Updated libcroco packages fix security vulnerability
Publication date: 15 Dec 2019Modification date: 15 Dec 2019
Type: security
Affected Mageia releases : 7
CVE: CVE-2017-7960 , CVE-2017-7961 , CVE-2017-8834 , CVE-2017-8871
Description
Updated libcroco packages fix security vulnerabilities:
Heap overflow (input: check end of input before reading a byte)
(CVE-2017-7960).
Undefined behavior (tknzr: support only max long rgb values)
(CVE-2017-7961).
Denial of service (memory allocation error) via a crafted CSS file
(CVE-2017-8834).
Denial of service (infinite loop and CPU consumption) via a crafted CSS
file (CVE-2017-8871).
References
- https://bugs.mageia.org/show_bug.cgi?id=21057
- https://lists.opensuse.org/opensuse-updates/2019-06/msg00092.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7960
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7961
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8834
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8871
SRPMS
7/core
- libcroco-0.6.13-1.1.mga7