Advisories » MGASA-2017-0151

Updated perl-Image-Info packages fix security vulnerability

Publication date: 29 May 2017
Modification date: 29 May 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-9181

Description

A crafted SVG file could have caused information disclosure or denial of
service by using external entitity expansion (XXE). This is a potentially
incompatible change; however usually SVG files do not rely on XXE
(CVE-2016-9181).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=19669
• https://lists.opensuse.org/opensuse-updates/2017-03/msg00028.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9181

SRPMS

5/core

• perl-Image-Info-1.360.0-4.1.mga5