ALAS-2014-272

Amazon Linux 1 Security Advisory: ALAS-2014-272
Advisory Release Date: 2014-01-14 15:56 Pacific
Advisory Updated Date: 2014-09-16 22:16 Pacific

Severity: Important

References: CVE-2013-6425 RHSA-2013-1869
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

An integer overflow, which led to a heap-based buffer overflow, was found in the way pixman handled trapezoids. If a remote attacker could trick an application using pixman into rendering a trapezoid shape with specially crafted coordinates, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2013-6425)

Affected Packages:

pixman

Issue Correction:
Run yum update pixman to update your system.

New Packages:

i686:
    pixman-0.26.2-5.10.amzn1.i686
    pixman-debuginfo-0.26.2-5.10.amzn1.i686
    pixman-devel-0.26.2-5.10.amzn1.i686

src:
    pixman-0.26.2-5.10.amzn1.src

x86_64:
    pixman-debuginfo-0.26.2-5.10.amzn1.x86_64
    pixman-0.26.2-5.10.amzn1.x86_64
    pixman-devel-0.26.2-5.10.amzn1.x86_64

Additional References

Red Hat: CVE-2013-6425

Mitre: CVE-2013-6425