Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2020:1003-1

Опубликовано: 19 июл. 2020
Источник: suse-cvrf

Описание

Security update for cairo

This update for cairo fixes the following issues:

  • Fix a memory corruption in pango.
  • Revert 'Correctly decode Adobe CMYK JPEGs in PDF export'.
  • Add more FreeeType font color conversions to support COLR/CPAL.
  • Fix crash when rendering Microsoft's Segoe UI Emoji Regular font.
  • Fix memory leaks found by Coverity.
  • Fix assertion failure in the freetype backend. (fdo#105746).
  • Add cairo-CVE-2017-9814.patch: Replace malloc with _cairo_malloc and check cmap size before allocating (bsc#1049092)

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.1
cairo-devel-1.16.0-lp151.5.3.1
cairo-devel-32bit-1.16.0-lp151.5.3.1
cairo-tools-1.16.0-lp151.5.3.1
libcairo-gobject2-1.16.0-lp151.5.3.1
libcairo-gobject2-32bit-1.16.0-lp151.5.3.1
libcairo-script-interpreter2-1.16.0-lp151.5.3.1
libcairo-script-interpreter2-32bit-1.16.0-lp151.5.3.1
libcairo2-1.16.0-lp151.5.3.1
libcairo2-32bit-1.16.0-lp151.5.3.1

Ссылки

Описание

cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call.

Затронутые продукты
openSUSE Leap 15.1:cairo-devel-1.16.0-lp151.5.3.1
openSUSE Leap 15.1:cairo-devel-32bit-1.16.0-lp151.5.3.1
openSUSE Leap 15.1:cairo-tools-1.16.0-lp151.5.3.1
openSUSE Leap 15.1:libcairo-gobject2-1.16.0-lp151.5.3.1
Ссылки