exploitDog

SUSE-SU-2020:0629-1

Опубликовано: 07 июл. 2020

Источник: suse-cvrf

Описание

Security update for librsvg

This update for librsvg to version 2.42.8 fixes the following issues:

librsvg was updated to version 2.42.8 fixing the following issues:

CVE-2019-20446: Fixed an issue where a crafted SVG file with nested patterns can cause denial of service (bsc#1162501). NOTE: Librsvg now has limits on the number of loaded XML elements, and the number of referenced elements within an SVG document.
Fixed a stack exhaustion with circular references in elements.
Fixed a denial-of-service condition from exponential explosion of rendered elements, through nested use of SVG 'use' elements in malicious SVGs.

Список пакетов

Image SLES15-SAP-Azure-LI-BYOS-Production

gdk-pixbuf-loader-rsvg-2.42.8-3.3.1

librsvg-2-2-2.42.8-3.3.1

Image SLES15-SAP-Azure-VLI-BYOS-Production

gdk-pixbuf-loader-rsvg-2.42.8-3.3.1

librsvg-2-2-2.42.8-3.3.1

Image SLES15-SP1-SAP-Azure-LI-BYOS-Production

gdk-pixbuf-loader-rsvg-2.42.8-3.3.1

librsvg-2-2-2.42.8-3.3.1

Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production

gdk-pixbuf-loader-rsvg-2.42.8-3.3.1

librsvg-2-2-2.42.8-3.3.1

SUSE Linux Enterprise Module for Basesystem 15 SP1

gdk-pixbuf-loader-rsvg-2.42.8-3.3.1

librsvg-2-2-2.42.8-3.3.1

SUSE Linux Enterprise Module for Desktop Applications 15 SP1

librsvg-devel-2.42.8-3.3.1

typelib-1_0-Rsvg-2_0-2.42.8-3.3.1

Ссылки

https://www.suse.com/support/update/announcement/2020/suse-su-20200629-1/
Link for SUSE-SU-2020:0629-1
https://lists.suse.com/pipermail/sle-security-updates/2020-March/006591.html
E-Mail link for SUSE-SU-2020:0629-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1162501
SUSE Bug 1162501
https://www.suse.com/security/cve/CVE-2019-20446/
SUSE CVE CVE-2019-20446 page

Описание

In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially.

Затронутые продукты

Image SLES15-SAP-Azure-LI-BYOS-Production:gdk-pixbuf-loader-rsvg-2.42.8-3.3.1

Image SLES15-SAP-Azure-LI-BYOS-Production:librsvg-2-2-2.42.8-3.3.1

Image SLES15-SAP-Azure-VLI-BYOS-Production:gdk-pixbuf-loader-rsvg-2.42.8-3.3.1

Image SLES15-SAP-Azure-VLI-BYOS-Production:librsvg-2-2-2.42.8-3.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-20446.html
CVE-2019-20446
https://bugzilla.suse.com/1162501
SUSE Bug 1162501

Уязвимость SUSE-SU-2020:0629-1