Описание
Security update for librsvg
This update for librsvg fixes the following issues:
librsvg was updated to version 2.52.10:
- CVE-2023-38633: Fixed directory traversal in URI decoder (bsc#1213502).
Список пакетов
Image SLES15-SP4-SAP-Azure-LI-BYOS
gdk-pixbuf-loader-rsvg-2.52.10-150400.3.6.1
librsvg-2-2-2.52.10-150400.3.6.1
Image SLES15-SP4-SAP-Azure-LI-BYOS-Production
gdk-pixbuf-loader-rsvg-2.52.10-150400.3.6.1
librsvg-2-2-2.52.10-150400.3.6.1
Image SLES15-SP4-SAP-Azure-VLI-BYOS
gdk-pixbuf-loader-rsvg-2.52.10-150400.3.6.1
librsvg-2-2-2.52.10-150400.3.6.1
Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production
gdk-pixbuf-loader-rsvg-2.52.10-150400.3.6.1
librsvg-2-2-2.52.10-150400.3.6.1
Image SLES15-SP5-SAP-Azure-LI-BYOS
gdk-pixbuf-loader-rsvg-2.52.10-150400.3.6.1
librsvg-2-2-2.52.10-150400.3.6.1
Image SLES15-SP5-SAP-Azure-LI-BYOS-Production
gdk-pixbuf-loader-rsvg-2.52.10-150400.3.6.1
librsvg-2-2-2.52.10-150400.3.6.1
Image SLES15-SP5-SAP-Azure-VLI-BYOS
gdk-pixbuf-loader-rsvg-2.52.10-150400.3.6.1
librsvg-2-2-2.52.10-150400.3.6.1
Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production
gdk-pixbuf-loader-rsvg-2.52.10-150400.3.6.1
librsvg-2-2-2.52.10-150400.3.6.1
SUSE Linux Enterprise Micro 5.3
gdk-pixbuf-loader-rsvg-2.52.10-150400.3.6.1
librsvg-2-2-2.52.10-150400.3.6.1
SUSE Linux Enterprise Micro 5.4
gdk-pixbuf-loader-rsvg-2.52.10-150400.3.6.1
librsvg-2-2-2.52.10-150400.3.6.1
SUSE Linux Enterprise Module for Basesystem 15 SP4
gdk-pixbuf-loader-rsvg-2.52.10-150400.3.6.1
librsvg-2-2-2.52.10-150400.3.6.1
SUSE Linux Enterprise Module for Basesystem 15 SP5
gdk-pixbuf-loader-rsvg-2.52.10-150400.3.6.1
librsvg-2-2-2.52.10-150400.3.6.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP4
librsvg-devel-2.52.10-150400.3.6.1
typelib-1_0-Rsvg-2_0-2.52.10-150400.3.6.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP5
librsvg-devel-2.52.10-150400.3.6.1
typelib-1_0-Rsvg-2_0-2.52.10-150400.3.6.1
openSUSE Leap 15.4
gdk-pixbuf-loader-rsvg-2.52.10-150400.3.6.1
gdk-pixbuf-loader-rsvg-32bit-2.52.10-150400.3.6.1
librsvg-2-2-2.52.10-150400.3.6.1
librsvg-2-2-32bit-2.52.10-150400.3.6.1
librsvg-devel-2.52.10-150400.3.6.1
rsvg-convert-2.52.10-150400.3.6.1
rsvg-thumbnailer-2.52.10-150400.3.6.1
typelib-1_0-Rsvg-2_0-2.52.10-150400.3.6.1
openSUSE Leap 15.5
gdk-pixbuf-loader-rsvg-2.52.10-150400.3.6.1
gdk-pixbuf-loader-rsvg-32bit-2.52.10-150400.3.6.1
librsvg-2-2-2.52.10-150400.3.6.1
librsvg-2-2-32bit-2.52.10-150400.3.6.1
librsvg-devel-2.52.10-150400.3.6.1
rsvg-convert-2.52.10-150400.3.6.1
rsvg-thumbnailer-2.52.10-150400.3.6.1
typelib-1_0-Rsvg-2_0-2.52.10-150400.3.6.1
openSUSE Leap Micro 5.3
gdk-pixbuf-loader-rsvg-2.52.10-150400.3.6.1
librsvg-2-2-2.52.10-150400.3.6.1
openSUSE Leap Micro 5.4
gdk-pixbuf-loader-rsvg-2.52.10-150400.3.6.1
librsvg-2-2-2.52.10-150400.3.6.1
Ссылки
- Link for SUSE-SU-2023:3021-1
- E-Mail link for SUSE-SU-2023:3021-1
- SUSE Security Ratings
- SUSE Bug 1213502
- SUSE CVE CVE-2023-38633 page
Описание
A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element.
Затронутые продукты
Image SLES15-SP4-SAP-Azure-LI-BYOS-Production:gdk-pixbuf-loader-rsvg-2.52.10-150400.3.6.1
Image SLES15-SP4-SAP-Azure-LI-BYOS-Production:librsvg-2-2-2.52.10-150400.3.6.1
Image SLES15-SP4-SAP-Azure-LI-BYOS:gdk-pixbuf-loader-rsvg-2.52.10-150400.3.6.1
Image SLES15-SP4-SAP-Azure-LI-BYOS:librsvg-2-2-2.52.10-150400.3.6.1
Ссылки
- CVE-2023-38633
- SUSE Bug 1213502