Oval Definition:oval:org.opensuse.security:def:88987
Revision Date:2020-03-06Version:1
Title:Security update for librsvg (Moderate)
Description:

This update for librsvg to version 2.40.21 fixes the following issues:

librsvg was updated to version 2.40.21 fixing the following issues:

- CVE-2019-20446: Fixed an issue where a crafted SVG file with nested patterns can cause denial of service (bsc#1162501). NOTE: Librsvg now has limits on the number of loaded XML elements, and the number of referenced elements within an SVG document. - Fixed a stack exhaustion with circular references in elements. - Fixed a denial-of-service condition from exponential explosion of rendered elements, through nested use of SVG 'use' elements in malicious SVGs.
Family:unixClass:patch
Status:Reference(s):1162501
CVE-2019-20446
SUSE-SU-2020:0604-1
Platform(s):SUSE Linux Enterprise Server 12 SP4
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND Package Information
  • gdk-pixbuf-loader-rsvg-2.40.21-5.9.1 is installed
  • OR librsvg-2-2-2.40.21-5.9.1 is installed
  • OR librsvg-2-2-32bit-2.40.21-5.9.1 is installed
  • OR rsvg-view-2.40.21-5.9.1 is installed
    • BACK