Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

SUSE: 2020:0629-1 Moderate: librsvg Denial Of Service Fix

suse
Calendar Grey March 10, 2020
Dist Suse Esm H88
SUSE Security Patch for libxml2 addresses a significant risk with potential for system instability.
An update that fixes one vulnerability is now available

Summary

This update for librsvg to version 2.42.8 fixes the following issues: librsvg was updated to version 2.42.8 fixing the following issues: - CVE-2019-20446: Fixed an issue where a crafted SVG file with nested patterns can cause denial of service (bsc#1162501). NOTE: Librsvg now has limits on the number of loaded XML elements, and the number of referenced elements within an SVG document. - Fixed a stack exhaustion with circular references in elements. - Fixed a denial-of-service condition from exponential explosion of rendered elements, through nested use of SVG "use" elements in malicious SVGs. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product:

Topics%20covered

Topics Covered

security advisory moderate denial of service SUSE Linux Enterprise librsvg

References

#1162501

Cross- CVE-2019-20446

Affected Products:

SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1

SUSE Linux Enterprise Module for Desktop Applications 15-SP1

SUSE Linux Enterprise Module for Basesystem 15-SP1

https://www.suse.com/security/cve/CVE-2019-20446.html

https://bugzilla.suse.com/1162501

Announcement ID: SUSE-SU-2020:0629-1
Rating: moderate

Topics%20covered

Topics Covered

security advisory moderate denial of service SUSE Linux Enterprise librsvg

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here