Test ID:	1.3.6.1.4.1.25623.1.0.854051
Category:	SuSE Local Security Checks
Title:	openSUSE: Security Advisory for python-CairoSVG, (openSUSE-SU-2021:1134-1)
Summary:	The remote host is missing an update for the 'python-CairoSVG, '; package(s) announced via the openSUSE-SU-2021:1134-1 advisory.
Description:	Summary: The remote host is missing an update for the 'python-CairoSVG, ' package(s) announced via the openSUSE-SU-2021:1134-1 advisory. Vulnerability Insight: This update for python-CairoSVG, python-Pillow fixes the following issues: Update to version 2.5.1. * Security fix: When processing SVG files, CairoSVG was using two regular expressions which are vulnerable to Regular Expression Denial of Service (REDoS). If an attacker provided a malicious SVG, it could make CairoSVG get stuck processing the file for a very long time. * Fix marker positions for unclosed paths * Follow hint when only output_width or output_height is set * Handle opacity on raster images * Dont crash when use tags reference unknown tags * Take care of the next letter when A/a is replaced by l * Fix misalignment in node.vertices Updates for version 2.5.0. * Drop support of Python 3.5, add support of Python 3.9. * Add EPS export * Add background-color, negate-colors, and invert-images options * Improve support for font weights * Fix opacity of patterns and gradients * Support auto-start-reverse value for orient * Draw images contained in defs * Add Exif transposition support * Handle dominant-baseline * Support transform-origin python-Pillow update to version 8.3.1: * Catch OSError when checking if fp is sys.stdout #5585 [radarhere] * Handle removing orientation from alternate types of EXIF data #5584 [radarhere] * Make Image.__array__ take optional dtype argument #5572 [t-vi, radarhere] * Use snprintf instead of sprintf. CVE-2021-34552 #5567 [radarhere] * Limit TIFF strip size when saving with LibTIFF #5514 [kmilos] * Allow ICNS save on all operating systems #4526 [baletu, radarhere, newpanjing, hugovk] * De-zigzag JPEG' s DQT when loading deprecate convert_dict_qtables #4989 [gofr, radarhere] * Replaced xml.etree.ElementTree #5565 [radarhere] * Moved CVE image to pillow-depends #5561 [radarhere] * Added tag data for IFD groups #5554 [radarhere] * Improved ImagePalette #5552 [radarhere] * Add DDS saving #5402 [radarhere] * Improved getxmp() #5455 [radarhere] * Convert to float for comparison with float in IFDRational __eq__ #5412 [radarhere] * Allow getexif() to access TIFF tag_v2 data #5416 [radarhere] * Read FITS image mode and size #5405 [radarhere] * Merge parallel horizontal edges in ImagingDrawPolygon #5347 [radarhere, hrdrq] * Use transparency behind first GIF frame and when disposing to background #5557 [radarhere, zewt] * Avoid unstable nature of qsort in Quant.c #5367 [radarhe ... Description truncated. Please see the references for more information. Affected Software/OS: 'python-CairoSVG, ' package(s) on openSUSE Leap 15.2. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2020-15999 Debian Security Information: DSA-4824 (Google Search) https://www.debian.org/security/2021/dsa-4824 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J3QVIGAAJ4D62YEJAJJWMCCBCOQ6TVL7/ http://seclists.org/fulldisclosure/2020/Nov/33 https://security.gentoo.org/glsa/202011-12 https://security.gentoo.org/glsa/202012-04 https://security.gentoo.org/glsa/202401-19 https://googleprojectzero.blogspot.com/p/rca-cve-2020-15999.html https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html https://crbug.com/1139963 SuSE Security Announcement: openSUSE-SU-2020:1829 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html Common Vulnerability Exposure (CVE) ID: CVE-2020-35653 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE/ https://pillow.readthedocs.io/en/stable/releasenotes/index.html https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html Common Vulnerability Exposure (CVE) ID: CVE-2020-35654 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/ Common Vulnerability Exposure (CVE) ID: CVE-2020-35655 Common Vulnerability Exposure (CVE) ID: CVE-2021-25289 https://security.gentoo.org/glsa/202107-33 https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html Common Vulnerability Exposure (CVE) ID: CVE-2021-25290 Common Vulnerability Exposure (CVE) ID: CVE-2021-25291 Common Vulnerability Exposure (CVE) ID: CVE-2021-25292 Common Vulnerability Exposure (CVE) ID: CVE-2021-25293 Common Vulnerability Exposure (CVE) ID: CVE-2021-27921 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/ Common Vulnerability Exposure (CVE) ID: CVE-2021-27922 Common Vulnerability Exposure (CVE) ID: CVE-2021-27923 Common Vulnerability Exposure (CVE) ID: CVE-2021-34552 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUGBBT63VL7G4JNOEIPDJIOC34ZFBKNJ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7V6LCG525ARIX6LX5QRYNAWVDD2MD2SV/ https://security.gentoo.org/glsa/202211-10 https://pillow.readthedocs.io/en/stable/releasenotes/8.3.0.html#buffer-overflow
Copyright	Copyright (C) 2021 Greenbone Networks GmbH

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.