Menu
▾
▴
[Cucumber-linux-security] cairo (security update is available)
|
From: Z5T1 <z5...@z5...> - 2017-09-15 03:19:33
|
Update Information A security update is available for cairo for the following versions of Cucumber Linux: * 1.0 Here are the details from the Cucumber 1.0 changelog: +----------------+ Thu Sep 14 22:47:09 EDT 2017 x-base/cairo rebuilt (build 3) to fix CVE-2016-9082, an integer overflow vulnerability in the write_png function which can be used to cause an invalid pointer dereference and consequentially a crash. Due to the nature of invalid pointer dereferences, arbitray code execution may also be possible. For more information see: http://security.cucumberlinux.com/security/details.php?id=22 https://nvd.nist.gov/vuln/detail/CVE-2016-9082 http://www.securityfocus.com/bid/93931/discuss https://bugs.freedesktop.org/show_bug.cgi?id=98165 multilib/x-base/cairo rebuilt (build 3) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-22 [CVE-2016-9082] (http://security.cucumberlinux.com/security/details.php?id=22) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure cairo is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found at the following location: Cucumber 1.0 i686: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-i686/x-base/cairo-1.14.8-i686-3.txz Cucumber 1.0 x86_64: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-x86_64/x-base/cairo-1.14.8-x86_64-3.txz http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-x86_64/multilib/x-base/cairo-lib_i686-1.14.8-lib_i686-3.txz To upgrade the package manually, download the new package and run the following command (as root): # upgradepkg cairo-1.14.8-i686-3.txz ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... http://www.cucumberlinux.com/security.php |
