You are here
Home > Preporuke > Sigurnosni nedostaci programske biblioteke librsvg

Sigurnosni nedostaci programske biblioteke librsvg

==========================================================================
Ubuntu Security Notice USN-4436-2
July 29, 2020

librsvg regression
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

USN-4436-1 introduced a regression in librsvg.

Software Description:
– librsvg: renderer library for SVG files

Details:

USN-4436-1 fixed a vulnerability in librsvg. The upstream fix caused a
regression when parsing certain SVG files. This update backs out the fix
pending further investigation.

Original advisory details:

It was discovered that librsvg incorrectly handled parsing certain SVG
files. A remote attacker could possibly use this issue to cause librsvg to
crash, resulting in a denial of service. This issue only affected Ubuntu
16.04 LTS. (CVE-2017-11464)
It was discovered that librsvg incorrectly handled parsing certain SVG
files with nested patterns. A remote attacker could possibly use this issue
to cause librsvg to consume resources and crash, resulting in a denial of
service. (CVE-2019-20446)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
librsvg2-2 2.40.20-2ubuntu0.2

Ubuntu 16.04 LTS:
librsvg2-2 2.40.13-3ubuntu0.2

After a standard system update you need to restart your session to make all
the necessary changes.

References:
https://usn.ubuntu.com/4436-2
https://usn.ubuntu.com/4436-1
https://launchpad.net/bugs/1889206

Package Information:
https://launchpad.net/ubuntu/+source/librsvg/2.40.20-2ubuntu0.2
https://launchpad.net/ubuntu/+source/librsvg/2.40.13-3ubuntu0.2

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl8hkFMACgkQZWnYVadE
vpPavw/+M6nzWtgIIA87swK/H3kXZBIXszyus40On8+eM0uonBZRnLp1zF0UoC05
bkQHWoTu8VkVTSWgHgIMDiv9QoXJrNuC7d6VZvLpQR47WaSoaB+WsJQZ9czp+MGQ
vrAkju0tnnHFkYfuOOSKMNrDxMvfFCLGN7v310nsNBr16G0CkrXvEqQIobqZMo+M
1hbseMzzXxJTnDpHGgezx5t4TFwUl0DvNKecwamFW0SVQxwIPhkBJKTQKwlLRxDm
bs15/4Rj53SrDGR/4coBnTMXydhX4wCKnWrGAKUumZ6a/Kdd8xWpwuLCd8EsgWf7
i1bmAI4sKn+r1UD10c5duqrew9aM2aw8RskUSV51gV60YDQ5vS5fysWaZtgHxlss
MdQ69EI/oF4N2+H6cQTw/1OAkBQIlsXX3/ig1csFXQvL9/YfIt5+2ucB0ZU17LLY
PABaYaLe/tRT8FdeLv9Sf/Zzy8jKUqIeYHve4glzgaaUedBr1xAyQJm5eSKjpoaY
uAXcXL7yVJcSy4yLOMxL2YopvmvnKJ1yA2RbK+V+Q89ECyl16X8p2C8EBtOVMoaC
JDsn9M/RfWHbR+ioFM9vSIoCdMmW1UbMKkU1zMMfHGv6+ECLw9fL2GvomPMvkmDG
zX9yYjBY8Ois/aDP5cH3IgYiuKNTXu+gw4zR0o3loh2Aa/4JrIs=
=dnE9
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostaci programskog paketa Tomcat

Otkriveni su sigurnosni nedostaci u programskom paketu Tomcat za operacijski sustav openSUSE. Otkriveni nedostaci potencijalnim napadačima omogućuju izazivanje DoS stanja...

Close