An updated package that corrects upstream bug 924414 has just been 
pushed to all SL6 versions.

Pat

On 02/03/2014 02:15 PM, Pat Riehecky wrote:
> Synopsis:          Moderate: librsvg2 security update
> Advisory ID:       SLSA-2014:0127-1
> Issue Date:        2014-02-03
> CVE Numbers:       CVE-2013-1881
> --
>
> An XML External Entity expansion flaw was found in the way librsvg2
> processed SVG files. If a user were to open a malicious SVG file, a remote
> attacker could possibly obtain a copy of the local resources that the user
> had access to. (CVE-2013-1881)
>
> All running applications that use librsvg2 must be restarted for this
> update to take effect.
> --
>
> SL6
>    x86_64
>      librsvg2-2.26.0-6.el6_5.2.i686.rpm
>      librsvg2-2.26.0-6.el6_5.2.x86_64.rpm
>      librsvg2-debuginfo-2.26.0-6.el6_5.2.i686.rpm
>      librsvg2-debuginfo-2.26.0-6.el6_5.2.x86_64.rpm
>      librsvg2-devel-2.26.0-6.el6_5.2.i686.rpm
>      librsvg2-devel-2.26.0-6.el6_5.2.x86_64.rpm
>    i386
>      librsvg2-2.26.0-6.el6_5.2.i686.rpm
>      librsvg2-debuginfo-2.26.0-6.el6_5.2.i686.rpm
>      librsvg2-devel-2.26.0-6.el6_5.2.i686.rpm
>
> - Scientific Linux Development Team


-- 
Pat Riehecky

Scientific Linux developer
http://www.scientificlinux.org/