Oval Definition:oval:org.opensuse.security:def:68596
Revision Date:2020-12-01Version:1
Title:Security update for librsvg (Moderate)
Description:

This update for librsvg to version 2.42.8 fixes the following issues:

librsvg was updated to version 2.42.8 fixing the following issues:

- CVE-2019-20446: Fixed an issue where a crafted SVG file with nested patterns can cause denial of service (bsc#1162501). NOTE: Librsvg now has limits on the number of loaded XML elements, and the number of referenced elements within an SVG document. - Fixed a stack exhaustion with circular references in elements. - Fixed a denial-of-service condition from exponential explosion of rendered elements, through nested use of SVG 'use' elements in malicious SVGs.
Family:unixClass:patch
Status:Reference(s):1132728
1132729
1132732
1132734
1134718
1162501
CVE-2019-10245
CVE-2019-20446
CVE-2019-2602
CVE-2019-2684
CVE-2019-2697
CVE-2019-2698
SUSE-SU-2019:1308-2
SUSE-SU-2020:0629-1
Platform(s):SUSE Linux Enterprise Module for Desktop Applications 15 SP1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Module for Desktop Applications 15 SP1 is installed
  • AND Package Information
  • librsvg-2.42.8-3.3 is installed
  • OR librsvg-devel-2.42.8-3.3 is installed
  • OR typelib-1_0-Rsvg-2_0-2.42.8-3.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1 is installed
  • AND Package Information
  • java-1_8_0-ibm-1.8.0_sr5.35-3.20 is installed
  • OR java-1_8_0-ibm-32bit-1.8.0_sr5.35-3.20 is installed
  • OR java-1_8_0-ibm-demo-1.8.0_sr5.35-3.20 is installed
  • OR java-1_8_0-ibm-devel-32bit-1.8.0_sr5.35-3.20 is installed
  • OR java-1_8_0-ibm-src-1.8.0_sr5.35-3.20 is installed
    • BACK