Описание
Security update for librsvg
This update for librsvg fixes the following issues:
Update to version 2.57.4 - bsc#1243867:
- CVE-2024-12224: RUSTSEC-2024-0421 - idna accepts Punycode labels that do not produce any non-ASCII when decoded.
- RUSTSEC-2024-0404 - Unsoundness in anstream.
Список пакетов
SUSE Linux Enterprise Module for Basesystem 15 SP7
gdk-pixbuf-loader-rsvg-2.57.4-150600.3.3.1
librsvg-2-2-2.57.4-150600.3.3.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP7
librsvg-devel-2.57.4-150600.3.3.1
typelib-1_0-Rsvg-2_0-2.57.4-150600.3.3.1
openSUSE Leap 15.6
gdk-pixbuf-loader-rsvg-2.57.4-150600.3.3.1
gdk-pixbuf-loader-rsvg-32bit-2.57.4-150600.3.3.1
librsvg-2-2-2.57.4-150600.3.3.1
librsvg-2-2-32bit-2.57.4-150600.3.3.1
librsvg-devel-2.57.4-150600.3.3.1
rsvg-convert-2.57.4-150600.3.3.1
rsvg-thumbnailer-2.57.4-150600.3.3.1
typelib-1_0-Rsvg-2_0-2.57.4-150600.3.3.1
Ссылки
- Link for SUSE-SU-2026:0243-1
- E-Mail link for SUSE-SU-2026:0243-1
- SUSE Security Ratings
- SUSE Bug 1243867
- SUSE CVE CVE-2024-12224 page
Описание
Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.
Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP7:gdk-pixbuf-loader-rsvg-2.57.4-150600.3.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP7:librsvg-2-2-2.57.4-150600.3.3.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP7:librsvg-devel-2.57.4-150600.3.3.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP7:typelib-1_0-Rsvg-2_0-2.57.4-150600.3.3.1
Ссылки
- CVE-2024-12224
- SUSE Bug 1243848