Lucene search
SuseOPENSUSE-SU-2020:0343-1HistoryMar 15, 2020 - 12:00 a.m.
Security update for librsvg (moderate)
2020-03-1500:00:00
lists.opensuse.org
100
EPSS
0.004
Percentile
73.4%
An update that fixes one vulnerability is now available.
Description:
This update for librsvg to version 2.42.8 fixes the following issues:
librsvg was updated to version 2.42.8 fixing the following issues:
- CVE-2019-20446: Fixed an issue where a crafted SVG file with nested
patterns can cause denial of service (bsc#1162501). NOTE: Librsvg now
has limits on the number of loaded XML elements, and the number of
referenced elements within an SVG document. - Fixed a stack exhaustion with circular references in <use> elements.
- Fixed a denial-of-service condition from exponential explosion
of rendered elements, through nested use of SVG “use” elements in
malicious SVGs.
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:
-
openSUSE Leap 15.1:
zypper in -t patch openSUSE-2020-343=1
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| openSUSE Leap | 15.1 | i586 | < - openSUSE Leap 15.1 (i586 x86_64): | - openSUSE Leap 15.1 (i586 x86_64):.i586.rpm | |
| openSUSE Leap | 15.1 | x86_64 | < - openSUSE Leap 15.1 (i586 x86_64): | - openSUSE Leap 15.1 (i586 x86_64):.x86_64.rpm | |
| openSUSE Leap | 15.1 | x86_64 | < - openSUSE Leap 15.1 (x86_64): | - openSUSE Leap 15.1 (x86_64):.x86_64.rpm | |
| openSUSE Leap | 15.1 | noarch | < - openSUSE Leap 15.1 (noarch): | - openSUSE Leap 15.1 (noarch):.noarch.rpm |
Related
alpinelinux
alpinelinux
CVE-2019-20446
2020-02-02 14:15:10
nessus
nessus
NewStart CGSL MAIN 6.02 : librsvg2 Vulnerability (NS-SA-2021-0065)
2021-03-10 00:00:00
SUSE SLES12 Security Update : librsvg (SUSE-SU-2020:0604-1)
2020-03-09 00:00:00
Rocky Linux 8 : librsvg2 (RLSA-2020:4709)
2023-11-07 00:00:00
freebsd
freebsd
librsvg2 -- multiple vulnerabilities
2020-02-26 00:00:00
oraclelinux
oraclelinux
librsvg2 security update
2020-11-10 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2020:0604-1)
2021-04-19 00:00:00
openSUSE: Security Advisory for librsvg (openSUSE-SU-2020:0343-1)
2020-03-16 00:00:00
SUSE: Security Advisory (SUSE-SU-2020:0629-2)
2021-06-09 00:00:00
prion
prion
Design/Logic Flaw
2020-02-02 14:15:00
redhatcve
redhatcve
CVE-2019-20446
2020-02-03 14:18:18
rocky
rocky
librsvg2 security update
2020-11-03 12:29:09
cvelist
cvelist
CVE-2019-20446
2020-02-02 00:00:00
almalinux
almalinux
Moderate: librsvg2 security update
2020-11-03 12:29:09
debiancve
debiancve
CVE-2019-20446
2020-02-02 14:15:10
mageia
mageia
Updated librsvg packages fix security vulnerability
2020-04-05 20:07:15
osv
osv
Moderate: librsvg2 security update
2020-11-03 12:29:09
CVE-2019-20446
2020-02-02 14:15:10
Moderate: librsvg2 security update
2020-11-03 12:29:09
nvd
nvd
CVE-2019-20446
2020-02-02 14:15:10
ubuntucve
ubuntucve
CVE-2019-20446
2020-02-02 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-11-05 03:18:39
redhat
redhat
(RHSA-2020:4709) Moderate: librsvg2 security update
2020-11-03 12:29:09
cve
cve
CVE-2019-20446
2020-02-02 14:15:10
debian
debian
[SECURITY] [DLA 2285-1] librsvg security update
2020-07-22 11:06:01
ubuntu
ubuntu
librsvg vulnerabilities
2020-07-27 00:00:00
librsvg regression
2020-07-29 00:00:00
cloudfoundry
cloudfoundry
USN-4436-2: librsvg regression | Cloud Foundry
2020-08-27 00:00:00
USN-4436-1: librsvg vulnerabilities | Cloud Foundry
2020-08-27 00:00:00
fedora
fedora
[SECURITY] Fedora 31 Update: chromium-80.0.3987.132-1.fc31
2020-03-20 01:51:25
[SECURITY] Fedora 30 Update: chromium-80.0.3987.149-1.fc30
2020-03-27 10:46:23