This update for librsvg fixes the following issues:
Update to version 2.57.4 - bsc#1243867:
* CVE-2024-12224: RUSTSEC-2024-0421 - idna accepts Punycode labels that do not
produce any non-ASCII when decoded.
* RUSTSEC-2024-0404 - Unsoundness in anstream.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-243=1
* Desktop Applications Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-243=1
* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-243=1 openSUSE-SLE-15.6-2026-243=1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* gdk-pixbuf-loader-rsvg-debuginfo-2.57.4-150600.3.3.1
* librsvg-debugsource-2.57.4-150600.3.3.1
* librsvg-2-2-2.57.4-150600.3.3.1
* librsvg-2-2-debuginfo-2.57.4-150600.3.3.1
* gdk-pixbuf-loader-rsvg-2.57.4-150600.3.3.1
* Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* librsvg-debugsource-2.57.4-150600.3.3.1
* librsvg-devel-2.57.4-150600.3.3.1
* typelib-1_0-Rsvg-2_0-2.57.4-150600.3.3.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* typelib-1_0-Rsvg-2_0-2.57.4-150600.3.3.1
* gdk-pixbuf-loader-rsvg-debuginfo-2.57.4-150600.3.3.1
* rsvg-convert-2.57.4-150600.3.3.1
* librsvg-debugsource-2.57.4-150600.3.3.1
* librsvg-devel-2.57.4-150600.3.3.1
* librsvg-2-2-2.57.4-150600.3.3.1
* librsvg-2-2-debuginfo-2.57.4-150600.3.3.1
* gdk-pixbuf-loader-rsvg-2.57.4-150600.3.3.1
* rsvg-convert-debuginfo-2.57.4-150600.3.3.1
* openSUSE Leap 15.6 (x86_64)
* librsvg-2-2-32bit-2.57.4-150600.3.3.1
*...
Read the Full Advisory* bsc#1243867
## References:
* https://www.suse.com/security/cve/CVE-2024-12224.html
* https://bugzilla.suse.com/show_bug.cgi?id=1243867
Get the latest Linux and open source security news straight to your inbox.