Oval Definition:	oval:org.opensuse.security:def:126153
Revision Date: 2020-03-06 Version: 1 Title: Security update for librsvg (Moderate) Description: This update for librsvg to version 2.40.21 fixes the following issues: librsvg was updated to version 2.40.21 fixing the following issues: - CVE-2019-20446: Fixed an issue where a crafted SVG file with nested patterns can cause denial of service (bsc#1162501). NOTE: Librsvg now has limits on the number of loaded XML elements, and the number of referenced elements within an SVG document. - Fixed a stack exhaustion with circular references in elements. - Fixed a denial-of-service condition from exponential explosion of rendered elements, through nested use of SVG 'use' elements in malicious SVGs. Family: unix Class: patch Status: Reference(s): 1162501 CVE-2019-20446 SUSE-SU-2020:0604-1 Platform(s): SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 Product(s): Definition Synopsis Release Information SUSE Linux Enterprise Desktop 12 SP4 is installed OR SUSE Linux Enterprise Server 12 SP4 is installed OR SUSE Linux Enterprise Server for SAP Applications 12 SP4 is installed OR SUSE Linux Enterprise Software Development Kit 12 SP4 is installed AND Package Information librsvg-devel-2.40.21-5.9.1 is installed OR typelib-1_0-Rsvg-2_0-2.40.21-5.9.1 is installed
BACK