Advisories ยป MGASA-2014-0004

Updated librsvg and gtk+3.0 packages fix security vulnerability

Publication date: 06 Jan 2014
Type: security
Affected Mageia releases : 3
CVE: CVE-2013-1881

Description

librsvg before version 2.39.0 allows remote attackers to read arbitrary files
via an XML document containing an external entity declaration in conjunction
with an entity reference (CVE-2013-1881).

gtk+3.0 has been patched to cope with the changes in SVG loading due to the
fix in librsvg.
                

References

SRPMS

3/core