You are here
Home > Preporuke > Sigurnosni nedostatak programske biblioteke libcroco

Sigurnosni nedostatak programske biblioteke libcroco

by Marina Dimic Vugec - 0

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: libcroco security update
Advisory ID: RHSA-2020:3654-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:3654
Issue date: 2020-09-08
CVE Names: CVE-2020-12825
=====================================================================

1. Summary:

An update for libcroco is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 8) – aarch64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux BaseOS (v. 8) – aarch64, ppc64le, s390x, x86_64

3. Description:

The libcroco is a standalone Cascading Style Sheet level 2 (CSS2) parsing
and manipulation library.

Security Fix(es):

* libcroco: Stack overflow in function cr_parser_parse_any_core in
cr-parser.c (CVE-2020-12825)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1835377 – CVE-2020-12825 libcroco: Stack overflow in function cr_parser_parse_any_core in cr-parser.c

6. Package List:

Red Hat Enterprise Linux BaseOS (v. 8):

Source:
libcroco-0.6.12-4.el8_2.1.src.rpm

aarch64:
libcroco-0.6.12-4.el8_2.1.aarch64.rpm
libcroco-debuginfo-0.6.12-4.el8_2.1.aarch64.rpm
libcroco-debugsource-0.6.12-4.el8_2.1.aarch64.rpm

ppc64le:
libcroco-0.6.12-4.el8_2.1.ppc64le.rpm
libcroco-debuginfo-0.6.12-4.el8_2.1.ppc64le.rpm
libcroco-debugsource-0.6.12-4.el8_2.1.ppc64le.rpm

s390x:
libcroco-0.6.12-4.el8_2.1.s390x.rpm
libcroco-debuginfo-0.6.12-4.el8_2.1.s390x.rpm
libcroco-debugsource-0.6.12-4.el8_2.1.s390x.rpm

x86_64:
libcroco-0.6.12-4.el8_2.1.i686.rpm
libcroco-0.6.12-4.el8_2.1.x86_64.rpm
libcroco-debuginfo-0.6.12-4.el8_2.1.i686.rpm
libcroco-debuginfo-0.6.12-4.el8_2.1.x86_64.rpm
libcroco-debugsource-0.6.12-4.el8_2.1.i686.rpm
libcroco-debugsource-0.6.12-4.el8_2.1.x86_64.rpm

Red Hat CodeReady Linux Builder (v. 8):

aarch64:
libcroco-debuginfo-0.6.12-4.el8_2.1.aarch64.rpm
libcroco-debugsource-0.6.12-4.el8_2.1.aarch64.rpm
libcroco-devel-0.6.12-4.el8_2.1.aarch64.rpm

ppc64le:
libcroco-debuginfo-0.6.12-4.el8_2.1.ppc64le.rpm
libcroco-debugsource-0.6.12-4.el8_2.1.ppc64le.rpm
libcroco-devel-0.6.12-4.el8_2.1.ppc64le.rpm

s390x:
libcroco-debuginfo-0.6.12-4.el8_2.1.s390x.rpm
libcroco-debugsource-0.6.12-4.el8_2.1.s390x.rpm
libcroco-devel-0.6.12-4.el8_2.1.s390x.rpm

x86_64:
libcroco-debuginfo-0.6.12-4.el8_2.1.i686.rpm
libcroco-debuginfo-0.6.12-4.el8_2.1.x86_64.rpm
libcroco-debugsource-0.6.12-4.el8_2.1.i686.rpm
libcroco-debugsource-0.6.12-4.el8_2.1.x86_64.rpm
libcroco-devel-0.6.12-4.el8_2.1.i686.rpm
libcroco-devel-0.6.12-4.el8_2.1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-12825
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIVAwUBX1dUKtzjgjWX9erEAQh2KQ/9Etk1HNEDTv8fw06DVKfenuPKAPnTEpV6
+55ni+PN6WC9EzfcGuH4sik6MaTmN+8FZmmtM2R/8CQeiQYfHn6cfDuQmQpdAI+g
2KAqB9ks225Y1HI5fx/P7P0JK4ue8UG/8Wuivz0virFrutMd4Mw55OlRxE42EZq2
3c+bIs/OPVyr1mk57mhrHQWx988UXxyLaLhHVw9MrQRFyivsEGST2QGynjHM80EX
B6uhpiJio82BevDEPbygNyFwbCXD1rRbg/Na+W4kWV8sAWI5YBA5qfBaxb7A6jGX
8jjubWqiZaRxbOnoY6VwC1+zFBj9F53T5fdvTv1oU8EjMCBkXfYB5uDScZ7vBq5u
plV7XOiyjEVqcId7qrb6dFsuDo9nViXJ0grN5n3RcFXal1Y64hBbVvA8cRfECwdo
2UD9MvrCbOEEGX0nrhx6xG8O8wbSGkKT+JZZHAYDuKM1OTi42LxBj5vw/iNvaWEh
5C6XMqI3d8Kaujv1M6+UUnJaYvdV6fKgFkTU1IwiKaCS2DZu8BKOYjL+W/kTx1SZ
uhnNS/L1C6B4nb86cjK9lyzGEKL4Vn0mofiUgzqouChdkaWYqxz4ySYY7K95uqq7
FNvjd8j6YYW3b8/u47bZigOS+x0ZJb1NG6618bgBIGUqjeE6DzyrBIk/iQzQ9pZS
ROyv0V5Gdho=
=Y9FJ
—–END PGP SIGNATURE—–


RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

Marina Dimic Vugec
Top
More in Preporuke
Sigurnosni nedostatak programske biblioteke librepo

Otkriven je sigurnosni nedostatak programske biblioteke librepo za operacijski sustav RHEL. Otkriveni nedostatak potencijalnim napadačima omogućuje izvođenje 'directory traversal' napada....

Close