An updated package that corrects upstream bug 924414 has just been pushed to all SL6 versions. Pat On 02/03/2014 02:15 PM, Pat Riehecky wrote: > Synopsis: Moderate: librsvg2 security update > Advisory ID: SLSA-2014:0127-1 > Issue Date: 2014-02-03 > CVE Numbers: CVE-2013-1881 > -- > > An XML External Entity expansion flaw was found in the way librsvg2 > processed SVG files. If a user were to open a malicious SVG file, a remote > attacker could possibly obtain a copy of the local resources that the user > had access to. (CVE-2013-1881) > > All running applications that use librsvg2 must be restarted for this > update to take effect. > -- > > SL6 > x86_64 > librsvg2-2.26.0-6.el6_5.2.i686.rpm > librsvg2-2.26.0-6.el6_5.2.x86_64.rpm > librsvg2-debuginfo-2.26.0-6.el6_5.2.i686.rpm > librsvg2-debuginfo-2.26.0-6.el6_5.2.x86_64.rpm > librsvg2-devel-2.26.0-6.el6_5.2.i686.rpm > librsvg2-devel-2.26.0-6.el6_5.2.x86_64.rpm > i386 > librsvg2-2.26.0-6.el6_5.2.i686.rpm > librsvg2-debuginfo-2.26.0-6.el6_5.2.i686.rpm > librsvg2-devel-2.26.0-6.el6_5.2.i686.rpm > > - Scientific Linux Development Team -- Pat Riehecky Scientific Linux developer http://www.scientificlinux.org/