Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.0036
cairo security update
6 January 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: cairo
Publisher: Debian
Operating System: Debian GNU/Linux
Linux variants
Impact/Access: Denial of Service -- Existing Account
Reduced Security -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2020-35492
Original Bulletin:
https://www.debian.org/lts/security/2020/dla-2518
Comment: This advisory references vulnerabilities in products which run on
platforms other than Debian. It is recommended that administrators
running cairo check for an updated version of the software for their
operating system.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- - -----------------------------------------------------------------------
Debian LTS Advisory DLA-2518-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Utkarsh Gupta
January 06, 2021 https://wiki.debian.org/LTS
- - -----------------------------------------------------------------------
Package : cairo
Version : 1.14.8-1+deb9u1
CVE ID : CVE-2020-35492
Debian Bug : 978658
LibreOffice slideshow aborts with stack smashing in cairo
composite_boxes.
For Debian 9 stretch, this problem has been fixed in version
1.14.8-1+deb9u1.
We recommend that you upgrade your cairo packages.
For the detailed security status of cairo please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/cairo
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAl/0v2EACgkQgj6WdgbD
S5a7Lw//bS1OvPrb34D605P82jvPoI9fOmSnuDRW+KNyv64hT7auWPZmzlg8OmH+
GfMfIheaRAsDzz0rNCgK8x1jAAhW/1+d0Ixql2xreSwN37BTTPIjg5jqfmj3UqDh
B1TMtYIJhAKoWU/yx+trRLFQhQQ9VZOG18HxSqRldXhbW/kXoaQ8m0NE9JaYvlzF
GEXBhHlRgkO89efk358XM0l4HeOO+qGCcnLtlKdvaLnSjRPsuNnszaPTdQ89r+em
cf1t9RFMRucmz5/44YbBTUJSbK2DoH06byAYlbOFMlKMoBNM7xXLRRKSZFsrpTlY
SMJOcY6GP2T88MitiVrWJT8PmRDGCHVm7BLYUoBvWOGMLxMmDTjuxtnFTPTKB7ew
cUq5KN+MENedcbSheXz7m27ncUWg3IFoX7vS5vIIL4ZfOK1W3wVf4braJ09Yghi4
s02mECKrhNnDlz/Y4EnYDhzrMM5SlNe6nABEPFmWNIV+4O5nSWsO/FAOeqKniBFf
DuW8d7qahun2SsOfMX48avCf2pc/h25tLxg91UzWiSD4U0/WVXhP7HLnuwOUrY6V
cWx7VR0npPmYZevmIAVke7RNaS62O8mCxEXFY2b6E9ti4CRZDrbmAiT9ID6gwgyf
1U6FVgHKhXfAChJIpV0boYvm7AdvDVcTH2Gc9ZehsqZF2cSuWr4=3D
=3DSZPT
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBX/UHw+NLKJtyKPYoAQhz2hAAm5FgVZlKC4ttsGvbEz/5B6Cd+6yZhash
HfVPa9N8EpSsMAl+Cwt2dWClAC3HcXFXE5NGaL2SJfRUstQpjWXVwWV5Zw4AbR+P
MVqOVjbYLr69+z9ZGdTv7OwblOXKNrBTgFFdGQwWDCDZqzcEMyidKdPf1FPO5mnS
47NUGavTxT0HIw9sXC77GkPvnPBHXU+gC4z3v42FYzn2iWWDLHOx+agxHDAQaS3C
u3JjpJsliKYqo4flCmQlalRiXa49yI8Htt8ZwTTA163oobFcI/DICOPfMsKNiVVy
B5ZDcYG/Bx7WnXG+ugdG004mBbC1nVVKBPPkCYB5kNg447CLgLDspAspSJ2vmzcI
+d3w9PmUOO5n3wfS08SsypJX3K1Z53Q6ltZYXHTtzIrKnxGJ5RhqfJSxTQgITc6L
p4TbAUEvTgsGR1jkM8S7aV2bOjtYyiqHCwQmgwdL+vExJaKnchAip5aXy9V+UNOY
MvgC9UDEWRutwyvXr4mlq9KFHPsA1Bu1jdIAXcFZtkhETiV1/u7QokfAamvFk2d/
jJJW+uAItERWfnu1N+39+ioWvzivTxZ4781vm4/9BVIP33ey1jRdxuPaxf398beq
RXE0Tdfqd68pRfVyAn4blsEii5WRnd2WYTTN6pz4XTIIW+ipRDHNJ4Y+hI9VmmkK
jWmz26xr8bk=
=U+9g
-----END PGP SIGNATURE-----