Amazon Linux 2 Security Advisory: ALAS-2020-1521
Advisory Release Date: 2020-10-22 18:10 Pacific
Advisory Updated Date: 2020-10-22 22:35 Pacific
Severity:
Medium
Issue Overview:
A stack overflow flaw was found in libcroco. A service using libcroco's CSS parser could be crashed by a local, authenticated attacker, or an attacker utilizing social engineering, using a crafted input. The highest threat from this vulnerability is to system availability. (CVE-2020-12825)
Affected Packages:
libcroco
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update libcroco to update your system.
New Packages:
aarch64:
libcroco-0.6.12-6.amzn2.aarch64
libcroco-devel-0.6.12-6.amzn2.aarch64
libcroco-debuginfo-0.6.12-6.amzn2.aarch64
i686:
libcroco-0.6.12-6.amzn2.i686
libcroco-devel-0.6.12-6.amzn2.i686
libcroco-debuginfo-0.6.12-6.amzn2.i686
src:
libcroco-0.6.12-6.amzn2.src
x86_64:
libcroco-0.6.12-6.amzn2.x86_64
libcroco-devel-0.6.12-6.amzn2.x86_64
libcroco-debuginfo-0.6.12-6.amzn2.x86_64