Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 8 articles for you...
172
security advisorydenial of serviceUbuntuUbuntu 20.04, 18.04, 14.04: USN-6958-1 Moderate: Libcroco DoS Issues
Several security issues were fixed in Libcroco.. ========================================================================== Ubuntu Security Notice USN-6958-1 August 13, 2024 libcroco vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in Libcroco. Software Description: - libcroco: Cascading Style Sheet (CSS) parsing and manipulation toolkit Details: It was discovered that Libcroco was incorrectly accessing data structures when reading bytes from memory, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2017-7960) It was discovered that Libcroco was incorrectly handling invalid UTF-8 values when processing CSS files. An attacker could possibly use this issue to cause a denial of service. (CVE-2017-8834, CVE-2017-8871) It was discovered that Libcroco was incorrectly implementing recursion in one of its parsing functions, which could cause an infinite recursion loop and a stack overflow due to stack consumption. An attacker could possibly use this issue to cause a denial of service. (CVE-2020-12825) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS libcroco-tools 0.6.13-1ubuntu0.1 libcroco3 0.6.13-1ubuntu0.1 Ubuntu 18.04 LTS libcroco-tools 0.6.12-2ubuntu0.1~esm1 Available with Ubuntu Pro libcroco3 0.6.12-2ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 14.04 LTS libcroco-tools 0.6.8-2ubuntu1+esm1 Available with Ubuntu Pro libcroco3 0.6.8-2ubuntu1+esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6958-1 CVE-2017-7960, CVE-2017-8834, CVE-2017-8871, CVE-2020-12825 Package Information: https://launchpad.net/ubuntu/+source/libcroco/0.6.13-1ubuntu0.1 . Multiple vulnerabilities within Libcroco have been addressed for Ubuntu versions 20.04, 18.04, and 14.04. Detailed update directives are provided.. Libcroco Update, Ubuntu Security, Buffer Overflow, CSS Toolkit. . LinuxSecurity.com Team
Aug 13, 2024
Ubuntu
100
security advisorycriticalSUSE Linux Enterprise ServerSUSE: 2023:0552-2 Important Update: Memory Fix for Libjpeg Issues
An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for libcroco ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3493-1 Rating: important References: #1171685 Cross-References: CVE-2020-12825 CVSS scores: CVE-2020-12825 (NVD) : 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H CVE-2020-12825 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libcroco fixes the following issues: - CVE-2020-12825: Fixed recursion issue in block and any productions (bsc#1171685). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3493=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3493=1 - SUSE Linux EnterpriseServer 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3493=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3493=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3493=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3493=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3493=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3493=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3493=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-3493=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libcroco-0.6.12-150000.4.6.2 libcroco-0_6-3-0.6.12-150000.4.6.2 libcroco-0_6-3-debuginfo-0.6.12-150000.4.6.2 libcroco-debuginfo-0.6.12-150000.4.6.2 libcroco-debugsource-0.6.12-150000.4.6.2 libcroco-devel-0.6.12-150000.4.6.2 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libcroco-0_6-3-32bit-0.6.12-150000.4.6.2 libcroco-0_6-3-32bit-debuginfo-0.6.12-150000.4.6.2 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libcroco-0.6.12-150000.4.6.2 libcroco-0_6-3-0.6.12-150000.4.6.2 libcroco-0_6-3-debuginfo-0.6.12-150000.4.6.2 libcroco-debuginfo-0.6.12-150000.4.6.2 libcroco-debugsource-0.6.12-150000.4.6.2 libcroco-devel-0.6.12-150000.4.6.2 - SUSE Linux Enterprise Serverfor SAP 15 (x86_64): libcroco-0_6-3-32bit-0.6.12-150000.4.6.2 libcroco-0_6-3-32bit-debuginfo-0.6.12-150000.4.6.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libcroco-0.6.12-150000.4.6.2 libcroco-0_6-3-0.6.12-150000.4.6.2 libcroco-0_6-3-debuginfo-0.6.12-150000.4.6.2 libcroco-debuginfo-0.6.12-150000.4.6.2 libcroco-debugsource-0.6.12-150000.4.6.2 libcroco-devel-0.6.12-150000.4.6.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libcroco-0_6-3-32bit-0.6.12-150000.4.6.2 libcroco-0_6-3-32bit-debuginfo-0.6.12-150000.4.6.2 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libcroco-0.6.12-150000.4.6.2 libcroco-0_6-3-0.6.12-150000.4.6.2 libcroco-0_6-3-32bit-0.6.12-150000.4.6.2 libcroco-0_6-3-32bit-debuginfo-0.6.12-150000.4.6.2 libcroco-0_6-3-debuginfo-0.6.12-150000.4.6.2 libcroco-debuginfo-0.6.12-150000.4.6.2 libcroco-debugsource-0.6.12-150000.4.6.2 libcroco-devel-0.6.12-150000.4.6.2 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libcroco-0.6.12-150000.4.6.2 libcroco-0_6-3-0.6.12-150000.4.6.2 libcroco-0_6-3-debuginfo-0.6.12-150000.4.6.2 libcroco-debuginfo-0.6.12-150000.4.6.2 libcroco-debugsource-0.6.12-150000.4.6.2 libcroco-devel-0.6.12-150000.4.6.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libcroco-0.6.12-150000.4.6.2 libcroco-0_6-3-0.6.12-150000.4.6.2 libcroco-0_6-3-debuginfo-0.6.12-150000.4.6.2 libcroco-debuginfo-0.6.12-150000.4.6.2 libcroco-debugsource-0.6.12-150000.4.6.2 libcroco-devel-0.6.12-150000.4.6.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libcroco-0_6-3-32bit-0.6.12-150000.4.6.2 libcroco-0_6-3-32bit-debuginfo-0.6.12-150000.4.6.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libcroco-0.6.12-150000.4.6.2 libcroco-0_6-3-0.6.12-150000.4.6.2 libcroco-0_6-3-debuginfo-0.6.12-150000.4.6.2 libcroco-debuginfo-0.6.12-150000.4.6.2 libcroco-debugsource-0.6.12-150000.4.6.2 libcroco-devel-0.6.12-150000.4.6.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): libcroco-0_6-3-32bit-0.6.12-150000.4.6.2 libcroco-0_6-3-32bit-debuginfo-0.6.12-150000.4.6.2 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libcroco-0.6.12-150000.4.6.2 libcroco-0_6-3-0.6.12-150000.4.6.2 libcroco-0_6-3-debuginfo-0.6.12-150000.4.6.2 libcroco-debuginfo-0.6.12-150000.4.6.2 libcroco-debugsource-0.6.12-150000.4.6.2 libcroco-devel-0.6.12-150000.4.6.2 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libcroco-0_6-3-32bit-0.6.12-150000.4.6.2 libcroco-0_6-3-32bit-debuginfo-0.6.12-150000.4.6.2 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libcroco-0.6.12-150000.4.6.2 libcroco-0_6-3-0.6.12-150000.4.6.2 libcroco-0_6-3-debuginfo-0.6.12-150000.4.6.2 libcroco-debuginfo-0.6.12-150000.4.6.2 libcroco-debugsource-0.6.12-150000.4.6.2 libcroco-devel-0.6.12-150000.4.6.2 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libcroco-0_6-3-32bit-0.6.12-150000.4.6.2 libcroco-0_6-3-32bit-debuginfo-0.6.12-150000.4.6.2 - SUSE Enterprise Storage 6 (aarch64 x86_64): libcroco-0.6.12-150000.4.6.2 libcroco-0_6-3-0.6.12-150000.4.6.2 libcroco-0_6-3-debuginfo-0.6.12-150000.4.6.2 libcroco-debuginfo-0.6.12-150000.4.6.2 libcroco-debugsource-0.6.12-150000.4.6.2 libcroco-devel-0.6.12-150000.4.6.2 - SUSE Enterprise Storage 6 (x86_64): libcroco-0_6-3-32bit-0.6.12-150000.4.6.2 libcroco-0_6-3-32bit-debuginfo-0.6.12-150000.4.6.2 - SUSE CaaS Platform 4.0 (x86_64): libcroco-0.6.12-150000.4.6.2 libcroco-0_6-3-0.6.12-150000.4.6.2 libcroco-0_6-3-32bit-0.6.12-150000.4.6.2 libcroco-0_6-3-32bit-debuginfo-0.6.12-150000.4.6.2 libcroco-0_6-3-debuginfo-0.6.12-150000.4.6.2 libcroco-debuginfo-0.6.12-150000.4.6.2 libcroco-debugsource-0.6.12-150000.4.6.2 libcroco-devel-0.6.12-150000.4.6.2 References: https://www.suse.com/security/cve/CVE-2020-12825.html https://bugzilla.suse.com/1171685 . A significant patch has been released for SUSE addressing a looping problem in libcroco that impacts various systems.. SUSE Security Update, Libcroco Fix, CaaS Platform, Enterprise Storage, Patch Recommendation. . Severity: Important. LinuxSecurity.com Team
Oct 04, 2022
•Important
SuSE
100
security advisorypatchimportantSUSE: 2022:2909-1 Critical Update: Libcroco Recursion Issue Resolved
An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for libcroco ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2909-1 Rating: important References: #1171685 Cross-References: CVE-2020-12825 CVSS scores: CVE-2020-12825 (NVD) : 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H CVE-2020-12825 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libcroco fixes the following issues: - CVE-2020-12825: Fixed an uncontrolled recursion issue (bsc#1171685). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-2909=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-2909=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-2909=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-2909=1 - SUSE LinuxEnterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2909=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-2909=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-2909=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-2909=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libcroco-0_6-3-0.6.11-12.6.45 libcroco-0_6-3-32bit-0.6.11-12.6.45 libcroco-0_6-3-debuginfo-0.6.11-12.6.45 libcroco-0_6-3-debuginfo-32bit-0.6.11-12.6.45 libcroco-debuginfo-0.6.11-12.6.45 libcroco-debugsource-0.6.11-12.6.45 - SUSE OpenStack Cloud 9 (x86_64): libcroco-0_6-3-0.6.11-12.6.45 libcroco-0_6-3-32bit-0.6.11-12.6.45 libcroco-0_6-3-debuginfo-0.6.11-12.6.45 libcroco-0_6-3-debuginfo-32bit-0.6.11-12.6.45 libcroco-debuginfo-0.6.11-12.6.45 libcroco-debugsource-0.6.11-12.6.45 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libcroco-0.6.11-12.6.45 libcroco-debuginfo-0.6.11-12.6.45 libcroco-debugsource-0.6.11-12.6.45 libcroco-devel-0.6.11-12.6.45 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libcroco-0_6-3-0.6.11-12.6.45 libcroco-0_6-3-debuginfo-0.6.11-12.6.45 libcroco-debuginfo-0.6.11-12.6.45 libcroco-debugsource-0.6.11-12.6.45 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libcroco-0_6-3-32bit-0.6.11-12.6.45 libcroco-0_6-3-debuginfo-32bit-0.6.11-12.6.45 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libcroco-0_6-3-0.6.11-12.6.45 libcroco-0_6-3-debuginfo-0.6.11-12.6.45 libcroco-debuginfo-0.6.11-12.6.45 libcroco-debugsource-0.6.11-12.6.45 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libcroco-0_6-3-32bit-0.6.11-12.6.45 libcroco-0_6-3-debuginfo-32bit-0.6.11-12.6.45 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libcroco-0_6-3-0.6.11-12.6.45 libcroco-0_6-3-debuginfo-0.6.11-12.6.45 libcroco-debuginfo-0.6.11-12.6.45 libcroco-debugsource-0.6.11-12.6.45 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libcroco-0_6-3-32bit-0.6.11-12.6.45 libcroco-0_6-3-debuginfo-32bit-0.6.11-12.6.45 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libcroco-0_6-3-0.6.11-12.6.45 libcroco-0_6-3-32bit-0.6.11-12.6.45 libcroco-0_6-3-debuginfo-0.6.11-12.6.45 libcroco-0_6-3-debuginfo-32bit-0.6.11-12.6.45 libcroco-debuginfo-0.6.11-12.6.45 libcroco-debugsource-0.6.11-12.6.45 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libcroco-0_6-3-0.6.11-12.6.45 libcroco-0_6-3-32bit-0.6.11-12.6.45 libcroco-0_6-3-debuginfo-0.6.11-12.6.45 libcroco-0_6-3-debuginfo-32bit-0.6.11-12.6.45 libcroco-debuginfo-0.6.11-12.6.45 libcroco-debugsource-0.6.11-12.6.45 References: https://www.suse.com/security/cve/CVE-2020-12825.html https://bugzilla.suse.com/1171685 . A critical update from SUSE addresses a notable stack overflow vulnerability in libcroco across different operating systems.. SUSE Linux, Libcroco, Security Patch, Update Instructions. . Severity: Important. LinuxSecurity.com Team
Aug 26, 2022
•Important
SuSE
91
security advisorydenial of servicegentooGentoo: GLSA-202208-33 Normal: Gnome Shell Denial Of Service
A vulnerability has been found in libcroco which could result in denial of service.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-33 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Gnome Shell, gettext, libcroco: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #722752, #755848, #769998 ID: 202208-33 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A vulnerability has been found in libcroco which could result in denial of service. Background ========= GNOME Shell provides core user interface functions for the GNOME desktop, like switching to windows and launching applications. gettext contains the GNU locale utilities. libcroco is a standalone CSS2 parsing and manipulation library. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/libcroco < 0.6.13 > = 0.6.13 2 gnome-base/gnome-shell < 3.36.7 > = 3.36.7 3 sys-devel/gettext < 0.21 > = 0.21 Description ========== The cr_parser_parse_any_core function in libcroco's cr-parser.c does not limit recursion, leading to a denial of service via a stack overflow when trying to parse crafted CSS. Gnome Shell and gettext bundle libcroco in their own sources and thus are potentially vulnerable as well. Impact ===== An attacker with control over the input to the library can cause a denial of service. Workaround ========= There is no known workaround at this time. Resolution ========= All gettext users should upgrade tothe latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =sys-devel/gettext-0.21" All Gnome Shell users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =gnome-base/gnome-shell-3.36.7" All libcroco users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =dev-libs/libcroco-0.6.13" References ========= [ 1 ] CVE-2020-12825 https://nvd.nist.gov/vuln/detail/CVE-2020-12825 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202208-33 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Aug 20, 2022
Gentoo
202
security advisorymoderateopenSUSEopenSUSE Leap 15.2: 2021:1294-1 Moderate: Libcroco Recursion Fix
An update that fixes one vulnerability is now available. . openSUSE Security Update: Security update for libcroco ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:1294-1 Rating: moderate References: #1171685 Cross-References: CVE-2020-12825 CVSS scores: CVE-2020-12825 (NVD) : 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H CVE-2020-12825 (SUSE): 2.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libcroco fixes the following issues: - CVE-2020-12825: Fixed recursion issue in block and any productions (bsc#1171685). This update was imported from the SUSE:SLE-15-SP2:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2021-1294=1 Package List: - openSUSE Leap 15.2 (i586 x86_64): libcroco-0.6.13-lp152.2.3.1 libcroco-0_6-3-0.6.13-lp152.2.3.1 libcroco-0_6-3-debuginfo-0.6.13-lp152.2.3.1 libcroco-debuginfo-0.6.13-lp152.2.3.1 libcroco-debugsource-0.6.13-lp152.2.3.1 libcroco-devel-0.6.13-lp152.2.3.1 - openSUSE Leap 15.2 (x86_64): libcroco-0_6-3-32bit-0.6.13-lp152.2.3.1 libcroco-0_6-3-32bit-debuginfo-0.6.13-lp152.2.3.1 References: https://www.suse.com/security/cve/CVE-2020-12825.html https://bugzilla.suse.com/1171685 . A recent update for libcroco tackles a significant vulnerability within openSUSE, fortifying the system's security via effective patch management.. libcroco security update, openSUSE leap security, moderaterisk patch. . LinuxSecurity.com Team
Sep 21, 2021
OpenSUSE
100
security advisoryupdatemoderate severitySUSE: 2021:14801-2 Low: Libxml2 XML Parsing Vulnerability Patch
An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for libcroco ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:14800-1 Rating: moderate References: #1171685 Cross-References: CVE-2020-12825 CVSS scores: CVE-2020-12825 (NVD) : 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H CVE-2020-12825 (SUSE): 2.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libcroco fixes the following issues: - CVE-2020-12825: Fixed recursion issue in block and any productions (bsc#1171685). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-libcroco-14800=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-libcroco-14800=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libcroco-14800=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-libcroco-14800=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): libcroco-0_6-3-0.6.1-122.9.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64 s390x x86_64): libcroco-0_6-3-32bit-0.6.1-122.9.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libcroco-0_6-3-0.6.1-122.9.1 -SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): libcroco-debuginfo-0.6.1-122.9.1 libcroco-debugsource-0.6.1-122.9.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): libcroco-debuginfo-0.6.1-122.9.1 libcroco-debugsource-0.6.1-122.9.1 References: https://www.suse.com/security/cve/CVE-2020-12825.html https://bugzilla.suse.com/1171685 . SUSE issued a security patch for libcroco to resolve a moderate severity vulnerability impacting several of its offerings.. Libcroco Security Update,SUSE Linux Updates,Moderate Security Fix. . LinuxSecurity.com Team
Sep 16, 2021
SuSE
202
security advisorymoderateupdateopenSUSE: 2021:3123-1 Moderate Update for libcroco Recursion Issue
An update that fixes one vulnerability is now available. . openSUSE Security Update: Security update for libcroco ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:3123-1 Rating: moderate References: #1171685 Cross-References: CVE-2020-12825 CVSS scores: CVE-2020-12825 (NVD) : 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H CVE-2020-12825 (SUSE): 2.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L Affected Products: openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libcroco fixes the following issues: - CVE-2020-12825: Fixed recursion issue in block and any productions (bsc#1171685). Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2021-3123=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libcroco-0.6.13-3.3.1 libcroco-0_6-3-0.6.13-3.3.1 libcroco-0_6-3-debuginfo-0.6.13-3.3.1 libcroco-debuginfo-0.6.13-3.3.1 libcroco-debugsource-0.6.13-3.3.1 libcroco-devel-0.6.13-3.3.1 - openSUSE Leap 15.3 (x86_64): libcroco-0_6-3-32bit-0.6.13-3.3.1 libcroco-0_6-3-32bit-debuginfo-0.6.13-3.3.1 References: https://www.suse.com/security/cve/CVE-2020-12825.html https://bugzilla.suse.com/1171685 . openSUSE Security Patch for libcroco tackles a notable recursion vulnerability, enhancing both system reliability and security.. openSUSE Security Update, libcroco patch, recursion fix, update installation. . LinuxSecurity.com Team
Sep 16, 2021
OpenSUSE
203
security advisorymoderatesecurity issueMageia 7: 2021-0333 Moderate: libcroco Stack Consumption Issue
libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any_core in cr-parser.c, leading to stack consumption (CVE-2020-12825). References: - https://bugs.mageia.org/show_bug.cgi?id=27108 . MGASA-2021-0333 - Updated libcroco and gettext packages fix security vulnerability Publication date: 10 Jul 2021 URL: https://advisories.mageia.org/MGASA-2021-0333.html Type: security Affected Mageia releases: 7 CVE: CVE-2020-12825 libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any_core in cr-parser.c, leading to stack consumption (CVE-2020-12825). References: - https://bugs.mageia.org/show_bug.cgi?id=27108 - https://access.redhat.com/errata/RHSA-2020:4072 - https://gitlab.gnome.org/Archive/libcroco/-/issues/8 - https://www.cve.org/CVERecord?id=CVE-2020-12825 SRPMS: - 7/core/libcroco-0.6.13-1.2.mga7 - 7/core/gettext-0.19.8.1-4.1.mga7 . The latest versions of libcroco and gettext have resolved a significant stack overflow vulnerability on Mageia. Update today!. libcroco Security, Stack Consumption Issue, Mageia Security Update, gettext Fix. . LinuxSecurity.com Team
Jul 10, 2021
Mageia
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!