Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0036 cairo security update 6 January 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: cairo Publisher: Debian Operating System: Debian GNU/Linux Linux variants Impact/Access: Denial of Service -- Existing Account Reduced Security -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2020-35492 Original Bulletin: https://www.debian.org/lts/security/2020/dla-2518 Comment: This advisory references vulnerabilities in products which run on platforms other than Debian. It is recommended that administrators running cairo check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - - ----------------------------------------------------------------------- Debian LTS Advisory DLA-2518-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Utkarsh Gupta January 06, 2021 https://wiki.debian.org/LTS - - ----------------------------------------------------------------------- Package : cairo Version : 1.14.8-1+deb9u1 CVE ID : CVE-2020-35492 Debian Bug : 978658 LibreOffice slideshow aborts with stack smashing in cairo composite_boxes. For Debian 9 stretch, this problem has been fixed in version 1.14.8-1+deb9u1. We recommend that you upgrade your cairo packages. For the detailed security status of cairo please refer to its security tracker page at: https://security-tracker.debian.org/tracker/cairo Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAl/0v2EACgkQgj6WdgbD S5a7Lw//bS1OvPrb34D605P82jvPoI9fOmSnuDRW+KNyv64hT7auWPZmzlg8OmH+ GfMfIheaRAsDzz0rNCgK8x1jAAhW/1+d0Ixql2xreSwN37BTTPIjg5jqfmj3UqDh B1TMtYIJhAKoWU/yx+trRLFQhQQ9VZOG18HxSqRldXhbW/kXoaQ8m0NE9JaYvlzF GEXBhHlRgkO89efk358XM0l4HeOO+qGCcnLtlKdvaLnSjRPsuNnszaPTdQ89r+em cf1t9RFMRucmz5/44YbBTUJSbK2DoH06byAYlbOFMlKMoBNM7xXLRRKSZFsrpTlY SMJOcY6GP2T88MitiVrWJT8PmRDGCHVm7BLYUoBvWOGMLxMmDTjuxtnFTPTKB7ew cUq5KN+MENedcbSheXz7m27ncUWg3IFoX7vS5vIIL4ZfOK1W3wVf4braJ09Yghi4 s02mECKrhNnDlz/Y4EnYDhzrMM5SlNe6nABEPFmWNIV+4O5nSWsO/FAOeqKniBFf DuW8d7qahun2SsOfMX48avCf2pc/h25tLxg91UzWiSD4U0/WVXhP7HLnuwOUrY6V cWx7VR0npPmYZevmIAVke7RNaS62O8mCxEXFY2b6E9ti4CRZDrbmAiT9ID6gwgyf 1U6FVgHKhXfAChJIpV0boYvm7AdvDVcTH2Gc9ZehsqZF2cSuWr4=3D =3DSZPT - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBX/UHw+NLKJtyKPYoAQhz2hAAm5FgVZlKC4ttsGvbEz/5B6Cd+6yZhash HfVPa9N8EpSsMAl+Cwt2dWClAC3HcXFXE5NGaL2SJfRUstQpjWXVwWV5Zw4AbR+P MVqOVjbYLr69+z9ZGdTv7OwblOXKNrBTgFFdGQwWDCDZqzcEMyidKdPf1FPO5mnS 47NUGavTxT0HIw9sXC77GkPvnPBHXU+gC4z3v42FYzn2iWWDLHOx+agxHDAQaS3C u3JjpJsliKYqo4flCmQlalRiXa49yI8Htt8ZwTTA163oobFcI/DICOPfMsKNiVVy B5ZDcYG/Bx7WnXG+ugdG004mBbC1nVVKBPPkCYB5kNg447CLgLDspAspSJ2vmzcI +d3w9PmUOO5n3wfS08SsypJX3K1Z53Q6ltZYXHTtzIrKnxGJ5RhqfJSxTQgITc6L p4TbAUEvTgsGR1jkM8S7aV2bOjtYyiqHCwQmgwdL+vExJaKnchAip5aXy9V+UNOY MvgC9UDEWRutwyvXr4mlq9KFHPsA1Bu1jdIAXcFZtkhETiV1/u7QokfAamvFk2d/ jJJW+uAItERWfnu1N+39+ioWvzivTxZ4781vm4/9BVIP33ey1jRdxuPaxf398beq RXE0Tdfqd68pRfVyAn4blsEii5WRnd2WYTTN6pz4XTIIW+ipRDHNJ4Y+hI9VmmkK jWmz26xr8bk= =U+9g -----END PGP SIGNATURE-----