Security update for libcroco
This update for libcroco fixes the following issues:
Security issues fixed:
- CVE-2017-7960: Fixed heap overflow (input: check end of input before reading a byte) (bsc#1034481).
- CVE-2017-7961: Fixed undefined behavior (tknzr: support only max long rgb values) (bsc#1034482).
- CVE-2017-8834: Fixed denial of service (memory allocation error) via a crafted CSS file (bsc#1043898).
- CVE-2017-8871: Fixed denial of service (infinite loop and CPU consumption) via a crafted CSS file (bsc#1043899).
This update was imported from the SUSE:SLE-12-SP2:Update update project.
-
Submitted by
Michael Gorse (mgorse)
Fixed bugs
bnc#1043898
VUL-1: CVE-2017-8834: libcroco: Denial of service (memory allocation error) via a crafted CSS file.
bnc#1043899
VUL-1: CVE-2017-8871: libcroco: Denial of service (infinite loop and CPU consumption) via a crafted CSS file
bnc#1034481
VUL-1: CVE-2017-7960: libcroco: heap overflow (input: check end of input before reading a byte)
bnc#1034482
VUL-1: CVE-2017-7961: libcroco: undefined behavior (tknzr: support only max long rgb values)
