Updated librsvg and gtk+3.0 packages fix security vulnerability
Publication date: 06 Jan 2014Modification date: 06 Jan 2014
Type: security
Affected Mageia releases : 3
CVE: CVE-2013-1881
Description
librsvg before version 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference (CVE-2013-1881). gtk+3.0 has been patched to cope with the changes in SVG loading due to the fix in librsvg.
References
SRPMS
3/core
- librsvg-2.36.4-2.1.mga3
- gtk+3.0-3.6.4-1.1.mga3