USN-2149-1: librsvg vulnerability
17 March 2014
Librsvg could be made to expose sensitive information.
Releases
Packages
- librsvg - renderer library for SVG files
Details
It was discovered that librsvg would load XML external entities by default.
If a user were tricked into viewing a specially crafted SVG file, an
attacker could possibly obtain access to arbitrary files.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 13.10
Ubuntu 12.10
Ubuntu 12.04
After a standard system update you need to restart your session to make all
the necessary changes.