Updated librsvg packages fix security vulnerability
Publication date: 15 Jan 2016Modification date: 15 Jan 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-7557 , CVE-2015-7558
Description
Out-of-bounds heap read in librsvg2 was found when parsing SVG file (CVE-2015-7557). Stack exhaustion due to cyclic dependency causing to crash an application was found in librsvg2 while parsing SVG file (CVE-2015-7558). The librsvg package has been updated to version 2.40.13, fixing these issues and several other bugs. See the upstream NEWS file for details.
References
- https://bugs.mageia.org/show_bug.cgi?id=17378
- https://git.gnome.org/browse/librsvg/tree/NEWS?id=a12e7b90e7b9fa6a6a325f39fb409722b06a6735
- http://openwall.com/lists/oss-security/2015/12/21/5
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7557
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7558
SRPMS
5/core
- librsvg-2.40.13-1.mga5