ALAS-2014-272


Amazon Linux AMI Security Advisory: ALAS-2014-272
Advisory Release Date: 2014-09-16 22:16 Pacific
Severity: Important

Issue Overview:

An integer overflow, which led to a heap-based buffer overflow, was found in the way pixman handled trapezoids. If a remote attacker could trick an application using pixman into rendering a trapezoid shape with specially crafted coordinates, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2013-6425 )


Affected Packages:

pixman


Issue Correction:
Run yum update pixman to update your system.

New Packages:
i686:
    pixman-0.26.2-5.10.amzn1.i686
    pixman-debuginfo-0.26.2-5.10.amzn1.i686
    pixman-devel-0.26.2-5.10.amzn1.i686

src:
    pixman-0.26.2-5.10.amzn1.src

x86_64:
    pixman-debuginfo-0.26.2-5.10.amzn1.x86_64
    pixman-0.26.2-5.10.amzn1.x86_64
    pixman-devel-0.26.2-5.10.amzn1.x86_64