来源:Ubuntu官网
发布日期:2020-07-29
阅读次数:1761
评论:0
更新标题
USN-4436-2: librsvg regression
更新详情
librsvg regression
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 18.04 LTS
Ubuntu 16.04 LTS
Summary
USN-4436-1 introduced a regression in librsvg.
Software Description
librsvg - renderer library for SVG files
Details
USN-4436-1 fixed a vulnerability in librsvg. The upstream fix caused a regression when parsing certain SVG files. This update backs out the fix pending further investigation.
Original advisory details:
It was discovered that librsvg incorrectly handled parsing certain SVG files. A remote attacker could possibly use this issue to cause librsvg to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-11464)
It was discovered that librsvg incorrectly handled parsing certain SVG files with nested patterns. A remote attacker could possibly use this issue to cause librsvg to consume resources and crash, resulting in a denial of service. (CVE-2019-20446)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.04 LTS
librsvg2-2 - 2.40.20-2ubuntu0.2
Ubuntu 16.04 LTS
librsvg2-2 - 2.40.13-3ubuntu0.2
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to restart your session to make all the necessary changes.
References
USN-4436-1
LP: 1889206
]]>
软件描述
Ubuntu是一个以桌面应用为主的Linux操作系统
评论