ASA-201902-19 log generated external raw

[ASA-201902-19] cairo: arbitrary code execution
Arch Linux Security Advisory ASA-201902-19 ========================================== Severity: Critical Date : 2019-02-17 CVE-ID : CVE-2018-19876 Package : cairo Type : arbitrary code execution Remote : Yes Link : Summary ======= The package cairo before version 1.16.0-2 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 1.16.0-2. # pacman -Syu "cairo>=1.16.0-2" The problem has been fixed upstream but no release is available yet. Workaround ========== None. Description =========== A memory-corruption issue has been found in cairo versions <= 1.16.0, in the cairo_ft_apply_variations() function in cairo-ft-font.c. This function frees memory using the wrong free function, leading to memory corruption. As cairo is used, among others, by WebKitGTK+, this could be triggered by a crafted web content in some cases. Impact ====== A malicious remote user could execute arbitrary code by sending specially crafted web content. References ==========