[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1W49Um-0004wg-Kx@titan.mandriva.com>
Date: Fri, 17 Jan 2014 14:30:00 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2014:009 ] librsvg
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2014:009
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : librsvg
Date : January 17, 2014
Affected: Business Server 1.0, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Updated librsvg and gtk+3.0 packages fix security vulnerability:
librsvg before version 2.39.0 allows remote attackers to read arbitrary
files via an XML document containing an external entity declaration
in conjunction with an entity reference (CVE-2013-1881).
For Business Server 1 gtk+3.0 has been patched to cope with the
changes in SVG loading due to the fix in librsvg.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1881
http://advisories.mageia.org/MGASA-2014-0004.html
_______________________________________________________________________
Updated Packages:
Mandriva Enterprise Server 5:
37113a420ba5a53100cf39b3f605e77e mes5/i586/librsvg2_2-2.22.3-1.1mdvmes5.2.i586.rpm
a4555e9908e85e425275df23d3edc0e0 mes5/i586/librsvg-2.22.3-1.1mdvmes5.2.i586.rpm
037dd79c6e4ca583d8631b2e846ae45e mes5/i586/librsvg2-devel-2.22.3-1.1mdvmes5.2.i586.rpm
f7850fb1281aee8ad878b58d7da97d94 mes5/SRPMS/librsvg-2.22.3-1.1mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64:
b0506f0fdf820aa4e832e119dd8521bc mes5/x86_64/lib64rsvg2_2-2.22.3-1.1mdvmes5.2.x86_64.rpm
13fe6bdc8aeb3705036b86e1de5e20ba mes5/x86_64/lib64rsvg2-devel-2.22.3-1.1mdvmes5.2.x86_64.rpm
5f768d5b0f0641fb2bcbc822f0467bbd mes5/x86_64/librsvg-2.22.3-1.1mdvmes5.2.x86_64.rpm
f7850fb1281aee8ad878b58d7da97d94 mes5/SRPMS/librsvg-2.22.3-1.1mdvmes5.2.src.rpm
Mandriva Business Server 1/X86_64:
44b763852521caf2ee1bd1ced98d671d mbs1/x86_64/gtk+3.0-3.4.1-3.1.mbs1.x86_64.rpm
a789904da15e8993987ad3840f6be197 mbs1/x86_64/lib64gail3_0-3.4.1-3.1.mbs1.x86_64.rpm
e271bfbcc262565eae856c3b8d576875 mbs1/x86_64/lib64gail3.0-devel-3.4.1-3.1.mbs1.x86_64.rpm
cc7dc71ae837280c280f1a2e49a18f07 mbs1/x86_64/lib64gtk+3_0-3.4.1-3.1.mbs1.x86_64.rpm
eea69dd8f52d83811571c345a6fbca15 mbs1/x86_64/lib64gtk+3.0-devel-3.4.1-3.1.mbs1.x86_64.rpm
41561e7183e4df127530943708b09e18 mbs1/x86_64/lib64gtk-gir3.0-3.4.1-3.1.mbs1.x86_64.rpm
5689ab1dd054219f87730ae0be62a930 mbs1/x86_64/lib64rsvg2_2-2.36.0-2.1.mbs1.x86_64.rpm
650ae722b83bdd14c90a105e4d79a3d4 mbs1/x86_64/lib64rsvg2-devel-2.36.0-2.1.mbs1.x86_64.rpm
6cdf67c0e74d4120b0b4759e3550d4e8 mbs1/x86_64/lib64rsvg-gir2.0-2.36.0-2.1.mbs1.x86_64.rpm
feb51a155113502b3e3eb622eb81147d mbs1/x86_64/librsvg-2.36.0-2.1.mbs1.x86_64.rpm
b65bbf46a938e2388891c5a053fea790 mbs1/SRPMS/gtk+3.0-3.4.1-3.1.mbs1.src.rpm
e3e0e27f4876607098a40ac9bae9e87a mbs1/SRPMS/librsvg-2.36.0-2.1.mbs1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFS2QSDmqjQ0CJFipgRAhMPAJ9J8GfBJriV4JHg2Y6MHIU3xGYkLQCdEkct
VEZVu+z3gNCfW1GWRu+ziaA=
=QXNm
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists