| Summary: | librsvg new security issue CVE-2019-20446 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | andrewsfarm, fri, herman.viaene, nicolas.salguero, sysadmin-bugs, tarazed25, tmb |
| Version: | 7 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA7-64-OK | ||
| Source RPM: | librsvg-2.45.5-3.mga7.src.rpm | CVE: | CVE-2019-20446 |
| Status comment: | |||
|
Description
David Walser
2020-03-06 19:53:58 CET
No registered nor evident maintainer, so assigning globally. Assignee:
bugsquad =>
pkg-bugs
Morgan Leijström
2020-03-12 12:27:26 CET
CC:
(none) =>
fri openSUSE has issued an advisory for this on March 15: https://lists.opensuse.org/opensuse-updates/2020-03/msg00080.html Status comment:
(none) =>
Fixed upstream in 2.46.2, patch available from openSUSE Suggested advisory: ======================== The updated packages fix a security vulnerability: In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially. (CVE-2019-20446) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20446 http://lists.suse.com/pipermail/sle-security-updates/2020-March/006583.html https://lists.opensuse.org/opensuse-updates/2020-03/msg00080.html ======================== Updated packages in core/updates_testing: ======================== librsvg-2.45.5-3.1.mga7 lib(64)rsvg2_2-2.45.5-3.1.mga7 lib(64)rsvg2-devel-2.45.5-3.1.mga7 lib(64)rsvg-gir2.0-2.45.5-3.1.mga7 from SRPMS: librsvg-2.45.5-3.1.mga7.src.rpm CC:
(none) =>
nicolas.salguero MGA7-64 Plasma on Lenovo B50 No installation issues. Loaded svg image from https://dev.w3.org/SVG/tools/svgweb/samples/svg-files/ Ref bug 23206 for testing. $ rsvg-view-3 tiger.svg opens in small window, resizing it shows nice image. Right click on the image and save as png. Resulting png displays OK in gwenview. $ rsvg-convert -f pdf -h 720 -w 512 -b '#ebafdc' tiger.svg -o $ rsvg-convert -f pdf -h 720 -w 720 -b '#ebafdc' tiger.svg -o tiger.pdf Gives pdf file, looks good in Okular. Whiteboard:
(none) =>
MGA7-64-OK Validating. Advisory in Comment 3. CC:
(none) =>
andrewsfarm, sysadmin-bugs Adding the PoC test for what it is worth. CVE-2019-20446 https://gitlab.gnome.org/GNOME/librsvg/issues/515 sample 1: $ rsvg-convert -o foo.png nested-pattern-crash.svg Hangs forever. sample 2: $ rsvg-convert -o poc.png deep.svg Error reading SVG:XML parse error: Error domain 1 code 5 on line 5000023 column 1 of data: Extra content at the end of the document <returns after several seconds> After update: $ rsvg-convert -o foo.png nested-pattern-crash.svg Could not render file nested-pattern-crash.svg <returned immediately> $ rsvg-convert -o poc.png deep.svg Error reading SVG:XML parse error: Error domain 1 code 5 on line 5000023 column 1 of data: Extra content at the end of the document <returned almost immediately> Good result. CC:
(none) =>
tarazed25
Thomas Backlund
2020-04-05 18:36:18 CEST
CC:
(none) =>
tmb An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0159.html Resolution:
(none) =>
FIXED |