Advisories ยป MGASA-2016-0021

Updated librsvg packages fix security vulnerability

Publication date: 15 Jan 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-7557 , CVE-2015-7558

Description

Out-of-bounds heap read in librsvg2 was found when parsing SVG file
(CVE-2015-7557).

Stack exhaustion due to cyclic dependency causing to crash an application
was found in librsvg2 while parsing SVG file (CVE-2015-7558).

The librsvg package has been updated to version 2.40.13, fixing these
issues and several other bugs.  See the upstream NEWS file for details.
                

References

SRPMS

5/core