User: Password:
|
|
Subscribe / Log in / New account

Scientific Linux alert SLSA-2014:0127-1 (librsvg2)

From:  Pat Riehecky <riehecky@fnal.gov>
To:  "SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV" <SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV>
Subject:  Re: [SCIENTIFIC-LINUX-ERRATA] Security ERRATA Moderate: librsvg2 on SL6.x i386/x86_64
Date:  Tue, 4 Feb 2014 19:00:22 -0600
Message-ID:  <52F18D26.7090609@fnal.gov>

An updated package that corrects upstream bug 924414 has just been pushed to all SL6 versions. Pat On 02/03/2014 02:15 PM, Pat Riehecky wrote: > Synopsis: Moderate: librsvg2 security update > Advisory ID: SLSA-2014:0127-1 > Issue Date: 2014-02-03 > CVE Numbers: CVE-2013-1881 > -- > > An XML External Entity expansion flaw was found in the way librsvg2 > processed SVG files. If a user were to open a malicious SVG file, a remote > attacker could possibly obtain a copy of the local resources that the user > had access to. (CVE-2013-1881) > > All running applications that use librsvg2 must be restarted for this > update to take effect. > -- > > SL6 > x86_64 > librsvg2-2.26.0-6.el6_5.2.i686.rpm > librsvg2-2.26.0-6.el6_5.2.x86_64.rpm > librsvg2-debuginfo-2.26.0-6.el6_5.2.i686.rpm > librsvg2-debuginfo-2.26.0-6.el6_5.2.x86_64.rpm > librsvg2-devel-2.26.0-6.el6_5.2.i686.rpm > librsvg2-devel-2.26.0-6.el6_5.2.x86_64.rpm > i386 > librsvg2-2.26.0-6.el6_5.2.i686.rpm > librsvg2-debuginfo-2.26.0-6.el6_5.2.i686.rpm > librsvg2-devel-2.26.0-6.el6_5.2.i686.rpm > > - Scientific Linux Development Team -- Pat Riehecky Scientific Linux developer http://www.scientificlinux.org/


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds