suse-su-2018:1288-1
Vulnerability from csaf_suse
Published
2018-05-15 13:04
Modified
2018-05-15 13:04
Summary
Security update for librsvg
Notes
Title of the patch
Security update for librsvg
Description of the patch
This update for librsvg fixes the following issues:
- CVE-2018-1000041: Input validation issue could lead to credentials leak. (bsc#1083232)
Update to version 2.40.20:
+ Except for emergencies, this will be the LAST RELEASE of the
librsvg-2.40.x series. We are moving to 2.41, which is vastly
improved over the 2.40 series. The API/ABI there remain unchaged,
so we strongly encourage you to upgrade your sources and binaries to
librsvg-2.41.x.
+ bgo#761175 - Allow masks and clips to reuse a node being drawn.
+ Don't access the file system when deciding whether to load a remote
file with a UNC path for a paint server (i.e. don't try to load it at all).
+ Vistual Studio: fixed and integrated introspection builds, so
introspection data is built directly from the Visual Studio project
(Chun-wei Fan).
+ Visual Studio: We now use HIGHENTROPYVA linker option on x64 builds,
to enhance the security of built binaries (Chun-wei Fan).
+ Fix generation of Vala bindings when compiling in read-only source
directories (Emmanuele Bassi).
Update to version 2.40.19:
+ bgo#621088: Using text objects as clipping paths is now supported.
+ bgo#587721: Fix rendering of text elements with transformations (Massimo).
+ bgo#777833 - Fix memory leaks when an RsvgHandle is disposed before
being closed (Philip Withnall).
+ bgo#782098 - Don't pass deprecated options to gtk-doc (Ting-Wei Lan).
+ bgo#786372 - Fix the default for the 'type' attribute of the <style> element.
+ bgo#785276 - Don't crash on single-byte files.
+ bgo#634514: Don't render unknown elements and their sub-elements.
+ bgo#777155 - Ignore patterns that have close-to-zero dimensions.
+ bgo#634324 - Fix Gaussian blurs with negative scaling.
+ Fix the <switch> element; it wasn't working at all.
+ Fix loading when rsvg_handle_write() is called one byte at a time.
+ bgo#787895 - Fix incorrect usage of libxml2. Thanks to Nick Wellnhofer
for advice on this.
+ Backported the test suite machinery from the master branch (Chun-wei Fan,
Federico Mena).
+ We now require Pango 1.38.0 or later (released in 2015).
+ We now require libxml2 2.9.0 or later (released in 2012).
Patchnames
SUSE-SLE-DESKTOP-12-SP3-2018-912,SUSE-SLE-SDK-12-SP3-2018-912,SUSE-SLE-SERVER-12-SP3-2018-912
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for librsvg",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for librsvg fixes the following issues:\n\n- CVE-2018-1000041: Input validation issue could lead to credentials leak. (bsc#1083232)\n\nUpdate to version 2.40.20:\n\n + Except for emergencies, this will be the LAST RELEASE of the\n librsvg-2.40.x series. We are moving to 2.41, which is vastly\n improved over the 2.40 series. The API/ABI there remain unchaged,\n so we strongly encourage you to upgrade your sources and binaries to\n librsvg-2.41.x.\n + bgo#761175 - Allow masks and clips to reuse a node being drawn.\n + Don\u0027t access the file system when deciding whether to load a remote\n file with a UNC path for a paint server (i.e. don\u0027t try to load it at all).\n + Vistual Studio: fixed and integrated introspection builds, so\n introspection data is built directly from the Visual Studio project\n (Chun-wei Fan).\n + Visual Studio: We now use HIGHENTROPYVA linker option on x64 builds,\n to enhance the security of built binaries (Chun-wei Fan).\n + Fix generation of Vala bindings when compiling in read-only source\n directories (Emmanuele Bassi).\n\nUpdate to version 2.40.19:\n\n + bgo#621088: Using text objects as clipping paths is now supported.\n + bgo#587721: Fix rendering of text elements with transformations (Massimo).\n + bgo#777833 - Fix memory leaks when an RsvgHandle is disposed before\n being closed (Philip Withnall).\n + bgo#782098 - Don\u0027t pass deprecated options to gtk-doc (Ting-Wei Lan).\n + bgo#786372 - Fix the default for the \u0027type\u0027 attribute of the \u003cstyle\u003e element.\n + bgo#785276 - Don\u0027t crash on single-byte files.\n + bgo#634514: Don\u0027t render unknown elements and their sub-elements.\n + bgo#777155 - Ignore patterns that have close-to-zero dimensions.\n + bgo#634324 - Fix Gaussian blurs with negative scaling.\n + Fix the \u003cswitch\u003e element; it wasn\u0027t working at all.\n + Fix loading when rsvg_handle_write() is called one byte at a time.\n + bgo#787895 - Fix incorrect usage of libxml2. Thanks to Nick Wellnhofer\n for advice on this.\n + Backported the test suite machinery from the master branch (Chun-wei Fan,\n Federico Mena).\n + We now require Pango 1.38.0 or later (released in 2015).\n + We now require libxml2 2.9.0 or later (released in 2012).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-DESKTOP-12-SP3-2018-912,SUSE-SLE-SDK-12-SP3-2018-912,SUSE-SLE-SERVER-12-SP3-2018-912",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_1288-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:1288-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181288-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:1288-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-May/004049.html"
},
{
"category": "self",
"summary": "SUSE Bug 1083232",
"url": "https://bugzilla.suse.com/1083232"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1000041 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1000041/"
}
],
"title": "Security update for librsvg",
"tracking": {
"current_release_date": "2018-05-15T13:04:44Z",
"generator": {
"date": "2018-05-15T13:04:44Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:1288-1",
"initial_release_date": "2018-05-15T13:04:44Z",
"revision_history": [
{
"date": "2018-05-15T13:04:44Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "librsvg-devel-2.40.20-5.6.1.aarch64",
"product": {
"name": "librsvg-devel-2.40.20-5.6.1.aarch64",
"product_id": "librsvg-devel-2.40.20-5.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "typelib-1_0-Rsvg-2_0-2.40.20-5.6.1.aarch64",
"product": {
"name": "typelib-1_0-Rsvg-2_0-2.40.20-5.6.1.aarch64",
"product_id": "typelib-1_0-Rsvg-2_0-2.40.20-5.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "gdk-pixbuf-loader-rsvg-2.40.20-5.6.1.aarch64",
"product": {
"name": "gdk-pixbuf-loader-rsvg-2.40.20-5.6.1.aarch64",
"product_id": "gdk-pixbuf-loader-rsvg-2.40.20-5.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "librsvg-2-2-2.40.20-5.6.1.aarch64",
"product": {
"name": "librsvg-2-2-2.40.20-5.6.1.aarch64",
"product_id": "librsvg-2-2-2.40.20-5.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "rsvg-view-2.40.20-5.6.1.aarch64",
"product": {
"name": "rsvg-view-2.40.20-5.6.1.aarch64",
"product_id": "rsvg-view-2.40.20-5.6.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "librsvg-devel-2.40.20-5.6.1.ppc64le",
"product": {
"name": "librsvg-devel-2.40.20-5.6.1.ppc64le",
"product_id": "librsvg-devel-2.40.20-5.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "typelib-1_0-Rsvg-2_0-2.40.20-5.6.1.ppc64le",
"product": {
"name": "typelib-1_0-Rsvg-2_0-2.40.20-5.6.1.ppc64le",
"product_id": "typelib-1_0-Rsvg-2_0-2.40.20-5.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "gdk-pixbuf-loader-rsvg-2.40.20-5.6.1.ppc64le",
"product": {
"name": "gdk-pixbuf-loader-rsvg-2.40.20-5.6.1.ppc64le",
"product_id": "gdk-pixbuf-loader-rsvg-2.40.20-5.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "librsvg-2-2-2.40.20-5.6.1.ppc64le",
"product": {
"name": "librsvg-2-2-2.40.20-5.6.1.ppc64le",
"product_id": "librsvg-2-2-2.40.20-5.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "rsvg-view-2.40.20-5.6.1.ppc64le",
"product": {
"name": "rsvg-view-2.40.20-5.6.1.ppc64le",
"product_id": "rsvg-view-2.40.20-5.6.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "librsvg-devel-2.40.20-5.6.1.s390x",
"product": {
"name": "librsvg-devel-2.40.20-5.6.1.s390x",
"product_id": "librsvg-devel-2.40.20-5.6.1.s390x"
}
},
{
"category": "product_version",
"name": "typelib-1_0-Rsvg-2_0-2.40.20-5.6.1.s390x",
"product": {
"name": "typelib-1_0-Rsvg-2_0-2.40.20-5.6.1.s390x",
"product_id": "typelib-1_0-Rsvg-2_0-2.40.20-5.6.1.s390x"
}
},
{
"category": "product_version",
"name": "gdk-pixbuf-loader-rsvg-2.40.20-5.6.1.s390x",
"product": {
"name": "gdk-pixbuf-loader-rsvg-2.40.20-5.6.1.s390x",
"product_id": "gdk-pixbuf-loader-rsvg-2.40.20-5.6.1.s390x"
}
},
{
"category": "product_version",
"name": "librsvg-2-2-2.40.20-5.6.1.s390x",
"product": {
"name": "librsvg-2-2-2.40.20-5.6.1.s390x",
"product_id": "librsvg-2-2-2.40.20-5.6.1.s390x"
}
},
{
"category": "product_version",
"name": "librsvg-2-2-32bit-2.40.20-5.6.1.s390x",
"product": {
"name": "librsvg-2-2-32bit-2.40.20-5.6.1.s390x",
"product_id": "librsvg-2-2-32bit-2.40.20-5.6.1.s390x"
}
},
{
"category": "product_version",
"name": "rsvg-view-2.40.20-5.6.1.s390x",
"product": {
"name": "rsvg-view-2.40.20-5.6.1.s390x",
"product_id": "rsvg-view-2.40.20-5.6.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "gdk-pixbuf-loader-rsvg-2.40.20-5.6.1.x86_64",
"product": {
"name": "gdk-pixbuf-loader-rsvg-2.40.20-5.6.1.x86_64",
"product_id": "gdk-pixbuf-loader-rsvg-2.40.20-5.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "librsvg-2-2-2.40.20-5.6.1.x86_64",
"product": {
"name": "librsvg-2-2-2.40.20-5.6.1.x86_64",
"product_id": "librsvg-2-2-2.40.20-5.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "librsvg-2-2-32bit-2.40.20-5.6.1.x86_64",
"product": {
"name": "librsvg-2-2-32bit-2.40.20-5.6.1.x86_64",
"product_id": "librsvg-2-2-32bit-2.40.20-5.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "rsvg-view-2.40.20-5.6.1.x86_64",
"product": {
"name": "rsvg-view-2.40.20-5.6.1.x86_64",
"product_id": "rsvg-view-2.40.20-5.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "librsvg-devel-2.40.20-5.6.1.x86_64",
"product": {
"name": "librsvg-devel-2.40.20-5.6.1.x86_64",
"product_id": "librsvg-devel-2.40.20-5.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "typelib-1_0-Rsvg-2_0-2.40.20-5.6.1.x86_64",
"product": {
"name": "typelib-1_0-Rsvg-2_0-2.40.20-5.6.1.x86_64",
"product_id": "typelib-1_0-Rsvg-2_0-2.40.20-5.6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "gdk-pixbuf-loader-rsvg-2.40.20-5.6.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:gdk-pixbuf-loader-rsvg-2.40.20-5.6.1.x86_64"
},
"product_reference": "gdk-pixbuf-loader-rsvg-2.40.20-5.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "librsvg-2-2-2.40.20-5.6.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:librsvg-2-2-2.40.20-5.6.1.x86_64"
},
"product_reference": "librsvg-2-2-2.40.20-5.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "librsvg-2-2-32bit-2.40.20-5.6.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:librsvg-2-2-32bit-2.40.20-5.6.1.x86_64"
},
"product_reference": "librsvg-2-2-32bit-2.40.20-5.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsvg-view-2.40.20-5.6.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:rsvg-view-2.40.20-5.6.1.x86_64"
},
"product_reference": "rsvg-view-2.40.20-5.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "librsvg-devel-2.40.20-5.6.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:librsvg-devel-2.40.20-5.6.1.aarch64"
},
"product_reference": "librsvg-devel-2.40.20-5.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "librsvg-devel-2.40.20-5.6.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:librsvg-devel-2.40.20-5.6.1.ppc64le"
},
"product_reference": "librsvg-devel-2.40.20-5.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "librsvg-devel-2.40.20-5.6.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:librsvg-devel-2.40.20-5.6.1.s390x"
},
"product_reference": "librsvg-devel-2.40.20-5.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "librsvg-devel-2.40.20-5.6.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:librsvg-devel-2.40.20-5.6.1.x86_64"
},
"product_reference": "librsvg-devel-2.40.20-5.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Rsvg-2_0-2.40.20-5.6.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:typelib-1_0-Rsvg-2_0-2.40.20-5.6.1.aarch64"
},
"product_reference": "typelib-1_0-Rsvg-2_0-2.40.20-5.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Rsvg-2_0-2.40.20-5.6.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:typelib-1_0-Rsvg-2_0-2.40.20-5.6.1.ppc64le"
},
"product_reference": "typelib-1_0-Rsvg-2_0-2.40.20-5.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Rsvg-2_0-2.40.20-5.6.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:typelib-1_0-Rsvg-2_0-2.40.20-5.6.1.s390x"
},
"product_reference": "typelib-1_0-Rsvg-2_0-2.40.20-5.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Rsvg-2_0-2.40.20-5.6.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:typelib-1_0-Rsvg-2_0-2.40.20-5.6.1.x86_64"
},
"product_reference": "typelib-1_0-Rsvg-2_0-2.40.20-5.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gdk-pixbuf-loader-rsvg-2.40.20-5.6.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:gdk-pixbuf-loader-rsvg-2.40.20-5.6.1.aarch64"
},
"product_reference": "gdk-pixbuf-loader-rsvg-2.40.20-5.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gdk-pixbuf-loader-rsvg-2.40.20-5.6.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:gdk-pixbuf-loader-rsvg-2.40.20-5.6.1.ppc64le"
},
"product_reference": "gdk-pixbuf-loader-rsvg-2.40.20-5.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gdk-pixbuf-loader-rsvg-2.40.20-5.6.1.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:gdk-pixbuf-loader-rsvg-2.40.20-5.6.1.s390x"
},
"product_reference": "gdk-pixbuf-loader-rsvg-2.40.20-5.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gdk-pixbuf-loader-rsvg-2.40.20-5.6.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:gdk-pixbuf-loader-rsvg-2.40.20-5.6.1.x86_64"
},
"product_reference": "gdk-pixbuf-loader-rsvg-2.40.20-5.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "librsvg-2-2-2.40.20-5.6.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:librsvg-2-2-2.40.20-5.6.1.aarch64"
},
"product_reference": "librsvg-2-2-2.40.20-5.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "librsvg-2-2-2.40.20-5.6.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:librsvg-2-2-2.40.20-5.6.1.ppc64le"
},
"product_reference": "librsvg-2-2-2.40.20-5.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "librsvg-2-2-2.40.20-5.6.1.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:librsvg-2-2-2.40.20-5.6.1.s390x"
},
"product_reference": "librsvg-2-2-2.40.20-5.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "librsvg-2-2-2.40.20-5.6.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:librsvg-2-2-2.40.20-5.6.1.x86_64"
},
"product_reference": "librsvg-2-2-2.40.20-5.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "librsvg-2-2-32bit-2.40.20-5.6.1.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:librsvg-2-2-32bit-2.40.20-5.6.1.s390x"
},
"product_reference": "librsvg-2-2-32bit-2.40.20-5.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "librsvg-2-2-32bit-2.40.20-5.6.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:librsvg-2-2-32bit-2.40.20-5.6.1.x86_64"
},
"product_reference": "librsvg-2-2-32bit-2.40.20-5.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsvg-view-2.40.20-5.6.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:rsvg-view-2.40.20-5.6.1.aarch64"
},
"product_reference": "rsvg-view-2.40.20-5.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsvg-view-2.40.20-5.6.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:rsvg-view-2.40.20-5.6.1.ppc64le"
},
"product_reference": "rsvg-view-2.40.20-5.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsvg-view-2.40.20-5.6.1.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:rsvg-view-2.40.20-5.6.1.s390x"
},
"product_reference": "rsvg-view-2.40.20-5.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsvg-view-2.40.20-5.6.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:rsvg-view-2.40.20-5.6.1.x86_64"
},
"product_reference": "rsvg-view-2.40.20-5.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gdk-pixbuf-loader-rsvg-2.40.20-5.6.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:gdk-pixbuf-loader-rsvg-2.40.20-5.6.1.aarch64"
},
"product_reference": "gdk-pixbuf-loader-rsvg-2.40.20-5.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gdk-pixbuf-loader-rsvg-2.40.20-5.6.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:gdk-pixbuf-loader-rsvg-2.40.20-5.6.1.ppc64le"
},
"product_reference": "gdk-pixbuf-loader-rsvg-2.40.20-5.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gdk-pixbuf-loader-rsvg-2.40.20-5.6.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:gdk-pixbuf-loader-rsvg-2.40.20-5.6.1.s390x"
},
"product_reference": "gdk-pixbuf-loader-rsvg-2.40.20-5.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gdk-pixbuf-loader-rsvg-2.40.20-5.6.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:gdk-pixbuf-loader-rsvg-2.40.20-5.6.1.x86_64"
},
"product_reference": "gdk-pixbuf-loader-rsvg-2.40.20-5.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "librsvg-2-2-2.40.20-5.6.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:librsvg-2-2-2.40.20-5.6.1.aarch64"
},
"product_reference": "librsvg-2-2-2.40.20-5.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "librsvg-2-2-2.40.20-5.6.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:librsvg-2-2-2.40.20-5.6.1.ppc64le"
},
"product_reference": "librsvg-2-2-2.40.20-5.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "librsvg-2-2-2.40.20-5.6.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:librsvg-2-2-2.40.20-5.6.1.s390x"
},
"product_reference": "librsvg-2-2-2.40.20-5.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "librsvg-2-2-2.40.20-5.6.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:librsvg-2-2-2.40.20-5.6.1.x86_64"
},
"product_reference": "librsvg-2-2-2.40.20-5.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "librsvg-2-2-32bit-2.40.20-5.6.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:librsvg-2-2-32bit-2.40.20-5.6.1.s390x"
},
"product_reference": "librsvg-2-2-32bit-2.40.20-5.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "librsvg-2-2-32bit-2.40.20-5.6.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:librsvg-2-2-32bit-2.40.20-5.6.1.x86_64"
},
"product_reference": "librsvg-2-2-32bit-2.40.20-5.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsvg-view-2.40.20-5.6.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsvg-view-2.40.20-5.6.1.aarch64"
},
"product_reference": "rsvg-view-2.40.20-5.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsvg-view-2.40.20-5.6.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsvg-view-2.40.20-5.6.1.ppc64le"
},
"product_reference": "rsvg-view-2.40.20-5.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsvg-view-2.40.20-5.6.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsvg-view-2.40.20-5.6.1.s390x"
},
"product_reference": "rsvg-view-2.40.20-5.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsvg-view-2.40.20-5.6.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsvg-view-2.40.20-5.6.1.x86_64"
},
"product_reference": "rsvg-view-2.40.20-5.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-1000041",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1000041"
}
],
"notes": [
{
"category": "general",
"text": "GNOME librsvg version before commit c6ddf2ed4d768fd88adbea2b63f575cd523022ea contains a Improper input validation vulnerability in rsvg-io.c that can result in the victim\u0027s Windows username and NTLM password hash being leaked to remote attackers through SMB. This attack appear to be exploitable via The victim must process a specially crafted SVG file containing an UNC path on Windows.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP3:gdk-pixbuf-loader-rsvg-2.40.20-5.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:librsvg-2-2-2.40.20-5.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:librsvg-2-2-32bit-2.40.20-5.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:rsvg-view-2.40.20-5.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:gdk-pixbuf-loader-rsvg-2.40.20-5.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:gdk-pixbuf-loader-rsvg-2.40.20-5.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:gdk-pixbuf-loader-rsvg-2.40.20-5.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:gdk-pixbuf-loader-rsvg-2.40.20-5.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:librsvg-2-2-2.40.20-5.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:librsvg-2-2-2.40.20-5.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:librsvg-2-2-2.40.20-5.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:librsvg-2-2-2.40.20-5.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:librsvg-2-2-32bit-2.40.20-5.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:librsvg-2-2-32bit-2.40.20-5.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:rsvg-view-2.40.20-5.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:rsvg-view-2.40.20-5.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:rsvg-view-2.40.20-5.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:rsvg-view-2.40.20-5.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:gdk-pixbuf-loader-rsvg-2.40.20-5.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:gdk-pixbuf-loader-rsvg-2.40.20-5.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:gdk-pixbuf-loader-rsvg-2.40.20-5.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:gdk-pixbuf-loader-rsvg-2.40.20-5.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:librsvg-2-2-2.40.20-5.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:librsvg-2-2-2.40.20-5.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:librsvg-2-2-2.40.20-5.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:librsvg-2-2-2.40.20-5.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:librsvg-2-2-32bit-2.40.20-5.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:librsvg-2-2-32bit-2.40.20-5.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsvg-view-2.40.20-5.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsvg-view-2.40.20-5.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsvg-view-2.40.20-5.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsvg-view-2.40.20-5.6.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:librsvg-devel-2.40.20-5.6.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:librsvg-devel-2.40.20-5.6.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:librsvg-devel-2.40.20-5.6.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:librsvg-devel-2.40.20-5.6.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:typelib-1_0-Rsvg-2_0-2.40.20-5.6.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:typelib-1_0-Rsvg-2_0-2.40.20-5.6.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:typelib-1_0-Rsvg-2_0-2.40.20-5.6.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:typelib-1_0-Rsvg-2_0-2.40.20-5.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1000041",
"url": "https://www.suse.com/security/cve/CVE-2018-1000041"
},
{
"category": "external",
"summary": "SUSE Bug 1083232 for CVE-2018-1000041",
"url": "https://bugzilla.suse.com/1083232"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP3:gdk-pixbuf-loader-rsvg-2.40.20-5.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:librsvg-2-2-2.40.20-5.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:librsvg-2-2-32bit-2.40.20-5.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:rsvg-view-2.40.20-5.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:gdk-pixbuf-loader-rsvg-2.40.20-5.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:gdk-pixbuf-loader-rsvg-2.40.20-5.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:gdk-pixbuf-loader-rsvg-2.40.20-5.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:gdk-pixbuf-loader-rsvg-2.40.20-5.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:librsvg-2-2-2.40.20-5.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:librsvg-2-2-2.40.20-5.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:librsvg-2-2-2.40.20-5.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:librsvg-2-2-2.40.20-5.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:librsvg-2-2-32bit-2.40.20-5.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:librsvg-2-2-32bit-2.40.20-5.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:rsvg-view-2.40.20-5.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:rsvg-view-2.40.20-5.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:rsvg-view-2.40.20-5.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:rsvg-view-2.40.20-5.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:gdk-pixbuf-loader-rsvg-2.40.20-5.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:gdk-pixbuf-loader-rsvg-2.40.20-5.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:gdk-pixbuf-loader-rsvg-2.40.20-5.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:gdk-pixbuf-loader-rsvg-2.40.20-5.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:librsvg-2-2-2.40.20-5.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:librsvg-2-2-2.40.20-5.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:librsvg-2-2-2.40.20-5.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:librsvg-2-2-2.40.20-5.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:librsvg-2-2-32bit-2.40.20-5.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:librsvg-2-2-32bit-2.40.20-5.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsvg-view-2.40.20-5.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsvg-view-2.40.20-5.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsvg-view-2.40.20-5.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsvg-view-2.40.20-5.6.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:librsvg-devel-2.40.20-5.6.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:librsvg-devel-2.40.20-5.6.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:librsvg-devel-2.40.20-5.6.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:librsvg-devel-2.40.20-5.6.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:typelib-1_0-Rsvg-2_0-2.40.20-5.6.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:typelib-1_0-Rsvg-2_0-2.40.20-5.6.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:typelib-1_0-Rsvg-2_0-2.40.20-5.6.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:typelib-1_0-Rsvg-2_0-2.40.20-5.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP3:gdk-pixbuf-loader-rsvg-2.40.20-5.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:librsvg-2-2-2.40.20-5.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:librsvg-2-2-32bit-2.40.20-5.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:rsvg-view-2.40.20-5.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:gdk-pixbuf-loader-rsvg-2.40.20-5.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:gdk-pixbuf-loader-rsvg-2.40.20-5.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:gdk-pixbuf-loader-rsvg-2.40.20-5.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:gdk-pixbuf-loader-rsvg-2.40.20-5.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:librsvg-2-2-2.40.20-5.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:librsvg-2-2-2.40.20-5.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:librsvg-2-2-2.40.20-5.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:librsvg-2-2-2.40.20-5.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:librsvg-2-2-32bit-2.40.20-5.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:librsvg-2-2-32bit-2.40.20-5.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:rsvg-view-2.40.20-5.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:rsvg-view-2.40.20-5.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:rsvg-view-2.40.20-5.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:rsvg-view-2.40.20-5.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:gdk-pixbuf-loader-rsvg-2.40.20-5.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:gdk-pixbuf-loader-rsvg-2.40.20-5.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:gdk-pixbuf-loader-rsvg-2.40.20-5.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:gdk-pixbuf-loader-rsvg-2.40.20-5.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:librsvg-2-2-2.40.20-5.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:librsvg-2-2-2.40.20-5.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:librsvg-2-2-2.40.20-5.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:librsvg-2-2-2.40.20-5.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:librsvg-2-2-32bit-2.40.20-5.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:librsvg-2-2-32bit-2.40.20-5.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsvg-view-2.40.20-5.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsvg-view-2.40.20-5.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsvg-view-2.40.20-5.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsvg-view-2.40.20-5.6.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:librsvg-devel-2.40.20-5.6.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:librsvg-devel-2.40.20-5.6.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:librsvg-devel-2.40.20-5.6.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:librsvg-devel-2.40.20-5.6.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:typelib-1_0-Rsvg-2_0-2.40.20-5.6.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:typelib-1_0-Rsvg-2_0-2.40.20-5.6.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:typelib-1_0-Rsvg-2_0-2.40.20-5.6.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:typelib-1_0-Rsvg-2_0-2.40.20-5.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-15T13:04:44Z",
"details": "important"
}
],
"title": "CVE-2018-1000041"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…