openSUSE Leap 15.1:libcroco-0_6-3-0.6.12-lp151.4.3.1
openSUSE Leap 15.1:libcroco-0_6-3-32bit-0.6.12-lp151.4.3.1
openSUSE Leap 15.1:libcroco-devel-0.6.12-lp151.4.3.1
Ссылки
- CVE-2017-8871
- SUSE Bug 1043898
- SUSE Bug 1043899