Oval Definition:oval:com.redhat.rhsa:def:20140127
Revision Date:2014-02-04Version:639
Title:RHSA-2014:0127: librsvg2 security update (Moderate)
Description:The librsvg2 packages provide an SVG (Scalable Vector Graphics) library based on libart.

  • An XML External Entity expansion flaw was found in the way librsvg2 processed SVG files. If a user were to open a malicious SVG file, a remote attacker could possibly obtain a copy of the local resources that the user had access to. (CVE-2013-1881)

    All librsvg2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications that use librsvg2 must be restarted for this update to take effect.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2013-1881
    CVE-2013-1881
    RHSA-2014:0127
    RHSA-2014:0127-01
    RHSA-2014:0127-04
    Platform(s):Red Hat Enterprise Linux 6
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 6 is installed
  • AND
  • librsvg2 is earlier than 0:2.26.0-6.el6_5.3
  • AND librsvg2 is signed with Red Hat redhatrelease2 key
  • librsvg2-devel is earlier than 0:2.26.0-6.el6_5.3
  • AND librsvg2-devel is signed with Red Hat redhatrelease2 key
    • BACK