libcroco-0.6.12-4.el8.1

エラータID: AXSA:2020-499:01

Release date: 
Wednesday, September 23, 2020 - 08:44
Subject: 
libcroco-0.6.12-4.el8.1
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

The libcroco is a standalone Cascading Style Sheet level 2 (CSS2) parsing and manipulation library.

Security Fix(es):

* libcroco: Stack overflow in function cr_parser_parse_any_core in cr-parser.c (CVE-2020-12825)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2020-12825
libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any_core in cr-parser.c, leading to stack consumption.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. libcroco-0.6.12-4.el8.1.src.rpm
    MD5: a57012dcafc96ba789577b2175089e7b
    SHA-256: a90919d55ecfbd6f14f7ca8e33717822e3c54223e54e9b93fe40858d4b57db25
    Size: 487.29 kB

Asianux Server 8 for x86_64
  1. libcroco-0.6.12-4.el8.1.x86_64.rpm
    MD5: 46b7017ac1224b59bdb31981f9d672d2
    SHA-256: f034818a30492b2556f67c5472f94c383dc541dcab82467dfa4cf998eec27b62
    Size: 111.95 kB
  2. libcroco-0.6.12-4.el8.1.i686.rpm
    MD5: 355b1c253b80797f0625a8d4f5a42da9
    SHA-256: 7aa7b7ef6402438a70c580e4c02aa85f24cd7a26cb300dca48dd5a57980a50f2
    Size: 119.73 kB