Skip to navigation

Security Advisory Moderate: librsvg2 security update

Advisory: RHSA-2011:1289-1
Type: Security Advisory
Severity: Moderate
Issued on: 2011-09-13
Last updated on: 2011-09-13
Affected Products: Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Server EUS (v. 6.1.z)
Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2011-3146

Details

Updated librsvg2 packages that fix one security issue are now available for
Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

The librsvg2 packages provide an SVG (Scalable Vector Graphics) library
based on libart.

A flaw was found in the way librsvg2 parsed certain SVG files. An attacker
could create a specially-crafted SVG file that, when opened, would cause
applications that use librsvg2 (such as Eye of GNOME) to crash or,
potentially, execute arbitrary code. (CVE-2011-3146)

Red Hat would like to thank the Ubuntu Security Team for reporting this
issue. The Ubuntu Security Team acknowledges Sauli Pahlman as the original
reporter.

All librsvg2 users should upgrade to these updated packages, which contain
a backported patch to correct this issue. All running applications that use
librsvg2 must be restarted for this update to take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
librsvg2-2.26.0-5.el6_1.1.src.rpm
File outdated by:  RHSA-2014:0127
    MD5: c5b54f0768c5c1fc5ddfd67193221e2c
SHA-256: c8d75310406e431394c13edc62952e9c25b497d7283feef84650f54bca951ff4
 
IA-32:
librsvg2-2.26.0-5.el6_1.1.i686.rpm
File outdated by:  RHSA-2014:0127
    MD5: ac477585ae5431f2d4eac4f3ee9a2d8e
SHA-256: 8c4c26942caf8c580adc79d7fff41e707f0fcfb00dda53d9672b4838b4c37d5b
librsvg2-debuginfo-2.26.0-5.el6_1.1.i686.rpm
File outdated by:  RHSA-2014:0127
    MD5: c12dd7ee9667e70650b354b3f718316c
SHA-256: 8cbf8392f40c54d42d62a92768849c946e84d39abb88d2d181e7f96d15d21c81
librsvg2-devel-2.26.0-5.el6_1.1.i686.rpm
File outdated by:  RHSA-2014:0127
    MD5: 18afee26b02b236c38553c6cded1b5ab
SHA-256: 68bcbf5ceb0fcfcaf53007b6b3366c566813fb314c5a003d6b445c644d98aa4b
 
x86_64:
librsvg2-2.26.0-5.el6_1.1.i686.rpm
File outdated by:  RHSA-2014:0127
    MD5: ac477585ae5431f2d4eac4f3ee9a2d8e
SHA-256: 8c4c26942caf8c580adc79d7fff41e707f0fcfb00dda53d9672b4838b4c37d5b
librsvg2-2.26.0-5.el6_1.1.x86_64.rpm
File outdated by:  RHSA-2014:0127
    MD5: 5c825ffa731a886ff1a87b6821f5805f
SHA-256: d7578c8b408772f960a8bc1fc9143083b76d28368ceb5eb682f004315f58686c
librsvg2-debuginfo-2.26.0-5.el6_1.1.i686.rpm
File outdated by:  RHSA-2014:0127
    MD5: c12dd7ee9667e70650b354b3f718316c
SHA-256: 8cbf8392f40c54d42d62a92768849c946e84d39abb88d2d181e7f96d15d21c81
librsvg2-debuginfo-2.26.0-5.el6_1.1.x86_64.rpm
File outdated by:  RHSA-2014:0127
    MD5: 5d649d7deb8c2c73279e63428c572af0
SHA-256: 4fceae36b38c16ae7f3d3b36ec778f7779ea1a73ce99509c25d506b1ce4baa5e
librsvg2-devel-2.26.0-5.el6_1.1.i686.rpm
File outdated by:  RHSA-2014:0127
    MD5: 18afee26b02b236c38553c6cded1b5ab
SHA-256: 68bcbf5ceb0fcfcaf53007b6b3366c566813fb314c5a003d6b445c644d98aa4b
librsvg2-devel-2.26.0-5.el6_1.1.x86_64.rpm
File outdated by:  RHSA-2014:0127
    MD5: 0128959752a953002eb95f9e363bae7d
SHA-256: ed7b2c5a80af074484499dd578ac9ffb3509adc8868d8976c7e334e498d21ab9
 
Red Hat Enterprise Linux HPC Node (v. 6)

SRPMS:
librsvg2-2.26.0-5.el6_1.1.src.rpm
File outdated by:  RHSA-2014:0127
    MD5: c5b54f0768c5c1fc5ddfd67193221e2c
SHA-256: c8d75310406e431394c13edc62952e9c25b497d7283feef84650f54bca951ff4
 
x86_64:
librsvg2-2.26.0-5.el6_1.1.i686.rpm
File outdated by:  RHSA-2014:0127
    MD5: ac477585ae5431f2d4eac4f3ee9a2d8e
SHA-256: 8c4c26942caf8c580adc79d7fff41e707f0fcfb00dda53d9672b4838b4c37d5b
librsvg2-2.26.0-5.el6_1.1.x86_64.rpm
File outdated by:  RHSA-2014:0127
    MD5: 5c825ffa731a886ff1a87b6821f5805f
SHA-256: d7578c8b408772f960a8bc1fc9143083b76d28368ceb5eb682f004315f58686c
librsvg2-debuginfo-2.26.0-5.el6_1.1.i686.rpm
File outdated by:  RHSA-2014:0127
    MD5: c12dd7ee9667e70650b354b3f718316c
SHA-256: 8cbf8392f40c54d42d62a92768849c946e84d39abb88d2d181e7f96d15d21c81
librsvg2-debuginfo-2.26.0-5.el6_1.1.x86_64.rpm
File outdated by:  RHSA-2014:0127
    MD5: 5d649d7deb8c2c73279e63428c572af0
SHA-256: 4fceae36b38c16ae7f3d3b36ec778f7779ea1a73ce99509c25d506b1ce4baa5e
librsvg2-devel-2.26.0-5.el6_1.1.i686.rpm
File outdated by:  RHSA-2014:0127
    MD5: 18afee26b02b236c38553c6cded1b5ab
SHA-256: 68bcbf5ceb0fcfcaf53007b6b3366c566813fb314c5a003d6b445c644d98aa4b
librsvg2-devel-2.26.0-5.el6_1.1.x86_64.rpm
File outdated by:  RHSA-2014:0127
    MD5: 0128959752a953002eb95f9e363bae7d
SHA-256: ed7b2c5a80af074484499dd578ac9ffb3509adc8868d8976c7e334e498d21ab9
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
librsvg2-2.26.0-5.el6_1.1.src.rpm
File outdated by:  RHSA-2014:0127
    MD5: c5b54f0768c5c1fc5ddfd67193221e2c
SHA-256: c8d75310406e431394c13edc62952e9c25b497d7283feef84650f54bca951ff4
 
IA-32:
librsvg2-2.26.0-5.el6_1.1.i686.rpm
File outdated by:  RHSA-2014:0127
    MD5: ac477585ae5431f2d4eac4f3ee9a2d8e
SHA-256: 8c4c26942caf8c580adc79d7fff41e707f0fcfb00dda53d9672b4838b4c37d5b
librsvg2-debuginfo-2.26.0-5.el6_1.1.i686.rpm
File outdated by:  RHSA-2014:0127
    MD5: c12dd7ee9667e70650b354b3f718316c
SHA-256: 8cbf8392f40c54d42d62a92768849c946e84d39abb88d2d181e7f96d15d21c81
librsvg2-devel-2.26.0-5.el6_1.1.i686.rpm
File outdated by:  RHSA-2014:0127
    MD5: 18afee26b02b236c38553c6cded1b5ab
SHA-256: 68bcbf5ceb0fcfcaf53007b6b3366c566813fb314c5a003d6b445c644d98aa4b
 
PPC:
librsvg2-2.26.0-5.el6_1.1.ppc.rpm
File outdated by:  RHSA-2014:0127
    MD5: 9019c19e280c0c8858a3f1b35d111d80
SHA-256: 25a4dbfa52adfafaeda39ec170f745ae5098367568537a9fb658f145290d2854
librsvg2-2.26.0-5.el6_1.1.ppc64.rpm
File outdated by:  RHSA-2014:0127
    MD5: 127e1d23d62174c21294e32d3db4a132
SHA-256: 56967108a32119b1bf5b9a2e822f2440c8f71da8dffd857926b99f9ee64fc8ce
librsvg2-debuginfo-2.26.0-5.el6_1.1.ppc.rpm
File outdated by:  RHSA-2014:0127
    MD5: dd8c1b260e310aa20d70a1f70901ea60
SHA-256: 59f4df713791a267ae57b6425f3185fb30049b5d9fa805c3f073004a30b758df
librsvg2-debuginfo-2.26.0-5.el6_1.1.ppc64.rpm
File outdated by:  RHSA-2014:0127
    MD5: 34179a4ef7446870f1b09ab4502d7493
SHA-256: 5e5d86bc95c87f2211acbfa341c827af9deef284ff3197e95380fc1c310148a9
librsvg2-devel-2.26.0-5.el6_1.1.ppc.rpm
File outdated by:  RHSA-2014:0127
    MD5: da2c1f498e5d152dc6b2f093f5802ae7
SHA-256: 1ef43fb94fdb92f84e617065c1dc89110499de8976ee8d7c01391edadf1a5407
librsvg2-devel-2.26.0-5.el6_1.1.ppc64.rpm
File outdated by:  RHSA-2014:0127
    MD5: 64b49d73d62659ffeebe62e8844d70fb
SHA-256: 97441879a52266b1de33dbe9e3d683d8a42d4b5458124c55a807d7c52995ab0c
 
s390x:
librsvg2-2.26.0-5.el6_1.1.s390.rpm
File outdated by:  RHSA-2014:0127
    MD5: ad938ffaa5d378859a3eeb4a07e614cb
SHA-256: f0bc42d2c5cee1ae018382d512f45a081bbd161e6561cdcb5d46ad7f0654121d
librsvg2-2.26.0-5.el6_1.1.s390x.rpm
File outdated by:  RHSA-2014:0127
    MD5: ed3ba18dcac5b9caae0ac36db0d28894
SHA-256: 45afbf26bc52d11346d062d0b9eff7a3d158bac871526b57945637ac26b962d6
librsvg2-debuginfo-2.26.0-5.el6_1.1.s390.rpm
File outdated by:  RHSA-2014:0127
    MD5: afa95e7ec5b5360a8ab44d5da5628bf3
SHA-256: 6b52835be2fceb6aacd17f9c2b29728d04bfab23190c5c264590f556131ae2bf
librsvg2-debuginfo-2.26.0-5.el6_1.1.s390x.rpm
File outdated by:  RHSA-2014:0127
    MD5: 01f3fda16f40f2106657f8affedf601a
SHA-256: f6dd475b289d9a65fbf73c72289c19a904414deb9204269d286ab5f383d55dd7
librsvg2-devel-2.26.0-5.el6_1.1.s390.rpm
File outdated by:  RHSA-2014:0127
    MD5: 1384f78fb9ce654c237731fe6cd81467
SHA-256: 900c4c4e27c85c7c08ff933f372bd514c9b3372abebda772f346f733f9c27da4
librsvg2-devel-2.26.0-5.el6_1.1.s390x.rpm
File outdated by:  RHSA-2014:0127
    MD5: 6b4b2a796fd6d99c7c76ce3c7aafc444
SHA-256: 6fe98d2d392fe2313e3032e286f0ff3e7e54abfbb98d7955fcd3948812b1a0b7
 
x86_64:
librsvg2-2.26.0-5.el6_1.1.i686.rpm
File outdated by:  RHSA-2014:0127
    MD5: ac477585ae5431f2d4eac4f3ee9a2d8e
SHA-256: 8c4c26942caf8c580adc79d7fff41e707f0fcfb00dda53d9672b4838b4c37d5b
librsvg2-2.26.0-5.el6_1.1.x86_64.rpm
File outdated by:  RHSA-2014:0127
    MD5: 5c825ffa731a886ff1a87b6821f5805f
SHA-256: d7578c8b408772f960a8bc1fc9143083b76d28368ceb5eb682f004315f58686c
librsvg2-debuginfo-2.26.0-5.el6_1.1.i686.rpm
File outdated by:  RHSA-2014:0127
    MD5: c12dd7ee9667e70650b354b3f718316c
SHA-256: 8cbf8392f40c54d42d62a92768849c946e84d39abb88d2d181e7f96d15d21c81
librsvg2-debuginfo-2.26.0-5.el6_1.1.x86_64.rpm
File outdated by:  RHSA-2014:0127
    MD5: 5d649d7deb8c2c73279e63428c572af0
SHA-256: 4fceae36b38c16ae7f3d3b36ec778f7779ea1a73ce99509c25d506b1ce4baa5e
librsvg2-devel-2.26.0-5.el6_1.1.i686.rpm
File outdated by:  RHSA-2014:0127
    MD5: 18afee26b02b236c38553c6cded1b5ab
SHA-256: 68bcbf5ceb0fcfcaf53007b6b3366c566813fb314c5a003d6b445c644d98aa4b
librsvg2-devel-2.26.0-5.el6_1.1.x86_64.rpm
File outdated by:  RHSA-2014:0127
    MD5: 0128959752a953002eb95f9e363bae7d
SHA-256: ed7b2c5a80af074484499dd578ac9ffb3509adc8868d8976c7e334e498d21ab9
 
Red Hat Enterprise Linux Server EUS (v. 6.1.z)

SRPMS:
librsvg2-2.26.0-5.el6_1.1.src.rpm
File outdated by:  RHSA-2014:0127
    MD5: c5b54f0768c5c1fc5ddfd67193221e2c
SHA-256: c8d75310406e431394c13edc62952e9c25b497d7283feef84650f54bca951ff4
 
IA-32:
librsvg2-2.26.0-5.el6_1.1.i686.rpm     MD5: ac477585ae5431f2d4eac4f3ee9a2d8e
SHA-256: 8c4c26942caf8c580adc79d7fff41e707f0fcfb00dda53d9672b4838b4c37d5b
librsvg2-debuginfo-2.26.0-5.el6_1.1.i686.rpm     MD5: c12dd7ee9667e70650b354b3f718316c
SHA-256: 8cbf8392f40c54d42d62a92768849c946e84d39abb88d2d181e7f96d15d21c81
librsvg2-devel-2.26.0-5.el6_1.1.i686.rpm     MD5: 18afee26b02b236c38553c6cded1b5ab
SHA-256: 68bcbf5ceb0fcfcaf53007b6b3366c566813fb314c5a003d6b445c644d98aa4b
 
PPC:
librsvg2-2.26.0-5.el6_1.1.ppc.rpm     MD5: 9019c19e280c0c8858a3f1b35d111d80
SHA-256: 25a4dbfa52adfafaeda39ec170f745ae5098367568537a9fb658f145290d2854
librsvg2-2.26.0-5.el6_1.1.ppc64.rpm     MD5: 127e1d23d62174c21294e32d3db4a132
SHA-256: 56967108a32119b1bf5b9a2e822f2440c8f71da8dffd857926b99f9ee64fc8ce
librsvg2-debuginfo-2.26.0-5.el6_1.1.ppc.rpm     MD5: dd8c1b260e310aa20d70a1f70901ea60
SHA-256: 59f4df713791a267ae57b6425f3185fb30049b5d9fa805c3f073004a30b758df
librsvg2-debuginfo-2.26.0-5.el6_1.1.ppc64.rpm     MD5: 34179a4ef7446870f1b09ab4502d7493
SHA-256: 5e5d86bc95c87f2211acbfa341c827af9deef284ff3197e95380fc1c310148a9
librsvg2-devel-2.26.0-5.el6_1.1.ppc.rpm     MD5: da2c1f498e5d152dc6b2f093f5802ae7
SHA-256: 1ef43fb94fdb92f84e617065c1dc89110499de8976ee8d7c01391edadf1a5407
librsvg2-devel-2.26.0-5.el6_1.1.ppc64.rpm     MD5: 64b49d73d62659ffeebe62e8844d70fb
SHA-256: 97441879a52266b1de33dbe9e3d683d8a42d4b5458124c55a807d7c52995ab0c
 
s390x:
librsvg2-2.26.0-5.el6_1.1.s390.rpm     MD5: ad938ffaa5d378859a3eeb4a07e614cb
SHA-256: f0bc42d2c5cee1ae018382d512f45a081bbd161e6561cdcb5d46ad7f0654121d
librsvg2-2.26.0-5.el6_1.1.s390x.rpm     MD5: ed3ba18dcac5b9caae0ac36db0d28894
SHA-256: 45afbf26bc52d11346d062d0b9eff7a3d158bac871526b57945637ac26b962d6
librsvg2-debuginfo-2.26.0-5.el6_1.1.s390.rpm     MD5: afa95e7ec5b5360a8ab44d5da5628bf3
SHA-256: 6b52835be2fceb6aacd17f9c2b29728d04bfab23190c5c264590f556131ae2bf
librsvg2-debuginfo-2.26.0-5.el6_1.1.s390x.rpm     MD5: 01f3fda16f40f2106657f8affedf601a
SHA-256: f6dd475b289d9a65fbf73c72289c19a904414deb9204269d286ab5f383d55dd7
librsvg2-devel-2.26.0-5.el6_1.1.s390.rpm     MD5: 1384f78fb9ce654c237731fe6cd81467
SHA-256: 900c4c4e27c85c7c08ff933f372bd514c9b3372abebda772f346f733f9c27da4
librsvg2-devel-2.26.0-5.el6_1.1.s390x.rpm     MD5: 6b4b2a796fd6d99c7c76ce3c7aafc444
SHA-256: 6fe98d2d392fe2313e3032e286f0ff3e7e54abfbb98d7955fcd3948812b1a0b7
 
x86_64:
librsvg2-2.26.0-5.el6_1.1.i686.rpm     MD5: ac477585ae5431f2d4eac4f3ee9a2d8e
SHA-256: 8c4c26942caf8c580adc79d7fff41e707f0fcfb00dda53d9672b4838b4c37d5b
librsvg2-2.26.0-5.el6_1.1.x86_64.rpm     MD5: 5c825ffa731a886ff1a87b6821f5805f
SHA-256: d7578c8b408772f960a8bc1fc9143083b76d28368ceb5eb682f004315f58686c
librsvg2-debuginfo-2.26.0-5.el6_1.1.i686.rpm     MD5: c12dd7ee9667e70650b354b3f718316c
SHA-256: 8cbf8392f40c54d42d62a92768849c946e84d39abb88d2d181e7f96d15d21c81
librsvg2-debuginfo-2.26.0-5.el6_1.1.x86_64.rpm     MD5: 5d649d7deb8c2c73279e63428c572af0
SHA-256: 4fceae36b38c16ae7f3d3b36ec778f7779ea1a73ce99509c25d506b1ce4baa5e
librsvg2-devel-2.26.0-5.el6_1.1.i686.rpm     MD5: 18afee26b02b236c38553c6cded1b5ab
SHA-256: 68bcbf5ceb0fcfcaf53007b6b3366c566813fb314c5a003d6b445c644d98aa4b
librsvg2-devel-2.26.0-5.el6_1.1.x86_64.rpm     MD5: 0128959752a953002eb95f9e363bae7d
SHA-256: ed7b2c5a80af074484499dd578ac9ffb3509adc8868d8976c7e334e498d21ab9
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
librsvg2-2.26.0-5.el6_1.1.src.rpm
File outdated by:  RHSA-2014:0127
    MD5: c5b54f0768c5c1fc5ddfd67193221e2c
SHA-256: c8d75310406e431394c13edc62952e9c25b497d7283feef84650f54bca951ff4
 
IA-32:
librsvg2-2.26.0-5.el6_1.1.i686.rpm
File outdated by:  RHSA-2014:0127
    MD5: ac477585ae5431f2d4eac4f3ee9a2d8e
SHA-256: 8c4c26942caf8c580adc79d7fff41e707f0fcfb00dda53d9672b4838b4c37d5b
librsvg2-debuginfo-2.26.0-5.el6_1.1.i686.rpm
File outdated by:  RHSA-2014:0127
    MD5: c12dd7ee9667e70650b354b3f718316c
SHA-256: 8cbf8392f40c54d42d62a92768849c946e84d39abb88d2d181e7f96d15d21c81
librsvg2-devel-2.26.0-5.el6_1.1.i686.rpm
File outdated by:  RHSA-2014:0127
    MD5: 18afee26b02b236c38553c6cded1b5ab
SHA-256: 68bcbf5ceb0fcfcaf53007b6b3366c566813fb314c5a003d6b445c644d98aa4b
 
x86_64:
librsvg2-2.26.0-5.el6_1.1.i686.rpm
File outdated by:  RHSA-2014:0127
    MD5: ac477585ae5431f2d4eac4f3ee9a2d8e
SHA-256: 8c4c26942caf8c580adc79d7fff41e707f0fcfb00dda53d9672b4838b4c37d5b
librsvg2-2.26.0-5.el6_1.1.x86_64.rpm
File outdated by:  RHSA-2014:0127
    MD5: 5c825ffa731a886ff1a87b6821f5805f
SHA-256: d7578c8b408772f960a8bc1fc9143083b76d28368ceb5eb682f004315f58686c
librsvg2-debuginfo-2.26.0-5.el6_1.1.i686.rpm
File outdated by:  RHSA-2014:0127
    MD5: c12dd7ee9667e70650b354b3f718316c
SHA-256: 8cbf8392f40c54d42d62a92768849c946e84d39abb88d2d181e7f96d15d21c81
librsvg2-debuginfo-2.26.0-5.el6_1.1.x86_64.rpm
File outdated by:  RHSA-2014:0127
    MD5: 5d649d7deb8c2c73279e63428c572af0
SHA-256: 4fceae36b38c16ae7f3d3b36ec778f7779ea1a73ce99509c25d506b1ce4baa5e
librsvg2-devel-2.26.0-5.el6_1.1.i686.rpm
File outdated by:  RHSA-2014:0127
    MD5: 18afee26b02b236c38553c6cded1b5ab
SHA-256: 68bcbf5ceb0fcfcaf53007b6b3366c566813fb314c5a003d6b445c644d98aa4b
librsvg2-devel-2.26.0-5.el6_1.1.x86_64.rpm
File outdated by:  RHSA-2014:0127
    MD5: 0128959752a953002eb95f9e363bae7d
SHA-256: ed7b2c5a80af074484499dd578ac9ffb3509adc8868d8976c7e334e498d21ab9
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

734936 - CVE-2011-3146 librsvg: NULL pointer dereference flaw


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/