drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in librsvg (Aktualisierung)
Name: |
Zwei Probleme in librsvg (Aktualisierung) |
|
ID: |
USN-4436-2 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 16.04 LTS, Ubuntu 18.04 LTS |
|
Datum: |
Mi, 29. Juli 2020, 23:09 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20446
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11464 |
|
Applikationen: |
libRSVG |
|
Update von: |
Zwei Probleme in librsvg |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============5389710810820216078== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="S76ssYaMXn4mZNUAvg7uVLG3IfhpQiHl8"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --S76ssYaMXn4mZNUAvg7uVLG3IfhpQiHl8 Content-Type: multipart/mixed; boundary="bIF6eQzRgtUxcMpAbOxng7pqW1PJ7XSTp"
--bIF6eQzRgtUxcMpAbOxng7pqW1PJ7XSTp Content-Type: text/plain; charset=utf-8 Content-Language: en-C Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-4436-2 July 29, 2020
librsvg regression ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS - Ubuntu 16.04 LTS
Summary:
USN-4436-1 introduced a regression in librsvg.
Software Description: - librsvg: renderer library for SVG files
Details:
USN-4436-1 fixed a vulnerability in librsvg. The upstream fix caused a regression when parsing certain SVG files. This update backs out the fix pending further investigation.
Original advisory details:
It was discovered that librsvg incorrectly handled parsing certain SVG files. A remote attacker could possibly use this issue to cause librsvg to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-11464) It was discovered that librsvg incorrectly handled parsing certain SVG files with nested patterns. A remote attacker could possibly use this issue to cause librsvg to consume resources and crash, resulting in a denial of service. (CVE-2019-20446)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.04 LTS: librsvg2-2 2.40.20-2ubuntu0.2
Ubuntu 16.04 LTS: librsvg2-2 2.40.13-3ubuntu0.2
After a standard system update you need to restart your session to make all the necessary changes.
References: https://usn.ubuntu.com/4436-2 https://usn.ubuntu.com/4436-1 https://launchpad.net/bugs/1889206
Package Information: https://launchpad.net/ubuntu/+source/librsvg/2.40.20-2ubuntu0.2 https://launchpad.net/ubuntu/+source/librsvg/2.40.13-3ubuntu0.2
--bIF6eQzRgtUxcMpAbOxng7pqW1PJ7XSTp--
--S76ssYaMXn4mZNUAvg7uVLG3IfhpQiHl8 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl8hkFMACgkQZWnYVadE vpPavw/+M6nzWtgIIA87swK/H3kXZBIXszyus40On8+eM0uonBZRnLp1zF0UoC05 bkQHWoTu8VkVTSWgHgIMDiv9QoXJrNuC7d6VZvLpQR47WaSoaB+WsJQZ9czp+MGQ vrAkju0tnnHFkYfuOOSKMNrDxMvfFCLGN7v310nsNBr16G0CkrXvEqQIobqZMo+M 1hbseMzzXxJTnDpHGgezx5t4TFwUl0DvNKecwamFW0SVQxwIPhkBJKTQKwlLRxDm bs15/4Rj53SrDGR/4coBnTMXydhX4wCKnWrGAKUumZ6a/Kdd8xWpwuLCd8EsgWf7 i1bmAI4sKn+r1UD10c5duqrew9aM2aw8RskUSV51gV60YDQ5vS5fysWaZtgHxlss MdQ69EI/oF4N2+H6cQTw/1OAkBQIlsXX3/ig1csFXQvL9/YfIt5+2ucB0ZU17LLY PABaYaLe/tRT8FdeLv9Sf/Zzy8jKUqIeYHve4glzgaaUedBr1xAyQJm5eSKjpoaY uAXcXL7yVJcSy4yLOMxL2YopvmvnKJ1yA2RbK+V+Q89ECyl16X8p2C8EBtOVMoaC JDsn9M/RfWHbR+ioFM9vSIoCdMmW1UbMKkU1zMMfHGv6+ECLw9fL2GvomPMvkmDG zX9yYjBY8Ois/aDP5cH3IgYiuKNTXu+gw4zR0o3loh2Aa/4JrIs= =dnE9 -----END PGP SIGNATURE-----
--S76ssYaMXn4mZNUAvg7uVLG3IfhpQiHl8--
--===============5389710810820216078== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5 LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj dXJpdHktYW5ub3VuY2UK
--===============5389710810820216078==--
|
|
|
|