Security update for librsvg SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2026:0243-1 Final 1 1 2026-01-22T13:57:37Z current 2026-01-22T13:57:37Z 2026-01-22T13:57:37Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for librsvg This update for librsvg fixes the following issues: Update to version 2.57.4 - bsc#1243867: + CVE-2024-12224: RUSTSEC-2024-0421 - idna accepts Punycode labels that do not produce any non-ASCII when decoded. + RUSTSEC-2024-0404 - Unsoundness in anstream. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2026-243,SUSE-SLE-Module-Basesystem-15-SP7-2026-243,SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-243,openSUSE-SLE-15.6-2026-243 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2026/suse-su-20260243-1/ Link for SUSE-SU-2026:0243-1 https://lists.suse.com/pipermail/sle-security-updates/2026-January/023846.html E-Mail link for SUSE-SU-2026:0243-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1243867 SUSE Bug 1243867 https://www.suse.com/security/cve/CVE-2024-12224/ SUSE CVE CVE-2024-12224 page SUSE Linux Enterprise Module for Basesystem 15 SP7 SUSE Linux Enterprise Module for Desktop Applications 15 SP7 openSUSE Leap 15.6 gdk-pixbuf-loader-rsvg-2.57.4-150600.3.3.1 gdk-pixbuf-loader-rsvg-32bit-2.57.4-150600.3.3.1 gdk-pixbuf-loader-rsvg-64bit-2.57.4-150600.3.3.1 librsvg-2-2-2.57.4-150600.3.3.1 librsvg-2-2-32bit-2.57.4-150600.3.3.1 librsvg-2-2-64bit-2.57.4-150600.3.3.1 librsvg-devel-2.57.4-150600.3.3.1 rsvg-convert-2.57.4-150600.3.3.1 rsvg-thumbnailer-2.57.4-150600.3.3.1 typelib-1_0-Rsvg-2_0-2.57.4-150600.3.3.1 gdk-pixbuf-loader-rsvg-2.57.4-150600.3.3.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 librsvg-2-2-2.57.4-150600.3.3.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 librsvg-devel-2.57.4-150600.3.3.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP7 typelib-1_0-Rsvg-2_0-2.57.4-150600.3.3.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP7 gdk-pixbuf-loader-rsvg-2.57.4-150600.3.3.1 as a component of openSUSE Leap 15.6 gdk-pixbuf-loader-rsvg-32bit-2.57.4-150600.3.3.1 as a component of openSUSE Leap 15.6 librsvg-2-2-2.57.4-150600.3.3.1 as a component of openSUSE Leap 15.6 librsvg-2-2-32bit-2.57.4-150600.3.3.1 as a component of openSUSE Leap 15.6 librsvg-devel-2.57.4-150600.3.3.1 as a component of openSUSE Leap 15.6 rsvg-convert-2.57.4-150600.3.3.1 as a component of openSUSE Leap 15.6 rsvg-thumbnailer-2.57.4-150600.3.3.1 as a component of openSUSE Leap 15.6 typelib-1_0-Rsvg-2_0-2.57.4-150600.3.3.1 as a component of openSUSE Leap 15.6 Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname. CVE-2024-12224 SUSE Linux Enterprise Module for Basesystem 15 SP7:gdk-pixbuf-loader-rsvg-2.57.4-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:librsvg-2-2-2.57.4-150600.3.3.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP7:librsvg-devel-2.57.4-150600.3.3.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP7:typelib-1_0-Rsvg-2_0-2.57.4-150600.3.3.1 openSUSE Leap 15.6:gdk-pixbuf-loader-rsvg-2.57.4-150600.3.3.1 openSUSE Leap 15.6:gdk-pixbuf-loader-rsvg-32bit-2.57.4-150600.3.3.1 openSUSE Leap 15.6:librsvg-2-2-2.57.4-150600.3.3.1 openSUSE Leap 15.6:librsvg-2-2-32bit-2.57.4-150600.3.3.1 openSUSE Leap 15.6:librsvg-devel-2.57.4-150600.3.3.1 openSUSE Leap 15.6:rsvg-convert-2.57.4-150600.3.3.1 openSUSE Leap 15.6:rsvg-thumbnailer-2.57.4-150600.3.3.1 openSUSE Leap 15.6:typelib-1_0-Rsvg-2_0-2.57.4-150600.3.3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260243-1/ https://www.suse.com/security/cve/CVE-2024-12224.html CVE-2024-12224 https://bugzilla.suse.com/1243848 SUSE Bug 1243848