Ubuntu 4436-2: librsvg regression

    Date 29 Jul 2020
    45
    Posted By LinuxSecurity Advisories
    USN-4436-1 introduced a regression in librsvg.
    ==========================================================================
    Ubuntu Security Notice USN-4436-2
    July 29, 2020
    
    librsvg regression
    ==========================================================================
    
    A security issue affects these releases of Ubuntu and its derivatives:
    
    - Ubuntu 18.04 LTS
    - Ubuntu 16.04 LTS
    
    Summary:
    
    USN-4436-1 introduced a regression in librsvg.
    
    Software Description:
    - librsvg: renderer library for SVG files
    
    Details:
    
    USN-4436-1 fixed a vulnerability in librsvg. The upstream fix caused a
    regression when parsing certain SVG files. This update backs out the fix
    pending further investigation.
    
    Original advisory details:
    
     It was discovered that librsvg incorrectly handled parsing certain SVG
     files. A remote attacker could possibly use this issue to cause librsvg to
     crash, resulting in a denial of service. This issue only affected Ubuntu
     16.04 LTS. (CVE-2017-11464)
      It was discovered that librsvg incorrectly handled parsing certain SVG
     files with nested patterns. A remote attacker could possibly use this issue
     to cause librsvg to consume resources and crash, resulting in a denial of
     service. (CVE-2019-20446)
    
    Update instructions:
    
    The problem can be corrected by updating your system to the following
    package versions:
    
    Ubuntu 18.04 LTS:
      librsvg2-2                      2.40.20-2ubuntu0.2
    
    Ubuntu 16.04 LTS:
      librsvg2-2                      2.40.13-3ubuntu0.2
    
    After a standard system update you need to restart your session to make all
    the necessary changes.
    
    References:
      https://usn.ubuntu.com/4436-2
      https://usn.ubuntu.com/4436-1
      https://launchpad.net/bugs/1889206
    
    Package Information:
      https://launchpad.net/ubuntu/+source/librsvg/2.40.20-2ubuntu0.2
      https://launchpad.net/ubuntu/+source/librsvg/2.40.13-3ubuntu0.2
    
    

    LinuxSecurity Poll

    Are you planning to use the 1Password password manager now that it is available to Linux users?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/35-are-you-planning-to-use-the-1password-password-manager-now-that-it-is-available-to-linux-users?task=poll.vote&format=json
    35
    radio
    [{"id":"122","title":"Yes","votes":"1","type":"x","order":"1","pct":20,"resources":[]},{"id":"123","title":"No ","votes":"3","type":"x","order":"2","pct":60,"resources":[]},{"id":"124","title":"Not sure at the moment","votes":"1","type":"x","order":"3","pct":20,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Advisories

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.