| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 17 Jan 2014 14:30:00 +0100 From: security@...driva.com To: full-disclosure@...ts.grok.org.uk Subject: [ MDVSA-2014:009 ] librsvg -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2014:009 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : librsvg Date : January 17, 2014 Affected: Business Server 1.0, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: Updated librsvg and gtk+3.0 packages fix security vulnerability: librsvg before version 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference (CVE-2013-1881). For Business Server 1 gtk+3.0 has been patched to cope with the changes in SVG loading due to the fix in librsvg. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1881 http://advisories.mageia.org/MGASA-2014-0004.html _______________________________________________________________________ Updated Packages: Mandriva Enterprise Server 5: 37113a420ba5a53100cf39b3f605e77e mes5/i586/librsvg2_2-2.22.3-1.1mdvmes5.2.i586.rpm a4555e9908e85e425275df23d3edc0e0 mes5/i586/librsvg-2.22.3-1.1mdvmes5.2.i586.rpm 037dd79c6e4ca583d8631b2e846ae45e mes5/i586/librsvg2-devel-2.22.3-1.1mdvmes5.2.i586.rpm f7850fb1281aee8ad878b58d7da97d94 mes5/SRPMS/librsvg-2.22.3-1.1mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: b0506f0fdf820aa4e832e119dd8521bc mes5/x86_64/lib64rsvg2_2-2.22.3-1.1mdvmes5.2.x86_64.rpm 13fe6bdc8aeb3705036b86e1de5e20ba mes5/x86_64/lib64rsvg2-devel-2.22.3-1.1mdvmes5.2.x86_64.rpm 5f768d5b0f0641fb2bcbc822f0467bbd mes5/x86_64/librsvg-2.22.3-1.1mdvmes5.2.x86_64.rpm f7850fb1281aee8ad878b58d7da97d94 mes5/SRPMS/librsvg-2.22.3-1.1mdvmes5.2.src.rpm Mandriva Business Server 1/X86_64: 44b763852521caf2ee1bd1ced98d671d mbs1/x86_64/gtk+3.0-3.4.1-3.1.mbs1.x86_64.rpm a789904da15e8993987ad3840f6be197 mbs1/x86_64/lib64gail3_0-3.4.1-3.1.mbs1.x86_64.rpm e271bfbcc262565eae856c3b8d576875 mbs1/x86_64/lib64gail3.0-devel-3.4.1-3.1.mbs1.x86_64.rpm cc7dc71ae837280c280f1a2e49a18f07 mbs1/x86_64/lib64gtk+3_0-3.4.1-3.1.mbs1.x86_64.rpm eea69dd8f52d83811571c345a6fbca15 mbs1/x86_64/lib64gtk+3.0-devel-3.4.1-3.1.mbs1.x86_64.rpm 41561e7183e4df127530943708b09e18 mbs1/x86_64/lib64gtk-gir3.0-3.4.1-3.1.mbs1.x86_64.rpm 5689ab1dd054219f87730ae0be62a930 mbs1/x86_64/lib64rsvg2_2-2.36.0-2.1.mbs1.x86_64.rpm 650ae722b83bdd14c90a105e4d79a3d4 mbs1/x86_64/lib64rsvg2-devel-2.36.0-2.1.mbs1.x86_64.rpm 6cdf67c0e74d4120b0b4759e3550d4e8 mbs1/x86_64/lib64rsvg-gir2.0-2.36.0-2.1.mbs1.x86_64.rpm feb51a155113502b3e3eb622eb81147d mbs1/x86_64/librsvg-2.36.0-2.1.mbs1.x86_64.rpm b65bbf46a938e2388891c5a053fea790 mbs1/SRPMS/gtk+3.0-3.4.1-3.1.mbs1.src.rpm e3e0e27f4876607098a40ac9bae9e87a mbs1/SRPMS/librsvg-2.36.0-2.1.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFS2QSDmqjQ0CJFipgRAhMPAJ9J8GfBJriV4JHg2Y6MHIU3xGYkLQCdEkct VEZVu+z3gNCfW1GWRu+ziaA= =QXNm -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists