Lucene search
UbuntuUSN-4436-2HistoryJul 29, 2020 - 12:00 a.m.
librsvg regression
2020-07-2900:00:00
ubuntu.com
46
Releases
- Ubuntu 18.04 ESM
- Ubuntu 16.04 ESM
Packages
- librsvg - renderer library for SVG files
Details
USN-4436-1 fixed a vulnerability in librsvg. The upstream fix caused a
regression when parsing certain SVG files. This update backs out the fix
pending further investigation.
Original advisory details:
It was discovered that librsvg incorrectly handled parsing certain SVG
files. A remote attacker could possibly use this issue to cause librsvg to
crash, resulting in a denial of service. This issue only affected Ubuntu
16.04 LTS. (CVE-2017-11464)
It was discovered that librsvg incorrectly handled parsing certain SVG
files with nested patterns. A remote attacker could possibly use this issue
to cause librsvg to consume resources and crash, resulting in a denial of
service. (CVE-2019-20446)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 18.04 | noarch | librsvg2-2 | < 2.40.20-2ubuntu0.2 | UNKNOWN |
| Ubuntu | 18.04 | noarch | gir1.2-rsvg-2.0 | < 2.40.20-2ubuntu0.2 | UNKNOWN |
| Ubuntu | 18.04 | noarch | librsvg2-2-dbgsym | < 2.40.20-2ubuntu0.2 | UNKNOWN |
| Ubuntu | 18.04 | noarch | librsvg2-bin | < 2.40.20-2ubuntu0.2 | UNKNOWN |
| Ubuntu | 18.04 | noarch | librsvg2-bin-dbgsym | < 2.40.20-2ubuntu0.2 | UNKNOWN |
| Ubuntu | 18.04 | noarch | librsvg2-common | < 2.40.20-2ubuntu0.2 | UNKNOWN |
| Ubuntu | 18.04 | noarch | librsvg2-common-dbgsym | < 2.40.20-2ubuntu0.2 | UNKNOWN |
| Ubuntu | 18.04 | noarch | librsvg2-dev | < 2.40.20-2ubuntu0.2 | UNKNOWN |
| Ubuntu | 18.04 | noarch | librsvg2-doc | < 2.40.20-2ubuntu0.2 | UNKNOWN |
| Ubuntu | 16.04 | noarch | librsvg2-2 | < 2.40.13-3ubuntu0.2 | UNKNOWN |
References
Related
nessus
nessus
Debian DLA-2285-1 : librsvg security update
2020-07-23 00:00:00
Ubuntu 16.04 LTS / 18.04 LTS : librsvg regression (USN-4436-2)
2020-07-30 00:00:00
RHEL 5 : librsvg (Unpatched Vulnerability)
2024-05-11 00:00:00
cloudfoundry
cloudfoundry
USN-4436-1: librsvg vulnerabilities | Cloud Foundry
2020-08-27 00:00:00
USN-4436-2: librsvg regression | Cloud Foundry
2020-08-27 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-4436-2)
2020-07-30 00:00:00
Ubuntu: Security Advisory (USN-4436-1)
2020-07-28 00:00:00
Debian: Security Advisory (DLA-2285-1)
2020-07-23 00:00:00
ubuntu
ubuntu
librsvg vulnerabilities
2020-07-27 00:00:00
fedora
fedora
[SECURITY] Fedora 25 Update: librsvg2-2.40.18-1.fc25
2017-07-25 00:30:14
[SECURITY] Fedora 26 Update: librsvg2-2.40.18-1.fc26
2017-07-24 19:25:41
[SECURITY] Fedora 25 Update: mingw-librsvg2-2.40.18-1.fc25
2017-07-28 20:51:01
osv
osv
CVE-2017-11464
2017-07-19 21:29:00
Moderate: librsvg2 security update
2020-11-03 12:29:09
Moderate: librsvg2 security update
2020-11-03 12:29:09
ubuntucve
ubuntucve
CVE-2017-11464
2017-07-19 00:00:00
CVE-2019-20446
2020-02-02 00:00:00
redhatcve
redhatcve
CVE-2017-11464
2017-07-24 14:18:51
CVE-2019-20446
2020-02-03 14:18:18
cvelist
cvelist
CVE-2017-11464
2017-07-19 21:00:00
CVE-2019-20446
2020-02-02 00:00:00
debiancve
debiancve
CVE-2017-11464
2017-07-19 21:29:00
CVE-2019-20446
2020-02-02 14:15:10
prion
prion
Design/Logic Flaw
2017-07-19 21:29:00
Design/Logic Flaw
2020-02-02 14:15:00
cve
cve
CVE-2017-11464
2017-07-19 21:29:00
CVE-2019-20446
2020-02-02 14:15:10
mageia
mageia
Updated librsvg packages fix security vulnerability
2017-08-08 01:16:24
Updated librsvg packages fix security vulnerability
2020-04-05 20:07:15
veracode
veracode
Denial Of Service (DoS)
2020-11-05 03:18:39
redhat
redhat
(RHSA-2020:4709) Moderate: librsvg2 security update
2020-11-03 12:29:09
oraclelinux
oraclelinux
librsvg2 security update
2020-11-10 00:00:00
freebsd
freebsd
librsvg2 -- multiple vulnerabilities
2020-02-26 00:00:00
alpinelinux
alpinelinux
CVE-2019-20446
2020-02-02 14:15:10
almalinux
almalinux
Moderate: librsvg2 security update
2020-11-03 12:29:09
rocky
rocky
librsvg2 security update
2020-11-03 12:29:09