Advisories » MGASA-2019-0389

Updated libcroco packages fix security vulnerability

Publication date: 15 Dec 2019
Modification date: 15 Dec 2019
Type: security
Affected Mageia releases : 7
CVE: CVE-2017-7960 , CVE-2017-7961 , CVE-2017-8834 , CVE-2017-8871

Description

Updated libcroco packages fix security vulnerabilities:

Heap overflow (input: check end of input before reading a byte)
(CVE-2017-7960).

Undefined behavior (tknzr: support only max long rgb values)
(CVE-2017-7961).

Denial of service (memory allocation error) via a crafted CSS file
(CVE-2017-8834).

Denial of service (infinite loop and CPU consumption) via a crafted CSS
file (CVE-2017-8871).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=21057
• https://lists.opensuse.org/opensuse-updates/2019-06/msg00092.html
• https://www.cve.org/CVERecord?id=CVE-2017-7960
• https://www.cve.org/CVERecord?id=CVE-2017-7961
• https://www.cve.org/CVERecord?id=CVE-2017-8834
• https://www.cve.org/CVERecord?id=CVE-2017-8871

SRPMS

7/core

• libcroco-0.6.13-1.1.mga7