Headline
RHSA-2023:5081: Red Hat Security Advisory: librsvg2 security update
An update for librsvg2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-38633: A directory traversal vulnerability was discovered in the URL decoder of Librsvg. This issue occurs when xinclude href has special characters; demonstrated by href=".?../…/…/…/…/…/…/…/…/…/etc/passwd" in an xi:include element, which can allow an attacker to send a specially crafted URL request containing “dot dot” sequences (/…/) to view arbitrary files on the system, affecting the data confidentiality.
Synopsis
Moderate: librsvg2 security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for librsvg2 is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The librsvg2 packages provide a Scalable Vector Graphics (SVG) library based on the libart library.
Security Fix(es):
- librsvg: Arbitrary file read when xinclude href has special characters (CVE-2023-38633)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 9 x86_64
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.2 x86_64
- Red Hat Enterprise Linux Server - AUS 9.2 x86_64
- Red Hat Enterprise Linux for IBM z Systems 9 s390x
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.2 s390x
- Red Hat Enterprise Linux for Power, little endian 9 ppc64le
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.2 ppc64le
- Red Hat Enterprise Linux for ARM 64 9 aarch64
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.2 aarch64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 x86_64
- Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.2 aarch64
- Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.2 s390x
Fixes
- BZ - 2224945 - CVE-2023-38633 librsvg: Arbitrary file read when xinclude href has special characters
Red Hat Enterprise Linux for x86_64 9
SRPM
librsvg2-2.50.7-1.el9_2.1.src.rpm
SHA-256: 27a30010e56f83cb32579be111a97a929090ab16ccfabf2ea21a2d51e8bea0ab
x86_64
librsvg2-2.50.7-1.el9_2.1.i686.rpm
SHA-256: da9680cd62614a7075cdd2bc9ce79b9b4a3eabdaeed94fd5c58922a574aa2bde
librsvg2-2.50.7-1.el9_2.1.x86_64.rpm
SHA-256: dd110305ed74a1e4a908e3f013911ef1bfa15231d23c565ab70f76b4f83414ff
librsvg2-debuginfo-2.50.7-1.el9_2.1.i686.rpm
SHA-256: 78c2725de9dcf5f325a861d76f70a7d49b4639614ca8b7cbf1eec5d7fc5b4a82
librsvg2-debuginfo-2.50.7-1.el9_2.1.x86_64.rpm
SHA-256: a0fea658d353d6a68ae8bc4df2a6ca27dc3a61b3f6f72df4e8906ed8d1606180
librsvg2-debugsource-2.50.7-1.el9_2.1.i686.rpm
SHA-256: af512b81b22fe32305b4b23bbd44a6eeb11e4af2a6f04c97233eada2dabcf0ab
librsvg2-debugsource-2.50.7-1.el9_2.1.x86_64.rpm
SHA-256: 69b5a58e046d1a91ec831c997f25a05107e25400c64b54c05bb1cc98208710c7
librsvg2-devel-2.50.7-1.el9_2.1.i686.rpm
SHA-256: e5a81e8a7e586ed229a388d923dca9f9ea3253eb8196a9a49a71366e418d2b13
librsvg2-devel-2.50.7-1.el9_2.1.x86_64.rpm
SHA-256: df0a00c0c97a685e8b2482f4b888bff3406f72dbca7e133e6984053cae03ef96
librsvg2-tools-2.50.7-1.el9_2.1.x86_64.rpm
SHA-256: 0451d597c94b2268bca0b85033b0046b29fe113c09b28c5efe1b5294c14034b4
librsvg2-tools-debuginfo-2.50.7-1.el9_2.1.i686.rpm
SHA-256: d7c72f5afdcf3e591b06f17c7fde3df3653ff0df356f1c0278a8d104b9a1c488
librsvg2-tools-debuginfo-2.50.7-1.el9_2.1.x86_64.rpm
SHA-256: 40794afa3321f7de807d44b1fbc1ff4ec5a5ef26a0af0172a8b39d21a23199d4
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.2
SRPM
librsvg2-2.50.7-1.el9_2.1.src.rpm
SHA-256: 27a30010e56f83cb32579be111a97a929090ab16ccfabf2ea21a2d51e8bea0ab
x86_64
librsvg2-2.50.7-1.el9_2.1.i686.rpm
SHA-256: da9680cd62614a7075cdd2bc9ce79b9b4a3eabdaeed94fd5c58922a574aa2bde
librsvg2-2.50.7-1.el9_2.1.x86_64.rpm
SHA-256: dd110305ed74a1e4a908e3f013911ef1bfa15231d23c565ab70f76b4f83414ff
librsvg2-debuginfo-2.50.7-1.el9_2.1.i686.rpm
SHA-256: 78c2725de9dcf5f325a861d76f70a7d49b4639614ca8b7cbf1eec5d7fc5b4a82
librsvg2-debuginfo-2.50.7-1.el9_2.1.x86_64.rpm
SHA-256: a0fea658d353d6a68ae8bc4df2a6ca27dc3a61b3f6f72df4e8906ed8d1606180
librsvg2-debugsource-2.50.7-1.el9_2.1.i686.rpm
SHA-256: af512b81b22fe32305b4b23bbd44a6eeb11e4af2a6f04c97233eada2dabcf0ab
librsvg2-debugsource-2.50.7-1.el9_2.1.x86_64.rpm
SHA-256: 69b5a58e046d1a91ec831c997f25a05107e25400c64b54c05bb1cc98208710c7
librsvg2-devel-2.50.7-1.el9_2.1.i686.rpm
SHA-256: e5a81e8a7e586ed229a388d923dca9f9ea3253eb8196a9a49a71366e418d2b13
librsvg2-devel-2.50.7-1.el9_2.1.x86_64.rpm
SHA-256: df0a00c0c97a685e8b2482f4b888bff3406f72dbca7e133e6984053cae03ef96
librsvg2-tools-2.50.7-1.el9_2.1.x86_64.rpm
SHA-256: 0451d597c94b2268bca0b85033b0046b29fe113c09b28c5efe1b5294c14034b4
librsvg2-tools-debuginfo-2.50.7-1.el9_2.1.i686.rpm
SHA-256: d7c72f5afdcf3e591b06f17c7fde3df3653ff0df356f1c0278a8d104b9a1c488
librsvg2-tools-debuginfo-2.50.7-1.el9_2.1.x86_64.rpm
SHA-256: 40794afa3321f7de807d44b1fbc1ff4ec5a5ef26a0af0172a8b39d21a23199d4
Red Hat Enterprise Linux Server - AUS 9.2
SRPM
librsvg2-2.50.7-1.el9_2.1.src.rpm
SHA-256: 27a30010e56f83cb32579be111a97a929090ab16ccfabf2ea21a2d51e8bea0ab
x86_64
librsvg2-2.50.7-1.el9_2.1.i686.rpm
SHA-256: da9680cd62614a7075cdd2bc9ce79b9b4a3eabdaeed94fd5c58922a574aa2bde
librsvg2-2.50.7-1.el9_2.1.x86_64.rpm
SHA-256: dd110305ed74a1e4a908e3f013911ef1bfa15231d23c565ab70f76b4f83414ff
librsvg2-debuginfo-2.50.7-1.el9_2.1.i686.rpm
SHA-256: 78c2725de9dcf5f325a861d76f70a7d49b4639614ca8b7cbf1eec5d7fc5b4a82
librsvg2-debuginfo-2.50.7-1.el9_2.1.x86_64.rpm
SHA-256: a0fea658d353d6a68ae8bc4df2a6ca27dc3a61b3f6f72df4e8906ed8d1606180
librsvg2-debugsource-2.50.7-1.el9_2.1.i686.rpm
SHA-256: af512b81b22fe32305b4b23bbd44a6eeb11e4af2a6f04c97233eada2dabcf0ab
librsvg2-debugsource-2.50.7-1.el9_2.1.x86_64.rpm
SHA-256: 69b5a58e046d1a91ec831c997f25a05107e25400c64b54c05bb1cc98208710c7
librsvg2-devel-2.50.7-1.el9_2.1.i686.rpm
SHA-256: e5a81e8a7e586ed229a388d923dca9f9ea3253eb8196a9a49a71366e418d2b13
librsvg2-devel-2.50.7-1.el9_2.1.x86_64.rpm
SHA-256: df0a00c0c97a685e8b2482f4b888bff3406f72dbca7e133e6984053cae03ef96
librsvg2-tools-2.50.7-1.el9_2.1.x86_64.rpm
SHA-256: 0451d597c94b2268bca0b85033b0046b29fe113c09b28c5efe1b5294c14034b4
librsvg2-tools-debuginfo-2.50.7-1.el9_2.1.i686.rpm
SHA-256: d7c72f5afdcf3e591b06f17c7fde3df3653ff0df356f1c0278a8d104b9a1c488
librsvg2-tools-debuginfo-2.50.7-1.el9_2.1.x86_64.rpm
SHA-256: 40794afa3321f7de807d44b1fbc1ff4ec5a5ef26a0af0172a8b39d21a23199d4
Red Hat Enterprise Linux for IBM z Systems 9
SRPM
librsvg2-2.50.7-1.el9_2.1.src.rpm
SHA-256: 27a30010e56f83cb32579be111a97a929090ab16ccfabf2ea21a2d51e8bea0ab
s390x
librsvg2-2.50.7-1.el9_2.1.s390x.rpm
SHA-256: a0ae7ee42169d2aed33f28bf43fe3cd2fbc143d39e561ad03d0fdd9a60c27f3b
librsvg2-debuginfo-2.50.7-1.el9_2.1.s390x.rpm
SHA-256: 10dac9dcdf7160241033743032872782aaa7f93bc38550eaed9698e1a8fe2482
librsvg2-debugsource-2.50.7-1.el9_2.1.s390x.rpm
SHA-256: e47d8562228e4a62599efe3584a57371da598e03212bfa8ebb3f67f16aad4926
librsvg2-devel-2.50.7-1.el9_2.1.s390x.rpm
SHA-256: d75fed4bd2a8ebaf64d9430440c38b645f08dd57a2636540c6839f007d4e4863
librsvg2-tools-2.50.7-1.el9_2.1.s390x.rpm
SHA-256: 13e0dc6b2c0be7a22fad59f47748ec805b6990c27268818daabc83a330e5e330
librsvg2-tools-debuginfo-2.50.7-1.el9_2.1.s390x.rpm
SHA-256: c897cedeabf73c3c410431fe58b6b57172259bf355e738aa49f03c37bd52234f
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.2
SRPM
librsvg2-2.50.7-1.el9_2.1.src.rpm
SHA-256: 27a30010e56f83cb32579be111a97a929090ab16ccfabf2ea21a2d51e8bea0ab
s390x
librsvg2-2.50.7-1.el9_2.1.s390x.rpm
SHA-256: a0ae7ee42169d2aed33f28bf43fe3cd2fbc143d39e561ad03d0fdd9a60c27f3b
librsvg2-debuginfo-2.50.7-1.el9_2.1.s390x.rpm
SHA-256: 10dac9dcdf7160241033743032872782aaa7f93bc38550eaed9698e1a8fe2482
librsvg2-debugsource-2.50.7-1.el9_2.1.s390x.rpm
SHA-256: e47d8562228e4a62599efe3584a57371da598e03212bfa8ebb3f67f16aad4926
librsvg2-devel-2.50.7-1.el9_2.1.s390x.rpm
SHA-256: d75fed4bd2a8ebaf64d9430440c38b645f08dd57a2636540c6839f007d4e4863
librsvg2-tools-2.50.7-1.el9_2.1.s390x.rpm
SHA-256: 13e0dc6b2c0be7a22fad59f47748ec805b6990c27268818daabc83a330e5e330
librsvg2-tools-debuginfo-2.50.7-1.el9_2.1.s390x.rpm
SHA-256: c897cedeabf73c3c410431fe58b6b57172259bf355e738aa49f03c37bd52234f
Red Hat Enterprise Linux for Power, little endian 9
SRPM
librsvg2-2.50.7-1.el9_2.1.src.rpm
SHA-256: 27a30010e56f83cb32579be111a97a929090ab16ccfabf2ea21a2d51e8bea0ab
ppc64le
librsvg2-2.50.7-1.el9_2.1.ppc64le.rpm
SHA-256: ddce65f9c76738b215375707894358feb228afff4bd8ffc8ce5818c92d8cb930
librsvg2-debuginfo-2.50.7-1.el9_2.1.ppc64le.rpm
SHA-256: 69d30eb8325935a82ce3654d4117104d0c5fcac6d4fa8cfe2156db97d9a850a7
librsvg2-debugsource-2.50.7-1.el9_2.1.ppc64le.rpm
SHA-256: b266eb358f9763a671f653654d05b19d112adec78c2ffa2c78eef18c53c4da84
librsvg2-devel-2.50.7-1.el9_2.1.ppc64le.rpm
SHA-256: c7afe16e91e59299c639c7b9a2ec4449f56bf8a1b726124fa640738aeda09f8e
librsvg2-tools-2.50.7-1.el9_2.1.ppc64le.rpm
SHA-256: d168eae81ae8f0886fd9aa34debc6ee98064f776ce0705a6620167e5e3dad007
librsvg2-tools-debuginfo-2.50.7-1.el9_2.1.ppc64le.rpm
SHA-256: 4228aed84649880e473ab82efd9d00de9c08a1d47f6855b327263f052c30578e
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.2
SRPM
librsvg2-2.50.7-1.el9_2.1.src.rpm
SHA-256: 27a30010e56f83cb32579be111a97a929090ab16ccfabf2ea21a2d51e8bea0ab
ppc64le
librsvg2-2.50.7-1.el9_2.1.ppc64le.rpm
SHA-256: ddce65f9c76738b215375707894358feb228afff4bd8ffc8ce5818c92d8cb930
librsvg2-debuginfo-2.50.7-1.el9_2.1.ppc64le.rpm
SHA-256: 69d30eb8325935a82ce3654d4117104d0c5fcac6d4fa8cfe2156db97d9a850a7
librsvg2-debugsource-2.50.7-1.el9_2.1.ppc64le.rpm
SHA-256: b266eb358f9763a671f653654d05b19d112adec78c2ffa2c78eef18c53c4da84
librsvg2-devel-2.50.7-1.el9_2.1.ppc64le.rpm
SHA-256: c7afe16e91e59299c639c7b9a2ec4449f56bf8a1b726124fa640738aeda09f8e
librsvg2-tools-2.50.7-1.el9_2.1.ppc64le.rpm
SHA-256: d168eae81ae8f0886fd9aa34debc6ee98064f776ce0705a6620167e5e3dad007
librsvg2-tools-debuginfo-2.50.7-1.el9_2.1.ppc64le.rpm
SHA-256: 4228aed84649880e473ab82efd9d00de9c08a1d47f6855b327263f052c30578e
Red Hat Enterprise Linux for ARM 64 9
SRPM
librsvg2-2.50.7-1.el9_2.1.src.rpm
SHA-256: 27a30010e56f83cb32579be111a97a929090ab16ccfabf2ea21a2d51e8bea0ab
aarch64
librsvg2-2.50.7-1.el9_2.1.aarch64.rpm
SHA-256: 6bca9790b13c5c5cdb4bd7dba803c57b50b1722f0f1a26fb1e14f75f5b1d8aca
librsvg2-debuginfo-2.50.7-1.el9_2.1.aarch64.rpm
SHA-256: f0dc0d0d6a9338d29509761edaa746a9897c5d4b8334cf8b6c84885a063faf7b
librsvg2-debugsource-2.50.7-1.el9_2.1.aarch64.rpm
SHA-256: f7686fbd62c9c8136804d15a8f3b75610d011cd59e19af2dded47f2f5cc27a3f
librsvg2-devel-2.50.7-1.el9_2.1.aarch64.rpm
SHA-256: 811d3a22884dc865196f79141a2ca8c4f7a3aace55c48b5f0697b4f5de98ef75
librsvg2-tools-2.50.7-1.el9_2.1.aarch64.rpm
SHA-256: 5e73b0f3bfaec691da6c27bbc245981d14630b44f6e7343ddc8f01b2ad2eab12
librsvg2-tools-debuginfo-2.50.7-1.el9_2.1.aarch64.rpm
SHA-256: 8fa630b612a5fd22139f8b11f9b4bec6d754da4749704cc13ab00bb55f056b8e
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.2
SRPM
librsvg2-2.50.7-1.el9_2.1.src.rpm
SHA-256: 27a30010e56f83cb32579be111a97a929090ab16ccfabf2ea21a2d51e8bea0ab
aarch64
librsvg2-2.50.7-1.el9_2.1.aarch64.rpm
SHA-256: 6bca9790b13c5c5cdb4bd7dba803c57b50b1722f0f1a26fb1e14f75f5b1d8aca
librsvg2-debuginfo-2.50.7-1.el9_2.1.aarch64.rpm
SHA-256: f0dc0d0d6a9338d29509761edaa746a9897c5d4b8334cf8b6c84885a063faf7b
librsvg2-debugsource-2.50.7-1.el9_2.1.aarch64.rpm
SHA-256: f7686fbd62c9c8136804d15a8f3b75610d011cd59e19af2dded47f2f5cc27a3f
librsvg2-devel-2.50.7-1.el9_2.1.aarch64.rpm
SHA-256: 811d3a22884dc865196f79141a2ca8c4f7a3aace55c48b5f0697b4f5de98ef75
librsvg2-tools-2.50.7-1.el9_2.1.aarch64.rpm
SHA-256: 5e73b0f3bfaec691da6c27bbc245981d14630b44f6e7343ddc8f01b2ad2eab12
librsvg2-tools-debuginfo-2.50.7-1.el9_2.1.aarch64.rpm
SHA-256: 8fa630b612a5fd22139f8b11f9b4bec6d754da4749704cc13ab00bb55f056b8e
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2
SRPM
librsvg2-2.50.7-1.el9_2.1.src.rpm
SHA-256: 27a30010e56f83cb32579be111a97a929090ab16ccfabf2ea21a2d51e8bea0ab
ppc64le
librsvg2-2.50.7-1.el9_2.1.ppc64le.rpm
SHA-256: ddce65f9c76738b215375707894358feb228afff4bd8ffc8ce5818c92d8cb930
librsvg2-debuginfo-2.50.7-1.el9_2.1.ppc64le.rpm
SHA-256: 69d30eb8325935a82ce3654d4117104d0c5fcac6d4fa8cfe2156db97d9a850a7
librsvg2-debugsource-2.50.7-1.el9_2.1.ppc64le.rpm
SHA-256: b266eb358f9763a671f653654d05b19d112adec78c2ffa2c78eef18c53c4da84
librsvg2-devel-2.50.7-1.el9_2.1.ppc64le.rpm
SHA-256: c7afe16e91e59299c639c7b9a2ec4449f56bf8a1b726124fa640738aeda09f8e
librsvg2-tools-2.50.7-1.el9_2.1.ppc64le.rpm
SHA-256: d168eae81ae8f0886fd9aa34debc6ee98064f776ce0705a6620167e5e3dad007
librsvg2-tools-debuginfo-2.50.7-1.el9_2.1.ppc64le.rpm
SHA-256: 4228aed84649880e473ab82efd9d00de9c08a1d47f6855b327263f052c30578e
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2
SRPM
librsvg2-2.50.7-1.el9_2.1.src.rpm
SHA-256: 27a30010e56f83cb32579be111a97a929090ab16ccfabf2ea21a2d51e8bea0ab
x86_64
librsvg2-2.50.7-1.el9_2.1.i686.rpm
SHA-256: da9680cd62614a7075cdd2bc9ce79b9b4a3eabdaeed94fd5c58922a574aa2bde
librsvg2-2.50.7-1.el9_2.1.x86_64.rpm
SHA-256: dd110305ed74a1e4a908e3f013911ef1bfa15231d23c565ab70f76b4f83414ff
librsvg2-debuginfo-2.50.7-1.el9_2.1.i686.rpm
SHA-256: 78c2725de9dcf5f325a861d76f70a7d49b4639614ca8b7cbf1eec5d7fc5b4a82
librsvg2-debuginfo-2.50.7-1.el9_2.1.x86_64.rpm
SHA-256: a0fea658d353d6a68ae8bc4df2a6ca27dc3a61b3f6f72df4e8906ed8d1606180
librsvg2-debugsource-2.50.7-1.el9_2.1.i686.rpm
SHA-256: af512b81b22fe32305b4b23bbd44a6eeb11e4af2a6f04c97233eada2dabcf0ab
librsvg2-debugsource-2.50.7-1.el9_2.1.x86_64.rpm
SHA-256: 69b5a58e046d1a91ec831c997f25a05107e25400c64b54c05bb1cc98208710c7
librsvg2-devel-2.50.7-1.el9_2.1.i686.rpm
SHA-256: e5a81e8a7e586ed229a388d923dca9f9ea3253eb8196a9a49a71366e418d2b13
librsvg2-devel-2.50.7-1.el9_2.1.x86_64.rpm
SHA-256: df0a00c0c97a685e8b2482f4b888bff3406f72dbca7e133e6984053cae03ef96
librsvg2-tools-2.50.7-1.el9_2.1.x86_64.rpm
SHA-256: 0451d597c94b2268bca0b85033b0046b29fe113c09b28c5efe1b5294c14034b4
librsvg2-tools-debuginfo-2.50.7-1.el9_2.1.i686.rpm
SHA-256: d7c72f5afdcf3e591b06f17c7fde3df3653ff0df356f1c0278a8d104b9a1c488
librsvg2-tools-debuginfo-2.50.7-1.el9_2.1.x86_64.rpm
SHA-256: 40794afa3321f7de807d44b1fbc1ff4ec5a5ef26a0af0172a8b39d21a23199d4
Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.2
SRPM
librsvg2-2.50.7-1.el9_2.1.src.rpm
SHA-256: 27a30010e56f83cb32579be111a97a929090ab16ccfabf2ea21a2d51e8bea0ab
aarch64
librsvg2-2.50.7-1.el9_2.1.aarch64.rpm
SHA-256: 6bca9790b13c5c5cdb4bd7dba803c57b50b1722f0f1a26fb1e14f75f5b1d8aca
librsvg2-debuginfo-2.50.7-1.el9_2.1.aarch64.rpm
SHA-256: f0dc0d0d6a9338d29509761edaa746a9897c5d4b8334cf8b6c84885a063faf7b
librsvg2-debugsource-2.50.7-1.el9_2.1.aarch64.rpm
SHA-256: f7686fbd62c9c8136804d15a8f3b75610d011cd59e19af2dded47f2f5cc27a3f
librsvg2-devel-2.50.7-1.el9_2.1.aarch64.rpm
SHA-256: 811d3a22884dc865196f79141a2ca8c4f7a3aace55c48b5f0697b4f5de98ef75
librsvg2-tools-2.50.7-1.el9_2.1.aarch64.rpm
SHA-256: 5e73b0f3bfaec691da6c27bbc245981d14630b44f6e7343ddc8f01b2ad2eab12
librsvg2-tools-debuginfo-2.50.7-1.el9_2.1.aarch64.rpm
SHA-256: 8fa630b612a5fd22139f8b11f9b4bec6d754da4749704cc13ab00bb55f056b8e
Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.2
SRPM
librsvg2-2.50.7-1.el9_2.1.src.rpm
SHA-256: 27a30010e56f83cb32579be111a97a929090ab16ccfabf2ea21a2d51e8bea0ab
s390x
librsvg2-2.50.7-1.el9_2.1.s390x.rpm
SHA-256: a0ae7ee42169d2aed33f28bf43fe3cd2fbc143d39e561ad03d0fdd9a60c27f3b
librsvg2-debuginfo-2.50.7-1.el9_2.1.s390x.rpm
SHA-256: 10dac9dcdf7160241033743032872782aaa7f93bc38550eaed9698e1a8fe2482
librsvg2-debugsource-2.50.7-1.el9_2.1.s390x.rpm
SHA-256: e47d8562228e4a62599efe3584a57371da598e03212bfa8ebb3f67f16aad4926
librsvg2-devel-2.50.7-1.el9_2.1.s390x.rpm
SHA-256: d75fed4bd2a8ebaf64d9430440c38b645f08dd57a2636540c6839f007d4e4863
librsvg2-tools-2.50.7-1.el9_2.1.s390x.rpm
SHA-256: 13e0dc6b2c0be7a22fad59f47748ec805b6990c27268818daabc83a330e5e330
librsvg2-tools-debuginfo-2.50.7-1.el9_2.1.s390x.rpm
SHA-256: c897cedeabf73c3c410431fe58b6b57172259bf355e738aa49f03c37bd52234f
Related news
Gentoo Linux Security Advisory 202408-14 - A vulnerability has been discovered in Librsvg, which can lead to arbitrary file reads. Versions greater than or equal to 2.56.3 are affected.
Red Hat Security Advisory 2023-5081-01 - The librsvg2 packages provide a Scalable Vector Graphics library based on the libart library.
Red Hat Security Advisory 2023-4809-01 - The librsvg2 packages provide a Scalable Vector Graphics library based on the libart library.
An update for librsvg2 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-38633: A directory traversal vulnerability was discovered in the URL decoder of Librsvg. This issue occurs when xinclude href has special characters; demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element, which can allow an attacker to send a specially crafted URL request containing "dot do...
Debian Linux Security Advisory 5484-1 - Zac Sims discovered a directory traversal in the URL decoder of librsvg, a SAX-based renderer library for SVG files, which could result in read of arbitrary files when processing a specially crafted SVG file with an include element.
Ubuntu Security Notice 6266-1 - Zac Sims discovered that librsvg incorrectly handled decoding URLs. A remote attacker could possibly use this issue to read arbitrary files by using an include element.
A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element.