Описание
Security update for librsvg
This update for librsvg fixes the following issues:
librsvg was updated to version 2.46.7:
- CVE-2023-38633: Fixed directory traversal in URI decoder (bsc#1213502).
Список пакетов
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production
gdk-pixbuf-loader-rsvg-2.46.7-150200.3.9.1
librsvg-2-2-2.46.7-150200.3.9.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production
gdk-pixbuf-loader-rsvg-2.46.7-150200.3.9.1
librsvg-2-2-2.46.7-150200.3.9.1
Image SLES15-SP3-SAP-Azure-LI-BYOS-Production
gdk-pixbuf-loader-rsvg-2.46.7-150200.3.9.1
librsvg-2-2-2.46.7-150200.3.9.1
Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production
gdk-pixbuf-loader-rsvg-2.46.7-150200.3.9.1
librsvg-2-2-2.46.7-150200.3.9.1
SUSE Enterprise Storage 7
gdk-pixbuf-loader-rsvg-2.46.7-150200.3.9.1
librsvg-2-2-2.46.7-150200.3.9.1
librsvg-devel-2.46.7-150200.3.9.1
typelib-1_0-Rsvg-2_0-2.46.7-150200.3.9.1
SUSE Enterprise Storage 7.1
gdk-pixbuf-loader-rsvg-2.46.7-150200.3.9.1
librsvg-2-2-2.46.7-150200.3.9.1
librsvg-devel-2.46.7-150200.3.9.1
typelib-1_0-Rsvg-2_0-2.46.7-150200.3.9.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
gdk-pixbuf-loader-rsvg-2.46.7-150200.3.9.1
librsvg-2-2-2.46.7-150200.3.9.1
librsvg-devel-2.46.7-150200.3.9.1
typelib-1_0-Rsvg-2_0-2.46.7-150200.3.9.1
SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS
gdk-pixbuf-loader-rsvg-2.46.7-150200.3.9.1
librsvg-2-2-2.46.7-150200.3.9.1
librsvg-devel-2.46.7-150200.3.9.1
typelib-1_0-Rsvg-2_0-2.46.7-150200.3.9.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
gdk-pixbuf-loader-rsvg-2.46.7-150200.3.9.1
librsvg-2-2-2.46.7-150200.3.9.1
librsvg-devel-2.46.7-150200.3.9.1
typelib-1_0-Rsvg-2_0-2.46.7-150200.3.9.1
SUSE Linux Enterprise Micro 5.2
gdk-pixbuf-loader-rsvg-2.46.7-150200.3.9.1
librsvg-2-2-2.46.7-150200.3.9.1
SUSE Linux Enterprise Server 15 SP2-LTSS
gdk-pixbuf-loader-rsvg-2.46.7-150200.3.9.1
librsvg-2-2-2.46.7-150200.3.9.1
librsvg-devel-2.46.7-150200.3.9.1
typelib-1_0-Rsvg-2_0-2.46.7-150200.3.9.1
SUSE Linux Enterprise Server 15 SP3-LTSS
gdk-pixbuf-loader-rsvg-2.46.7-150200.3.9.1
librsvg-2-2-2.46.7-150200.3.9.1
librsvg-devel-2.46.7-150200.3.9.1
typelib-1_0-Rsvg-2_0-2.46.7-150200.3.9.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
gdk-pixbuf-loader-rsvg-2.46.7-150200.3.9.1
librsvg-2-2-2.46.7-150200.3.9.1
librsvg-devel-2.46.7-150200.3.9.1
typelib-1_0-Rsvg-2_0-2.46.7-150200.3.9.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
gdk-pixbuf-loader-rsvg-2.46.7-150200.3.9.1
librsvg-2-2-2.46.7-150200.3.9.1
librsvg-devel-2.46.7-150200.3.9.1
typelib-1_0-Rsvg-2_0-2.46.7-150200.3.9.1
SUSE Manager Proxy 4.2
gdk-pixbuf-loader-rsvg-2.46.7-150200.3.9.1
librsvg-2-2-2.46.7-150200.3.9.1
SUSE Manager Server 4.2
gdk-pixbuf-loader-rsvg-2.46.7-150200.3.9.1
librsvg-2-2-2.46.7-150200.3.9.1
Ссылки
- Link for SUSE-SU-2023:3208-1
- E-Mail link for SUSE-SU-2023:3208-1
- SUSE Security Ratings
- SUSE Bug 1213502
- SUSE CVE CVE-2023-38633 page
Описание
A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element.
Затронутые продукты
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:gdk-pixbuf-loader-rsvg-2.46.7-150200.3.9.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:librsvg-2-2-2.46.7-150200.3.9.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:gdk-pixbuf-loader-rsvg-2.46.7-150200.3.9.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:librsvg-2-2-2.46.7-150200.3.9.1
Ссылки
- CVE-2023-38633
- SUSE Bug 1213502