Amazon Linux 1 Security Advisory: ALAS-2020-1392
Advisory Release Date: 2020-07-14 01:48 Pacific
Advisory Updated Date: 2020-07-15 17:35 Pacific
The fill_xrgb32_lerp_opaque_spans function in cairo-image-compositor.c in cairo before 1.14.2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a negative span length. (CVE-2016-3190)
Affected Packages:
cairo
Issue Correction:
Run yum update cairo to update your system.
i686:
cairo-gobject-1.12.14-6.9.amzn1.i686
cairo-1.12.14-6.9.amzn1.i686
cairo-gobject-devel-1.12.14-6.9.amzn1.i686
cairo-tools-1.12.14-6.9.amzn1.i686
cairo-devel-1.12.14-6.9.amzn1.i686
cairo-debuginfo-1.12.14-6.9.amzn1.i686
src:
cairo-1.12.14-6.9.amzn1.src
x86_64:
cairo-gobject-1.12.14-6.9.amzn1.x86_64
cairo-debuginfo-1.12.14-6.9.amzn1.x86_64
cairo-1.12.14-6.9.amzn1.x86_64
cairo-devel-1.12.14-6.9.amzn1.x86_64
cairo-tools-1.12.14-6.9.amzn1.x86_64
cairo-gobject-devel-1.12.14-6.9.amzn1.x86_64