librsvg2-2.50.7-1.el9.1

エラータID: AXSA:2023-6396:01

Release date: 
Tuesday, September 19, 2023 - 12:43
Subject: 
librsvg2-2.50.7-1.el9.1
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

The librsvg2 packages provide a Scalable Vector Graphics (SVG) library based on the libart library.

Security Fix(es):

* librsvg: Arbitrary file read when xinclude href has special characters (CVE-2023-38633)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2023-38633
A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element.

Solution: 

Update packages.

CVEs: 
CVE-2023-38633
A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element.
Additional Info: 

N/A

Download: 

SRPMS
  1. librsvg2-2.50.7-1.el9.1.src.rpm
    MD5: 811a6b31b675ce20958eada97d3d89be
    SHA-256: 0bf29d22214384e2b5080fc8fe15cf5a3b79c9bd084860a762251bf673d684b0
    Size: 21.22 MB

Asianux Server 9 for x86_64
  1. librsvg2-2.50.7-1.el9.1.i686.rpm
    MD5: 0b6d92080723ab57a226b5d2d45a5a8f
    SHA-256: 16aec34da38581f2ae77d0d082005bed515031d3fc3508fc90afe0748ec7fe35
    Size: 3.37 MB
  2. librsvg2-2.50.7-1.el9.1.x86_64.rpm
    MD5: 402165bed3471f0cdb5abd9e30e667eb
    SHA-256: e5deb7860e60eaee312225bfea27c9b79268e855aa2e6e8c133c1730f82ae174
    Size: 3.26 MB
  3. librsvg2-devel-2.50.7-1.el9.1.i686.rpm
    MD5: a1a527d1c4abbed05570207a969b3d74
    SHA-256: a35e503d9b9c4f432c5c345d83db019692162c10af42bda97c1dc0d3ac97a0a2
    Size: 52.20 kB
  4. librsvg2-devel-2.50.7-1.el9.1.x86_64.rpm
    MD5: ae598419448cb468c5f9f91d3ed22c4b
    SHA-256: 7a963e0380a9d000947a0ff01e9eebc4bf2008926cdfdbd69bd2df4a1fd653c2
    Size: 52.19 kB
  5. librsvg2-tools-2.50.7-1.el9.1.x86_64.rpm
    MD5: 461f7915911826e820d523054f95b073
    SHA-256: 16e0f1136dae4059a8be67b1bb773bcf5cfd9d5fbd4c4efb66ef5b425beb4378
    Size: 17.58 kB