gdk-pixbuf-loader-rsvg-2.40.16-1.4 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10229 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z gdk-pixbuf-loader-rsvg-2.40.16-1.4 on GA media These are all security issues fixed in the gdk-pixbuf-loader-rsvg-2.40.16-1.4 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10229 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:10229 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2011-3146/ SUSE CVE CVE-2011-3146 page https://www.suse.com/security/cve/CVE-2013-1881/ SUSE CVE CVE-2013-1881 page openSUSE Tumbleweed gdk-pixbuf-loader-rsvg-2.40.16-1.4 gdk-pixbuf-loader-rsvg-32bit-2.40.16-1.4 librsvg-2-2-2.40.16-1.4 librsvg-2-2-32bit-2.40.16-1.4 librsvg-devel-2.40.16-1.4 rsvg-view-2.40.16-1.4 typelib-1_0-Rsvg-2_0-2.40.16-1.4 gdk-pixbuf-loader-rsvg-2.40.16-1.4 as a component of openSUSE Tumbleweed gdk-pixbuf-loader-rsvg-32bit-2.40.16-1.4 as a component of openSUSE Tumbleweed librsvg-2-2-2.40.16-1.4 as a component of openSUSE Tumbleweed librsvg-2-2-32bit-2.40.16-1.4 as a component of openSUSE Tumbleweed librsvg-devel-2.40.16-1.4 as a component of openSUSE Tumbleweed rsvg-view-2.40.16-1.4 as a component of openSUSE Tumbleweed typelib-1_0-Rsvg-2_0-2.40.16-1.4 as a component of openSUSE Tumbleweed librsvg before 2.34.1 uses the node name to identify the type of node, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference) and possibly execute arbitrary code via a SVG file with a node with the element name starting with "fe," which is misidentified as a RsvgFilterPrimitive. CVE-2011-3146 openSUSE Tumbleweed:gdk-pixbuf-loader-rsvg-2.40.16-1.4 openSUSE Tumbleweed:gdk-pixbuf-loader-rsvg-32bit-2.40.16-1.4 openSUSE Tumbleweed:librsvg-2-2-2.40.16-1.4 openSUSE Tumbleweed:librsvg-2-2-32bit-2.40.16-1.4 openSUSE Tumbleweed:librsvg-devel-2.40.16-1.4 openSUSE Tumbleweed:rsvg-view-2.40.16-1.4 openSUSE Tumbleweed:typelib-1_0-Rsvg-2_0-2.40.16-1.4 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-3146.html CVE-2011-3146 https://bugzilla.suse.com/714980 SUSE Bug 714980 GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. CVE-2013-1881 openSUSE Tumbleweed:gdk-pixbuf-loader-rsvg-2.40.16-1.4 openSUSE Tumbleweed:gdk-pixbuf-loader-rsvg-32bit-2.40.16-1.4 openSUSE Tumbleweed:librsvg-2-2-2.40.16-1.4 openSUSE Tumbleweed:librsvg-2-2-32bit-2.40.16-1.4 openSUSE Tumbleweed:librsvg-devel-2.40.16-1.4 openSUSE Tumbleweed:rsvg-view-2.40.16-1.4 openSUSE Tumbleweed:typelib-1_0-Rsvg-2_0-2.40.16-1.4 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1881.html CVE-2013-1881 https://bugzilla.suse.com/840753 SUSE Bug 840753