ALAS2-2020-1521


Amazon Linux 2 Security Advisory: ALAS-2020-1521
Advisory Release Date: 2020-10-22 18:10 Pacific
Advisory Updated Date: 2020-10-22 22:35 Pacific
Severity: Medium
References: CVE-2020-12825 

Issue Overview:

A stack overflow flaw was found in libcroco. A service using libcroco's CSS parser could be crashed by a local, authenticated attacker, or an attacker utilizing social engineering, using a crafted input. The highest threat from this vulnerability is to system availability. (CVE-2020-12825)


Affected Packages:

libcroco


Issue Correction:
Run yum update libcroco to update your system.

New Packages:
aarch64:
    libcroco-0.6.12-6.amzn2.aarch64
    libcroco-devel-0.6.12-6.amzn2.aarch64
    libcroco-debuginfo-0.6.12-6.amzn2.aarch64

i686:
    libcroco-0.6.12-6.amzn2.i686
    libcroco-devel-0.6.12-6.amzn2.i686
    libcroco-debuginfo-0.6.12-6.amzn2.i686

src:
    libcroco-0.6.12-6.amzn2.src

x86_64:
    libcroco-0.6.12-6.amzn2.x86_64
    libcroco-devel-0.6.12-6.amzn2.x86_64
    libcroco-debuginfo-0.6.12-6.amzn2.x86_64