You are here
Home > Preporuke > Sigurnosni nedostaci programske biblioteke librsvg2

Sigurnosni nedostaci programske biblioteke librsvg2

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: librsvg2 security update
Advisory ID: RHSA-2020:4709-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:4709
Issue date: 2020-11-03
CVE Names: CVE-2019-20446
=====================================================================

1. Summary:

An update for librsvg2 is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) – aarch64, ppc64le, s390x, x86_64

3. Description:

The librsvg2 packages provide a Scalable Vector Graphics (SVG) library
based on the libart library.

Security Fix(es):

* librsvg: Resource exhaustion via crafted SVG file with nested patterns
(CVE-2019-20446)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.3 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1797608 – CVE-2019-20446 librsvg: Resource exhaustion via crafted SVG file with nested patterns

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:
librsvg2-2.42.7-4.el8.src.rpm

aarch64:
librsvg2-2.42.7-4.el8.aarch64.rpm
librsvg2-debuginfo-2.42.7-4.el8.aarch64.rpm
librsvg2-debugsource-2.42.7-4.el8.aarch64.rpm
librsvg2-devel-2.42.7-4.el8.aarch64.rpm
librsvg2-tools-2.42.7-4.el8.aarch64.rpm
librsvg2-tools-debuginfo-2.42.7-4.el8.aarch64.rpm

ppc64le:
librsvg2-2.42.7-4.el8.ppc64le.rpm
librsvg2-debuginfo-2.42.7-4.el8.ppc64le.rpm
librsvg2-debugsource-2.42.7-4.el8.ppc64le.rpm
librsvg2-devel-2.42.7-4.el8.ppc64le.rpm
librsvg2-tools-2.42.7-4.el8.ppc64le.rpm
librsvg2-tools-debuginfo-2.42.7-4.el8.ppc64le.rpm

s390x:
librsvg2-2.42.7-4.el8.s390x.rpm
librsvg2-debuginfo-2.42.7-4.el8.s390x.rpm
librsvg2-debugsource-2.42.7-4.el8.s390x.rpm
librsvg2-devel-2.42.7-4.el8.s390x.rpm
librsvg2-tools-2.42.7-4.el8.s390x.rpm
librsvg2-tools-debuginfo-2.42.7-4.el8.s390x.rpm

x86_64:
librsvg2-2.42.7-4.el8.i686.rpm
librsvg2-2.42.7-4.el8.x86_64.rpm
librsvg2-debuginfo-2.42.7-4.el8.i686.rpm
librsvg2-debuginfo-2.42.7-4.el8.x86_64.rpm
librsvg2-debugsource-2.42.7-4.el8.i686.rpm
librsvg2-debugsource-2.42.7-4.el8.x86_64.rpm
librsvg2-devel-2.42.7-4.el8.i686.rpm
librsvg2-devel-2.42.7-4.el8.x86_64.rpm
librsvg2-tools-2.42.7-4.el8.x86_64.rpm
librsvg2-tools-debuginfo-2.42.7-4.el8.i686.rpm
librsvg2-tools-debuginfo-2.42.7-4.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-20446
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIVAwUBX6I459zjgjWX9erEAQjKdg//edLSxuHdabfPxe1TZHKEDZKW3U2si5jC
0zbcaN3SYWX24zl7S0/Oo2oefS6H/TzUZ1bT9/xFYOE7/SHV1b+MFR4UrPiBpwCd
D49pInShXrNiCd9I+J6SOaRPXlIBtx5sFt4nuSts8GrXRGwQVDwB6tD9KvQKTpl5
E467DEjvQmHBhYUoF3Z9ybevj8jLqNYZN4vFsa/SesOZsUNDbbr90UuxDJs4NpYu
BZ9/9lIAq5h0lg5RjRGSgcjXtzW2GUicdbYqN429TiZNKuY7lMwbVs7AUcu57G0h
BtSUq5YWiU+9bfdgc6m0YoBjTUmee0sqc8TnPd+ztnkstg6CEPVZpFjEaTLu29lu
BtDxMYZpqSbFvtgpFYBkP/UX9yoL21+3MOYF2Nn7lGMeg8TjlKxEAXivnw/Hde0d
l8/H/rwF2J2KEbtzQt+coGk1p0pEisGSZ0MEXmdBa6cWmqImMddGav4BB3/w5gyy
mfGx2Ysf+B3afeOxu37LekOZl/wl5ITQVxNQ6/4WlSMSwlnE+/e6CaSemu4SI5s1
najTH8xKSsg4/Ak0Ald7DrdHqmZeGsWVSQYbpeQd/EEV5SH4mZ1xv+ZevKOxc0r1
CCmBQPbjAQjhejnHFxzWVLQaGpgalm13yShWcBLFZhJGW+CpKGdDSV0QczOKZNsO
AJl/ISGiBI0=
=MLy/
—–END PGP SIGNATURE—–


RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

Top
More in Preporuke
Sigurnosni nedostatak programske biblioteke libxslt

Otkriven je sigurnosni nedostatak programske biblioteke libxslt za operacijski sustav RHEL. Otkriveni nedostatak potencijalnim udaljenim napadačima omogućuje izazivanje DoS stanja,...

Close