Ubuntu alert USN-8140-1 (cairo)
| From: | noreply+usn-bot@canonical.com | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-8140-1] Cairo vulnerabilities | |
| Date: | Thu, 02 Apr 2026 19:07:14 +0000 | |
| Message-ID: | <E1w8NNq-0008BJ-Vm@lists.ubuntu.com> |
========================================================================== Ubuntu Security Notice USN-8140-1 April 02, 2026 cairo vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in Cairo. Software Description: - cairo: Cairo 2D vector graphics library performance utilities Details: Alberto Garcia, Francisco Oca and Suleman Ali discovered that Cairo did not properly manage memory. An attacker could possibly use this issue to cause Cairo to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2017-9814) It was discovered that Cairo incorrectly handled certain angle values when drawing arcs. An attacker could possibly use this issue to cause Cairo to crash, resulting in a denial of service. (CVE-2019-6461) It was discovered that Cairo incorrectly handled certain calculations when drawing arcs. An attacker could possibly use this issue to cause Cairo to consume resources, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2019-6462) Stephan Bergmann discovered that Cairo incorrectly managed memory during image composition. An attacker could use this issue to cause Cairo to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-35492) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS cairo-perf-utils 1.16.0-5ubuntu2.1 libcairo2 1.16.0-5ubuntu2.1 Ubuntu 20.04 LTS cairo-perf-utils 1.16.0-4ubuntu1+esm1 Available with Ubuntu Pro libcairo2 1.16.0-4ubuntu1+esm1 Available with Ubuntu Pro Ubuntu 18.04 LTS cairo-perf-utils 1.15.10-2ubuntu0.1+esm1 Available with Ubuntu Pro libcairo2 1.15.10-2ubuntu0.1+esm1 Available with Ubuntu Pro Ubuntu 16.04 LTS cairo-perf-utils 1.14.6-1ubuntu0.1~esm2 Available with Ubuntu Pro libcairo2 1.14.6-1ubuntu0.1~esm2 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8140-1 CVE-2017-9814, CVE-2019-6461, CVE-2019-6462, CVE-2020-35492 Package Information: https://launchpad.net/ubuntu/+source/cairo/1.16.0-5ubuntu2.1
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmnOvkwACgkQcpJm3tlz hgFushAAwS10XW2e1f1514IwRmG0ZwHzEBqEk+yZXqPvJ+uypsSjX3aZGdj/+Sg3 vpq5klyxDqjmP/zXt6sJu2Ia1711/x3VdZ/3VtDLzo+dLzefRL3n5P98aX8RXreX 6fYGGvKumkyV7jJgNluFf7YYjY+nN09oE6fob8TvlYJNE8j6IsBRdoBy/wMwSaYy xAblWphxnGWTdOYEEYkaKMAHmkiDcu6hF4u4Xc7hX1P1Z4nQZby/NcirCPSx96RI //eU5lf1nGT2kUawFdddUPHNsbiE9vBsNUh2iMMHYbUha0V6PcmyxmY7YabXYk6r 6NJACTLJSpviiJJKg1frkeH9qKCD4AIPyowQum9R3PypbqkGocm94Bzv4x0DjTiF 9HKc9E2Pqnk0j55N+MItlMTfUjUyvn0V63I3A3+G8LyomrPh0kd3UVSqcW78RyK+ nlNlZ8EamloPp9hsHYOLtFL/mz08r9sRmYbSoY3Ha7574ULr1KuhjSxHkYyRxXoY HDQLcwWhxDCiAdkYIZL5su3V0f537xKe/5RbwqrvqSVDiB7oBtP7BjYqp8t3gRDS 0ZGy0mE+UjUDhotz5/oWUWVFN7hjRP7p65KnHAcbGr0ps9lUjL/JftaGG8S9vWL6 CFAZ/C4Kx9rq6lXsQYKxheF7Co8q/bTQfA+sFbf00StKCpNR6TU= =nXg0 -----END PGP SIGNATURE-----