drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in libRSVG
| Name: |
Ausführen beliebiger Kommandos in libRSVG |
|
| ID: |
USN-1206-1 |
|
| Distribution: |
Ubuntu |
|
| Plattformen: |
Ubuntu 10.04 LTS, Ubuntu 10.10, Ubuntu 11.04 |
|
| Datum: |
Mi, 14. September 2011, 08:07 |
|
| Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3146 |
|
Originalnachricht |
--===============7876380578359048242==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="a+b56+3nqLzpiR9O"
Content-Disposition: inline
--a+b56+3nqLzpiR9O
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
==========================================================================
Ubuntu Security Notice USN-1206-1
September 13, 2011
librsvg vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS
Summary:
SVG image rendering library has had flaws fixed.
Software Description:
- librsvg: Rendering library for SVG files
Details:
Sauli Pahlman discovered that librsvg did not correctly handle malformed
filter names. If a user or automated system were tricked into processing a
specially crafted SVG image, a remote attacker could gain user privileges.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 11.04:
librsvg2-2 2.32.1-0ubuntu3.1
librsvg2-bin 2.32.1-0ubuntu3.1
librsvg2-common 2.32.1-0ubuntu3.1
librsvg2-dev 2.32.1-0ubuntu3.1
Ubuntu 10.10:
librsvg2-2 2.32.0-0ubuntu1.1
librsvg2-bin 2.32.0-0ubuntu1.1
librsvg2-common 2.32.0-0ubuntu1.1
librsvg2-dev 2.32.0-0ubuntu1.1
Ubuntu 10.04 LTS:
librsvg2-2 2.26.3-0ubuntu1.1
librsvg2-bin 2.26.3-0ubuntu1.1
librsvg2-common 2.26.3-0ubuntu1.1
librsvg2-dev 2.26.3-0ubuntu1.1
After a standard system update you need to restart your session to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1206-1
CVE-2011-3146
Package Information:
https://launchpad.net/ubuntu/+source/librsvg/2.32.1-0ubuntu3.1
https://launchpad.net/ubuntu/+source/librsvg/2.32.0-0ubuntu1.1
https://launchpad.net/ubuntu/+source/librsvg/2.26.3-0ubuntu1.1
--a+b56+3nqLzpiR9O
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Kees Cook <kees@outflux.net>
iQIcBAEBCgAGBQJOb81CAAoJEIly9N/cbcAmwVwP/A1Imba/0KvMuHyO8/G/ihuV
shNp65N/YNbsvcMbMyHvcoKVGTiX/si7DLc6OFNarNOW7107I/IgmUaOTJhlFIMO
hZq7lHwW6tfrblfdhT64zK5fVPoG62BCYSmeGUYmRGEro8uum3aAg9gU0z5HTxqK
V3yTbB9edoVZJAgdlFo2EcptebCUEo13uADLO3FBoU88HeFQLeuaY89nfVzOMmvs
ff2k4y1AtVJKWPAPBq5lGcJH5IORKOB1ARctsVqC5j3tOjX13l/SooSbVzxu2Xiq
k9xtN/rzfDtXu9UXZpbNU+bCnJh6EQEM6m1OA8Fa+CDGWCWHoCfsQr0yeJ3dVgPI
bttZmqy4SpgBC4KbofoM4UkI88WaoI+D+RhJF4I6oRaMzXGfa3Q51ds7xDnRO3Cw
TJlSuKA7JF7zdCM3JM9mHn5/S7ahg6IXrSz1Wmvif2R0eTFasIxMXJhVjguZy+Fl
I0uZ3Ft3rPeUlF8eYM6PWbjcurJpnOlHmhaShAoospvrxOZXbO6K4hj4hgnY4neJ
9OkG+jVyzdbz26AoquPJWQbojrZ5RMpzDMkSsIC1yWEvdYnbe7nqA0g20StmUl2w
TqAxViWf4322OU30en2PtjPt4KL0c6gPR1VExIfT4VAgiVeWH7yhI478yXAysTvk
f9Jh+h7t0CapwpXGOXQJ
=4GeF
-----END PGP SIGNATURE-----
--a+b56+3nqLzpiR9O--
--===============7876380578359048242==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============7876380578359048242==--
|
|
|
|
