SCIENTIFIC-LINUX-ERRATA Archives

February 2014

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: Security ERRATA Moderate: librsvg2 on SL6.x i386/x86_64
From:
Pat Riehecky <[log in to unmask]>
Reply To:
Pat Riehecky <[log in to unmask]>
Date:
Tue, 4 Feb 2014 19:00:22 -0600
Content-Type:
text/plain
Parts/Attachments:
text/plain (43 lines) 
An updated package that corrects upstream bug 924414 has just been 
pushed to all SL6 versions.

Pat

On 02/03/2014 02:15 PM, Pat Riehecky wrote:
> Synopsis:          Moderate: librsvg2 security update
> Advisory ID:       SLSA-2014:0127-1
> Issue Date:        2014-02-03
> CVE Numbers:       CVE-2013-1881
> --
>
> An XML External Entity expansion flaw was found in the way librsvg2
> processed SVG files. If a user were to open a malicious SVG file, a remote
> attacker could possibly obtain a copy of the local resources that the user
> had access to. (CVE-2013-1881)
>
> All running applications that use librsvg2 must be restarted for this
> update to take effect.
> --
>
> SL6
>    x86_64
>      librsvg2-2.26.0-6.el6_5.2.i686.rpm
>      librsvg2-2.26.0-6.el6_5.2.x86_64.rpm
>      librsvg2-debuginfo-2.26.0-6.el6_5.2.i686.rpm
>      librsvg2-debuginfo-2.26.0-6.el6_5.2.x86_64.rpm
>      librsvg2-devel-2.26.0-6.el6_5.2.i686.rpm
>      librsvg2-devel-2.26.0-6.el6_5.2.x86_64.rpm
>    i386
>      librsvg2-2.26.0-6.el6_5.2.i686.rpm
>      librsvg2-debuginfo-2.26.0-6.el6_5.2.i686.rpm
>      librsvg2-devel-2.26.0-6.el6_5.2.i686.rpm
>
> - Scientific Linux Development Team


-- 
Pat Riehecky

Scientific Linux developer
http://www.scientificlinux.org/

ATOM RSS1 RSS2