Huawei EulerOS: Security Advisory for cairo (EulerOS-SA-2021-2095)

The remote host is missing an update for the Huawei EulerOS 'cairo' package(s) announced via the EulerOS-SA-2021-2095 advisory.

An issue was discovered in cairo 1.16.0. There is an infinite loop in the function _arc_error_normalized in the file cairo-arc.c, related to _arc_max_angle_for_tolerance_normalized.(CVE-2019-6462) An issue was discovered in cairo 1.16.0. There is an assertion problem in the function _cairo_arc_in_direction in the file cairo-arc.c.(CVE-2019-6461) Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash.(CVE-2017-7475) A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input) to cause a stack buffer overflow - out-of-bounds WRITE. The highest impact from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2020-35492)

'cairo' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.2.0.

Checks if a vulnerable package version is present on the target host.

Please install the updated package(s).