Advisories » MGASA-2020-0159

Updated librsvg packages fix security vulnerability

Publication date: 05 Apr 2020
Modification date: 05 Apr 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-20446

Description

The updated packages fix a security vulnerability:

In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested
patterns can cause denial of service when passed to the library for
processing. The attacker constructs pattern elements so that the number
of final rendered objects grows exponentially. (CVE-2019-20446)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=26313
• http://lists.suse.com/pipermail/sle-security-updates/2020-March/006583.html
• https://lists.opensuse.org/opensuse-updates/2020-03/msg00080.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20446

SRPMS

7/core

• librsvg-2.45.5-3.1.mga7