Advisories » MGASA-2014-0004

Updated librsvg and gtk+3.0 packages fix security vulnerability

Publication date: 06 Jan 2014
Modification date: 06 Jan 2014
Type: security
Affected Mageia releases : 3
CVE: CVE-2013-1881

Description

librsvg before version 2.39.0 allows remote attackers to read arbitrary files
via an XML document containing an external entity declaration in conjunction
with an entity reference (CVE-2013-1881).

gtk+3.0 has been patched to cope with the changes in SVG loading due to the
fix in librsvg.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=11853
• http://lists.opensuse.org/opensuse-updates/2013-11/msg00114.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1881

SRPMS

3/core

• librsvg-2.36.4-2.1.mga3
• gtk+3.0-3.6.4-1.1.mga3