ALAS2-2019-1173

Amazon Linux 2 Security Advisory: ALAS-2019-1173
Advisory Release Date: 2019-03-07 06:00 Pacific
Advisory Updated Date: 2019-03-08 00:45 Pacific
Severity: Low
Issue Overview:

_XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow.(CVE-2015-9262)


Affected Packages:

libXcursor


Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.


Issue Correction:
Run yum update libXcursor to update your system.

New Packages:
aarch64:
    libXcursor-1.1.15-1.amzn2.aarch64
    libXcursor-devel-1.1.15-1.amzn2.aarch64
    libXcursor-debuginfo-1.1.15-1.amzn2.aarch64

i686:
    libXcursor-1.1.15-1.amzn2.i686
    libXcursor-devel-1.1.15-1.amzn2.i686
    libXcursor-debuginfo-1.1.15-1.amzn2.i686

src:
    libXcursor-1.1.15-1.amzn2.src

x86_64:
    libXcursor-1.1.15-1.amzn2.x86_64
    libXcursor-devel-1.1.15-1.amzn2.x86_64
    libXcursor-debuginfo-1.1.15-1.amzn2.x86_64

Additional References

Red Hat: CVE-2015-9262

Mitre: CVE-2015-9262