ALAS-2020-1392


Amazon Linux AMI Security Advisory: ALAS-2020-1392
Advisory Release Date: 2020-07-14 01:48 Pacific
Advisory Updated Date: 2020-07-15 17:35 Pacific
Severity: Medium
References: CVE-2016-3190 

Issue Overview:

The fill_xrgb32_lerp_opaque_spans function in cairo-image-compositor.c in cairo before 1.14.2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a negative span length. (CVE-2016-3190 )


Affected Packages:

cairo


Issue Correction:
Run yum update cairo to update your system.

New Packages:
i686:
    cairo-gobject-1.12.14-6.9.amzn1.i686
    cairo-1.12.14-6.9.amzn1.i686
    cairo-gobject-devel-1.12.14-6.9.amzn1.i686
    cairo-tools-1.12.14-6.9.amzn1.i686
    cairo-devel-1.12.14-6.9.amzn1.i686
    cairo-debuginfo-1.12.14-6.9.amzn1.i686

src:
    cairo-1.12.14-6.9.amzn1.src

x86_64:
    cairo-gobject-1.12.14-6.9.amzn1.x86_64
    cairo-debuginfo-1.12.14-6.9.amzn1.x86_64
    cairo-1.12.14-6.9.amzn1.x86_64
    cairo-devel-1.12.14-6.9.amzn1.x86_64
    cairo-tools-1.12.14-6.9.amzn1.x86_64
    cairo-gobject-devel-1.12.14-6.9.amzn1.x86_64