[ALSA-2020:4709] Moderate: librsvg2 security update
Type:
security
Severity:
moderate
Release date:
2021-11-12
Description:
The librsvg2 packages provide a Scalable Vector Graphics (SVG) library based on the libart library. Security Fix(es): * librsvg: Resource exhaustion via crafted SVG file with nested patterns (CVE-2019-20446) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 librsvg2-2.42.7-4.el8.aarch64.rpm 171d006652fc2ce59a2daeb732e128d9c8176ca59977f40dcc835bf3ca78b9c3
aarch64 librsvg2-devel-2.42.7-4.el8.aarch64.rpm a501bc5422aba30dbf38fa07dba6e67a8013eb699e6f17386d45d291cb3b092f
aarch64 librsvg2-tools-2.42.7-4.el8.aarch64.rpm af4d13aee384f1b920d92823bd0fc88fd2b20b2f3f88a874aa1200cd1660863f
i686 librsvg2-devel-2.42.7-4.el8.i686.rpm 7495fe48cc43665f10dd95933047cfafe06349ba7c340053ee1ad7453b442cb9
i686 librsvg2-2.42.7-4.el8.i686.rpm b42a3281f870c4f7543f40dd1eb2778a1d970474e4492a084d984b08f869006c
ppc64le librsvg2-tools-2.42.7-4.el8.ppc64le.rpm 0a47d932d91ef7dbeefda8aa35ec60b3fdede3538a98ada360b04ee7f08d2a9b
ppc64le librsvg2-2.42.7-4.el8.ppc64le.rpm 750945244ceb04348113a192682c74396a09ba2d847fe5438b982cbfd3b37e5c
ppc64le librsvg2-devel-2.42.7-4.el8.ppc64le.rpm c10fff387da6bd110e64fea364f4b331e543a8a705bc4ac59b5b50546538f43f
x86_64 librsvg2-tools-2.42.7-4.el8.x86_64.rpm 27b1e8f811c009051024b7bd88b436e7c94c5adfc882a792820dbd93b5e9ff5d
x86_64 librsvg2-2.42.7-4.el8.x86_64.rpm 5360efeeaee4899c1cd704d4712c7ea4e39c24591283a546e76560920dbc2a77
x86_64 librsvg2-devel-2.42.7-4.el8.x86_64.rpm b6421b647dae82fae37998c2bf395d1eb4f3434025d5817e5270f524917f2089
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.