An updated package that corrects upstream bug 924414 has just been
pushed to all SL6 versions.
Pat
On 02/03/2014 02:15 PM, Pat Riehecky wrote:
> Synopsis: Moderate: librsvg2 security update
> Advisory ID: SLSA-2014:0127-1
> Issue Date: 2014-02-03
> CVE Numbers: CVE-2013-1881
> --
>
> An XML External Entity expansion flaw was found in the way librsvg2
> processed SVG files. If a user were to open a malicious SVG file, a remote
> attacker could possibly obtain a copy of the local resources that the user
> had access to. (CVE-2013-1881)
>
> All running applications that use librsvg2 must be restarted for this
> update to take effect.
> --
>
> SL6
> x86_64
> librsvg2-2.26.0-6.el6_5.2.i686.rpm
> librsvg2-2.26.0-6.el6_5.2.x86_64.rpm
> librsvg2-debuginfo-2.26.0-6.el6_5.2.i686.rpm
> librsvg2-debuginfo-2.26.0-6.el6_5.2.x86_64.rpm
> librsvg2-devel-2.26.0-6.el6_5.2.i686.rpm
> librsvg2-devel-2.26.0-6.el6_5.2.x86_64.rpm
> i386
> librsvg2-2.26.0-6.el6_5.2.i686.rpm
> librsvg2-debuginfo-2.26.0-6.el6_5.2.i686.rpm
> librsvg2-devel-2.26.0-6.el6_5.2.i686.rpm
>
> - Scientific Linux Development Team