SUSE-SU-2020:1937-1

See a problem?
Please try reporting it to the source first.

Source

https://www.suse.com/support/update/announcement/2020/suse-su-20201937-1/

Import Source

https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2020:1937-1.json

JSON Data

https://api.test.osv.dev/v1/vulns/SUSE-SU-2020:1937-1

Related

CVE-2017-9814

Published

2020-07-15T21:56:33Z

Modified

2020-07-15T21:56:33Z

Summary

Security update for cairo

Details

This update for cairo fixes the following issues:

Fix a memory corruption in pango.
Revert 'Correctly decode Adobe CMYK JPEGs in PDF export'.
Add more FreeeType font color conversions to support COLR/CPAL.
Fix crash when rendering Microsoft's Segoe UI Emoji Regular font.
Fix memory leaks found by Coverity.
Fix assertion failure in the freetype backend. (fdo#105746).
Add cairo-CVE-2017-9814.patch: Replace malloc with cairomalloc and check cmap size before allocating (bsc#1049092)

References

Affected packages

SUSE:Linux Enterprise Module for Basesystem 15 SP1 / cairo

Package

Name: cairo
Purl: pkg:rpm/suse/cairo&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.16.0-4.8.1

Ecosystem specific

{
    "binaries": [
        {
            "libcairo-gobject2": "1.16.0-4.8.1",
            "cairo-devel": "1.16.0-4.8.1",
            "libcairo-script-interpreter2": "1.16.0-4.8.1",
            "libcairo2": "1.16.0-4.8.1"
        }
    ]
}

SUSE:Linux Enterprise Module for Desktop Applications 15 SP1 / cairo

Package

Name: cairo
Purl: pkg:rpm/suse/cairo&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.16.0-4.8.1

Ecosystem specific

{
    "binaries": [
        {
            "libcairo2-32bit": "1.16.0-4.8.1"
        }
    ]
}