Bug 23206 - librsvg new security issue CVE-2018-1000041
Summary: librsvg new security issue CVE-2018-1000041
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 5
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA5-32-OK
Keywords: advisory, has_procedure, validated_update
Depends on: 23144
Blocks:
  Show dependency treegraph
 
Reported: 2018-06-20 13:10 CEST by David Walser
Modified: 2018-06-25 00:03 CEST (History)
2 users (show)

See Also:
Source RPM: librsvg-2.40.18-1.mga5.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2018-06-20 13:10:44 CEST
+++ This bug was initially created as a clone of Bug #23144 +++

openSUSE has issued an advisory on May 17:
https://lists.opensuse.org/opensuse-updates/2018-05/msg00045.html

Patched package also uploaded for Mageia 5.

Advisory:
========================

Updated librsvg package fixes security vulnerability:

It was discovered that there was an input validation vulnerability in the librsvg renderer library that could result in data being leaked to remote attackers via a specially-crafted file (CVE-2018-1000041).

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000041
https://lists.opensuse.org/opensuse-updates/2018-05/msg00045.html
========================

Updated packages in core/updates_testing:
========================
lib64rsvg2_2-2.40.18-1.1.mga5
lib64rsvg2-devel-2.40.18-1.1.mga5
lib64rsvg-gir2.0-2.40.18-1.1.mga5
librsvg-2.40.18-1.1.mga5

from librsvg-2.40.18-1.1.mga5.src.rpm

Testing procedure https://bugs.mageia.org/show_bug.cgi?id=21368#c4
Comment 1 Herman Viaene 2018-06-22 15:10:45 CEST
MGA5-32 on Dell Latitude D600 Xfce
No installation issues
at CLI:
$ rsvg-view-3 wapen.svg
Opens ridiculous small window, when stretched out, image is OK.
Right click on the image and save as png. Resulting png displays OK in ristretto.
$ rsvg-convert -f pdf -h 720 -w 512 -b '#ebafdc' wapen.svg -o wapen.pdf
Resulting pdf looks OK in atril.

Whiteboard: (none) => MGA5-32-OK
CC: (none) => herman.viaene

Comment 2 claire robinson 2018-06-24 21:42:34 CEST
Validating. Advisoried.

Keywords: (none) => advisory, validated_update
CC: (none) => sysadmin-bugs

Comment 3 Mageia Robot 2018-06-25 00:03:40 CEST
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2018-0297.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED


Note You need to log in before you can comment on or make changes to this bug.