Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:30261
HistoryJan 29, 2014 - 12:00 a.m.

[ MDVSA-2014:009 ] librsvg

2014-01-2900:00:00
vulners.com
15
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mandriva Linux Security Advisory MDVSA-2014:009
http://www.mandriva.com/en/support/security/

Package : librsvg
Date : January 17, 2014
Affected: Business Server 1.0, Enterprise Server 5.0

Problem Description:

Updated librsvg and gtk+3.0 packages fix security vulnerability:

librsvg before version 2.39.0 allows remote attackers to read arbitrary
files via an XML document containing an external entity declaration
in conjunction with an entity reference (CVE-2013-1881).

For Business Server 1 gtk+3.0 has been patched to cope with the
changes in SVG loading due to the fix in librsvg.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1881
http://advisories.mageia.org/MGASA-2014-0004.html

Updated Packages:

Mandriva Enterprise Server 5:
37113a420ba5a53100cf39b3f605e77e mes5/i586/librsvg2_2-2.22.3-1.1mdvmes5.2.i586.rpm
a4555e9908e85e425275df23d3edc0e0 mes5/i586/librsvg-2.22.3-1.1mdvmes5.2.i586.rpm
037dd79c6e4ca583d8631b2e846ae45e mes5/i586/librsvg2-devel-2.22.3-1.1mdvmes5.2.i586.rpm
f7850fb1281aee8ad878b58d7da97d94 mes5/SRPMS/librsvg-2.22.3-1.1mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64:
b0506f0fdf820aa4e832e119dd8521bc mes5/x86_64/lib64rsvg2_2-2.22.3-1.1mdvmes5.2.x86_64.rpm
13fe6bdc8aeb3705036b86e1de5e20ba mes5/x86_64/lib64rsvg2-devel-2.22.3-1.1mdvmes5.2.x86_64.rpm
5f768d5b0f0641fb2bcbc822f0467bbd mes5/x86_64/librsvg-2.22.3-1.1mdvmes5.2.x86_64.rpm
f7850fb1281aee8ad878b58d7da97d94 mes5/SRPMS/librsvg-2.22.3-1.1mdvmes5.2.src.rpm

Mandriva Business Server 1/X86_64:
44b763852521caf2ee1bd1ced98d671d mbs1/x86_64/gtk+3.0-3.4.1-3.1.mbs1.x86_64.rpm
a789904da15e8993987ad3840f6be197 mbs1/x86_64/lib64gail3_0-3.4.1-3.1.mbs1.x86_64.rpm
e271bfbcc262565eae856c3b8d576875 mbs1/x86_64/lib64gail3.0-devel-3.4.1-3.1.mbs1.x86_64.rpm
cc7dc71ae837280c280f1a2e49a18f07 mbs1/x86_64/lib64gtk+3_0-3.4.1-3.1.mbs1.x86_64.rpm
eea69dd8f52d83811571c345a6fbca15 mbs1/x86_64/lib64gtk+3.0-devel-3.4.1-3.1.mbs1.x86_64.rpm
41561e7183e4df127530943708b09e18 mbs1/x86_64/lib64gtk-gir3.0-3.4.1-3.1.mbs1.x86_64.rpm
5689ab1dd054219f87730ae0be62a930 mbs1/x86_64/lib64rsvg2_2-2.36.0-2.1.mbs1.x86_64.rpm
650ae722b83bdd14c90a105e4d79a3d4 mbs1/x86_64/lib64rsvg2-devel-2.36.0-2.1.mbs1.x86_64.rpm
6cdf67c0e74d4120b0b4759e3550d4e8 mbs1/x86_64/lib64rsvg-gir2.0-2.36.0-2.1.mbs1.x86_64.rpm
feb51a155113502b3e3eb622eb81147d mbs1/x86_64/librsvg-2.36.0-2.1.mbs1.x86_64.rpm
b65bbf46a938e2388891c5a053fea790 mbs1/SRPMS/gtk+3.0-3.4.1-3.1.mbs1.src.rpm
e3e0e27f4876607098a40ac9bae9e87a mbs1/SRPMS/librsvg-2.36.0-2.1.mbs1.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFS2QSDmqjQ0CJFipgRAhMPAJ9J8GfBJriV4JHg2Y6MHIU3xGYkLQCdEkct
VEZVu+z3gNCfW1GWRu+ziaA=
=QXNm
-----END PGP SIGNATURE-----

Related

openvas 9
nessus 9
suse 1
cve 1
centos 1
ubuntu 2
prion 1
mageia 1
debiancve 1
ubuntucve 1
redhat 1
securityvulns 1
veracode 1
oraclelinux 1
openvas
openvas
Oracle Linux Local Check: ELSA-2014-0127
2015-10-06 00:00:00
RedHat Update for librsvg2 RHSA-2014:0127-01
2014-02-11 00:00:00
Ubuntu Update for librsvg USN-2149-1
2014-03-20 00:00:00
nessus
nessus
Ubuntu 12.04 LTS / 12.10 / 13.10 : librsvg vulnerability (USN-2149-1)
2014-03-18 00:00:00
SUSE SLED11 / SLES11 Security Update : librsvg (SUSE-SU-2015:1785-1)
2015-10-22 00:00:00
Oracle Linux 6 : librsvg2 (ELSA-2014-0127)
2014-02-04 00:00:00
suse
suse
Security update for librsvg (important)
2015-10-20 13:10:05
cve
cve
CVE-2013-1881
2013-10-10 00:55:00
centos
centos
librsvg2 security update
2014-02-04 05:35:04
ubuntu
ubuntu
librsvg vulnerability
2014-03-17 00:00:00
GTK+ update
2014-03-17 00:00:00
prion
prion
Xxe
2013-10-10 00:55:00
mageia
mageia
Updated librsvg and gtk+3.0 packages fix security vulnerability
2014-01-06 05:08:20
debiancve
debiancve
CVE-2013-1881
2013-10-10 00:55:00
ubuntucve
ubuntucve
CVE-2013-1881
2013-10-09 00:00:00
redhat
redhat
(RHSA-2014:0127) Moderate: librsvg2 security update
2014-02-03 00:00:00
securityvulns
securityvulns
libsvg information leakage
2014-01-29 00:00:00
veracode
veracode
XML External Entity (XXE)
2019-01-15 08:56:03
oraclelinux
oraclelinux
librsvg2 security update (updated 02/05/2014)
2014-02-03 00:00:00
JSON
Related for SECURITYVULNS:DOC:30261
openvas9nessus9suse1cve1centos1ubuntu2prion1mageia1debiancve1ubuntucve1redhat1securityvulns1veracode1oraclelinux1