==========================================================================
Ubuntu Security Notice USN-4436-1
July 27, 2020
librsvg vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
Summary:
librsvg could be made to crash if it opened a specially crafted file.
Software Description:
– librsvg: renderer library for SVG files
Details:
It was discovered that librsvg incorrectly handled parsing certain SVG
files. A remote attacker could possibly use this issue to cause librsvg to
crash, resulting in a denial of service. This issue only affected Ubuntu
16.04 LTS. (CVE-2017-11464)
It was discovered that librsvg incorrectly handled parsing certain SVG
files with nested patterns. A remote attacker could possibly use this issue
to cause librsvg to consume resources and crash, resulting in a denial of
service. (CVE-2019-20446)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
librsvg2-2 2.40.20-2ubuntu0.1
Ubuntu 16.04 LTS:
librsvg2-2 2.40.13-3ubuntu0.1
After a standard system update you need to restart your session to make all
the necessary changes.
References:
https://usn.ubuntu.com/4436-1
CVE-2017-11464, CVE-2019-20446
Package Information:
https://launchpad.net/ubuntu/+source/librsvg/2.40.20-2ubuntu0.1
https://launchpad.net/ubuntu/+source/librsvg/2.40.13-3ubuntu0.1
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl8e9zgACgkQZWnYVadE
vpPX6g/9FcJinvhnHopxN/ZEKemtw8C0PAunQqT/shjEN6z3Gjt+/3T2DV1ljolJ
6CV+f1/fL+22805I5zJEuNdP4qGxgW6oSCv1kdBddykK+JGD+Br2W8Xb4eArkn7i
O7v6vtz3KLR27qq0TJnfAbytYZblEY35ObacCERjzaNMR9bZyU5Yg1fNOAQHD3lh
wB/nknlsgCQAq507m6VIVBB6bomYsdW3tuM340J1Z4hnEFAf0tde9BjccnGN2j55
SKG0slsNWMsD2W1LajhwwdsbsKeIbX0hvkZhuCVtzXf8cLd/KuzKeZ+3BjNbkqbW
6TgaFLySlG19/Yg7VcWz0ZKhyzR00ScjD4NgnI26xzTxHR2FuKBESOAalG6BkwXW
ygsZcsjkvkQl6+AggWlrfuxLWk7HBJ+/fnA73JTvZEdDkpCkg33SxnklKo2xnm4J
J3ij9cQJGRwvXCLpg8Rz/SUu5ynRKccxNny4jZCD2kHqVviOqLon3zS5MsDrx5ME
HNvZYMqsIoN9135Hx317itCfJ2h8VZJawpY44EG/P2Ip0MMsAFW34FgkBjlyIoPT
1SB16UoUoIxz6kn/61nsAUB/Af9JbSAje2agAOYlPqBxR7IQOx8xntJY75Qzi5a6
lEsdGfUej2eZe5o8htcMkU+M4qSoTmexZ1nuxo1/m9vzm/kVoHE=
=Wny6
—–END PGP SIGNATURE—–
—