Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

SUSE: 2021:0810-1 Important: glibc Security Patch Release

suse
Calendar Grey July 7, 2020
Dist Suse Esm H88
SUSE Security Patch addresses significant vulnerabilities in libxml2. Examine the specifics and implement required updates without delay.
An update that fixes one vulnerability is now available

Summary

This update for librsvg to version 2.42.8 fixes the following issues: librsvg was updated to version 2.42.8 fixing the following issues: - CVE-2019-20446: Fixed an issue where a crafted SVG file with nested patterns can cause denial of service (bsc#1162501). NOTE: Librsvg now has limits on the number of loaded XML elements, and the number of referenced elements within an SVG document. - Fixed a stack exhaustion with circular references in elements. - Fixed a denial-of-service condition from exponential explosion of rendered elements, through nested use of SVG "use" elements in malicious SVGs. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product:

Topics%20covered

Topics Covered

security advisory moderate denial of service SUSE Linux Enterprise librsvg

References

#1162501

Cross- CVE-2019-20446

Affected Products:

SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2

SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1

https://www.suse.com/security/cve/CVE-2019-20446.html

https://bugzilla.suse.com/1162501

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2020:0629-2
Rating: moderate

Topics%20covered

Topics Covered

security advisory moderate denial of service SUSE Linux Enterprise librsvg

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here