MGASA-2014-0004

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2014-0004.html

Import Source

https://advisories.mageia.org/MGASA-2014-0004.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2014-0004

Related

CVE-2013-1881

Published

2014-01-06T01:08:20Z

Modified

2014-01-06T01:08:16Z

Summary

Updated librsvg and gtk+3.0 packages fix security vulnerability

Details

librsvg before version 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference (CVE-2013-1881).

gtk+3.0 has been patched to cope with the changes in SVG loading due to the fix in librsvg.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:3 / librsvg

Package

Name: librsvg
Purl: pkg:rpm/mageia/librsvg?distro=mageia-3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.36.4-2.1.mga3

Ecosystem specific

{
    "section": "core"
}

Mageia:3 / gtk+3.0

Package

Name: gtk+3.0
Purl: pkg:rpm/mageia/gtk+3.0?distro=mageia-3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

gtk+3.0-3.6.4-1.1.mga3

Ecosystem specific

{
    "section": "core"
}