Sicherheit: Zwei Probleme in librsvg (Aktualisierung)

Lesezeichen hinzufügen

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============5389710810820216078==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="S76ssYaMXn4mZNUAvg7uVLG3IfhpQiHl8"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--S76ssYaMXn4mZNUAvg7uVLG3IfhpQiHl8
Content-Type: multipart/mixed;
boundary="bIF6eQzRgtUxcMpAbOxng7pqW1PJ7XSTp"

--bIF6eQzRgtUxcMpAbOxng7pqW1PJ7XSTp
Content-Type: text/plain; charset=utf-8
Content-Language: en-C
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-4436-2
July 29, 2020

librsvg regression
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

USN-4436-1 introduced a regression in librsvg.

Software Description:
- librsvg: renderer library for SVG files

Details:

USN-4436-1 fixed a vulnerability in librsvg. The upstream fix caused a
regression when parsing certain SVG files. This update backs out the fix
pending further investigation.

Original advisory details:

It was discovered that librsvg incorrectly handled parsing certain SVG
files. A remote attacker could possibly use this issue to cause librsvg to
crash, resulting in a denial of service. This issue only affected Ubuntu
16.04 LTS. (CVE-2017-11464)
It was discovered that librsvg incorrectly handled parsing certain SVG
files with nested patterns. A remote attacker could possibly use this issue
to cause librsvg to consume resources and crash, resulting in a denial of
service. (CVE-2019-20446)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
librsvg2-2 2.40.20-2ubuntu0.2

Ubuntu 16.04 LTS:
librsvg2-2 2.40.13-3ubuntu0.2

After a standard system update you need to restart your session to make all
the necessary changes.

References:
https://usn.ubuntu.com/4436-2
https://usn.ubuntu.com/4436-1
https://launchpad.net/bugs/1889206

Package Information:
https://launchpad.net/ubuntu/+source/librsvg/2.40.20-2ubuntu0.2
https://launchpad.net/ubuntu/+source/librsvg/2.40.13-3ubuntu0.2

--bIF6eQzRgtUxcMpAbOxng7pqW1PJ7XSTp--

--S76ssYaMXn4mZNUAvg7uVLG3IfhpQiHl8
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl8hkFMACgkQZWnYVadE
vpPavw/+M6nzWtgIIA87swK/H3kXZBIXszyus40On8+eM0uonBZRnLp1zF0UoC05
bkQHWoTu8VkVTSWgHgIMDiv9QoXJrNuC7d6VZvLpQR47WaSoaB+WsJQZ9czp+MGQ
vrAkju0tnnHFkYfuOOSKMNrDxMvfFCLGN7v310nsNBr16G0CkrXvEqQIobqZMo+M
1hbseMzzXxJTnDpHGgezx5t4TFwUl0DvNKecwamFW0SVQxwIPhkBJKTQKwlLRxDm
bs15/4Rj53SrDGR/4coBnTMXydhX4wCKnWrGAKUumZ6a/Kdd8xWpwuLCd8EsgWf7
i1bmAI4sKn+r1UD10c5duqrew9aM2aw8RskUSV51gV60YDQ5vS5fysWaZtgHxlss
MdQ69EI/oF4N2+H6cQTw/1OAkBQIlsXX3/ig1csFXQvL9/YfIt5+2ucB0ZU17LLY
PABaYaLe/tRT8FdeLv9Sf/Zzy8jKUqIeYHve4glzgaaUedBr1xAyQJm5eSKjpoaY
uAXcXL7yVJcSy4yLOMxL2YopvmvnKJ1yA2RbK+V+Q89ECyl16X8p2C8EBtOVMoaC
JDsn9M/RfWHbR+ioFM9vSIoCdMmW1UbMKkU1zMMfHGv6+ECLw9fL2GvomPMvkmDG
zX9yYjBY8Ois/aDP5cH3IgYiuKNTXu+gw4zR0o3loh2Aa/4JrIs=
=dnE9
-----END PGP SIGNATURE-----

--S76ssYaMXn4mZNUAvg7uVLG3IfhpQiHl8--

--===============5389710810820216078==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK

--===============5389710810820216078==--