|| ||Marc Deslauriers <firstname.lastname@example.org> |
|| ||email@example.com |
|| ||[USN-1712-1] Inkscape vulnerabilities |
|| ||Wed, 30 Jan 2013 10:54:09 -0500|
|| ||Article, Thread
Ubuntu Security Notice USN-1712-1
January 30, 2013
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 10.04 LTS
Several security issues were fixed in Inkscape.
- inkscape: vector-based drawing program
It was discoverd that Inkscape incorrectly handled XML external entities in
SVG files. If a user were tricked into opening a specially-crafted SVG
file, Inkscape could possibly include external files in drawings, resulting
in information disclosure. (CVE-2012-5656)
It was discovered that Inkscape attempted to open certain files from the
/tmp directory instead of the current directory. A local attacker could
trick a user into opening a different file than the one that was intended.
This issue only applied to Ubuntu 11.10, Ubuntu 12.04 LTS and Ubuntu 12.10.
The problem can be corrected by updating your system to the following
Ubuntu 12.04 LTS:
Ubuntu 10.04 LTS:
In general, a standard system update will make all the necessary changes.
ubuntu-security-announce mailing list
Modify settings or unsubscribe at:
to post comments)