User: Password:
|
|
Subscribe / Log in / New account

Mageia alert MGASA-2014-0004 (librsvg)

From:  Mageia Updates <buildsystem-daemon@mageia.org>
To:  updates-announce@ml.mageia.org
Subject:  [updates-announce] MGASA-2014-0004: Updated librsvg and gtk+3.0 packages fix security vulnerability
Date:  Mon, 6 Jan 2014 02:08:26 +0100
Message-ID:  <20140106010827.0767B58FC5@valstar.mageia.org>

MGASA-2014-0004 - Updated librsvg and gtk+3.0 packages fix security vulnerability Publication date: 06 Jan 2014 URL: http://advisories.mageia.org/MGASA-2014-0004.html Type: security Affected Mageia releases: 3 CVE: CVE-2013-1881 Description: librsvg before version 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference (CVE-2013-1881). gtk+3.0 has been patched to cope with the changes in SVG loading due to the fix in librsvg. References: - https://bugs.mageia.org/show_bug.cgi?id=11853 - http://lists.opensuse.org/opensuse-updates/2013-11/msg001... - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1881 SRPMS: - 3/core/librsvg-2.36.4-2.1.mga3 - 3/core/gtk+3.0-3.6.4-1.1.mga3


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds