cairo-devel-1.16.0-3.14 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10671 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z cairo-devel-1.16.0-3.14 on GA media These are all security issues fixed in the cairo-devel-1.16.0-3.14 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10671 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:10671 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2006-0528/ SUSE CVE CVE-2006-0528 page https://www.suse.com/security/cve/CVE-2016-9082/ SUSE CVE CVE-2016-9082 page https://www.suse.com/security/cve/CVE-2017-7475/ SUSE CVE CVE-2017-7475 page https://www.suse.com/security/cve/CVE-2017-9814/ SUSE CVE CVE-2017-9814 page openSUSE Tumbleweed cairo-devel-1.16.0-3.14 cairo-devel-32bit-1.16.0-3.14 cairo-tools-1.16.0-3.14 libcairo-gobject2-1.16.0-3.14 libcairo-gobject2-32bit-1.16.0-3.14 libcairo-script-interpreter2-1.16.0-3.14 libcairo-script-interpreter2-32bit-1.16.0-3.14 libcairo2-1.16.0-3.14 libcairo2-32bit-1.16.0-3.14 cairo-devel-1.16.0-3.14 as a component of openSUSE Tumbleweed cairo-devel-32bit-1.16.0-3.14 as a component of openSUSE Tumbleweed cairo-tools-1.16.0-3.14 as a component of openSUSE Tumbleweed libcairo-gobject2-1.16.0-3.14 as a component of openSUSE Tumbleweed libcairo-gobject2-32bit-1.16.0-3.14 as a component of openSUSE Tumbleweed libcairo-script-interpreter2-1.16.0-3.14 as a component of openSUSE Tumbleweed libcairo-script-interpreter2-32bit-1.16.0-3.14 as a component of openSUSE Tumbleweed libcairo2-1.16.0-3.14 as a component of openSUSE Tumbleweed libcairo2-32bit-1.16.0-3.14 as a component of openSUSE Tumbleweed The cairo library (libcairo), as used in GNOME Evolution and possibly other products, allows remote attackers to cause a denial of service (persistent client crash) via an attached text file that contains "Content-Disposition: inline" in the header, and a very long line in the body, which causes the client to repeatedly crash until the e-mail message is manually removed, possibly due to a buffer overflow, as demonstrated using an XML attachment. CVE-2006-0528 openSUSE Tumbleweed:cairo-devel-1.16.0-3.14 openSUSE Tumbleweed:cairo-devel-32bit-1.16.0-3.14 openSUSE Tumbleweed:cairo-tools-1.16.0-3.14 openSUSE Tumbleweed:libcairo-gobject2-1.16.0-3.14 openSUSE Tumbleweed:libcairo-gobject2-32bit-1.16.0-3.14 openSUSE Tumbleweed:libcairo-script-interpreter2-1.16.0-3.14 openSUSE Tumbleweed:libcairo-script-interpreter2-32bit-1.16.0-3.14 openSUSE Tumbleweed:libcairo2-1.16.0-3.14 openSUSE Tumbleweed:libcairo2-32bit-1.16.0-3.14 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2006-0528.html CVE-2006-0528 https://bugzilla.suse.com/159675 SUSE Bug 159675 Integer overflow in the write_png function in cairo 1.14.6 allows remote attackers to cause a denial of service (invalid pointer dereference) via a large svg file. CVE-2016-9082 openSUSE Tumbleweed:cairo-devel-1.16.0-3.14 openSUSE Tumbleweed:cairo-devel-32bit-1.16.0-3.14 openSUSE Tumbleweed:cairo-tools-1.16.0-3.14 openSUSE Tumbleweed:libcairo-gobject2-1.16.0-3.14 openSUSE Tumbleweed:libcairo-gobject2-32bit-1.16.0-3.14 openSUSE Tumbleweed:libcairo-script-interpreter2-1.16.0-3.14 openSUSE Tumbleweed:libcairo-script-interpreter2-32bit-1.16.0-3.14 openSUSE Tumbleweed:libcairo2-1.16.0-3.14 openSUSE Tumbleweed:libcairo2-32bit-1.16.0-3.14 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-9082.html CVE-2016-9082 https://bugzilla.suse.com/1007255 SUSE Bug 1007255 Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash. CVE-2017-7475 openSUSE Tumbleweed:cairo-devel-1.16.0-3.14 openSUSE Tumbleweed:cairo-devel-32bit-1.16.0-3.14 openSUSE Tumbleweed:cairo-tools-1.16.0-3.14 openSUSE Tumbleweed:libcairo-gobject2-1.16.0-3.14 openSUSE Tumbleweed:libcairo-gobject2-32bit-1.16.0-3.14 openSUSE Tumbleweed:libcairo-script-interpreter2-1.16.0-3.14 openSUSE Tumbleweed:libcairo-script-interpreter2-32bit-1.16.0-3.14 openSUSE Tumbleweed:libcairo2-1.16.0-3.14 openSUSE Tumbleweed:libcairo2-32bit-1.16.0-3.14 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-7475.html CVE-2017-7475 https://bugzilla.suse.com/1036789 SUSE Bug 1036789 cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call. CVE-2017-9814 openSUSE Tumbleweed:cairo-devel-1.16.0-3.14 openSUSE Tumbleweed:cairo-devel-32bit-1.16.0-3.14 openSUSE Tumbleweed:cairo-tools-1.16.0-3.14 openSUSE Tumbleweed:libcairo-gobject2-1.16.0-3.14 openSUSE Tumbleweed:libcairo-gobject2-32bit-1.16.0-3.14 openSUSE Tumbleweed:libcairo-script-interpreter2-1.16.0-3.14 openSUSE Tumbleweed:libcairo-script-interpreter2-32bit-1.16.0-3.14 openSUSE Tumbleweed:libcairo2-1.16.0-3.14 openSUSE Tumbleweed:libcairo2-32bit-1.16.0-3.14 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-9814.html CVE-2017-9814 https://bugzilla.suse.com/1049092 SUSE Bug 1049092