Wednesday, January 30, 2013

[USN-1712-1] Inkscape vulnerabilities

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBCgAGBQJRCUIkAAoJEGVp2FWnRL6TZVoQALbm1Jz+30eHPX9vb2kWFpzw
9YpPQ/PehtvjB/Rf4IhVVb8GWj9lXCOeqe8OfLy9FBlnUdX7G2KiFa2vL9TZ+q74
qXPOrvLFRLTZx0YnYKrlnESarODtj5r1v0/kDLAGX8U0QYfkKDnyZgFkTNkqVyKq
xmM+8juimp05Z174MOHR+qzo0y5tbrSNeeADCIdbb7ayW7IjavSx4/+Hg8jQiyqQ
d0SPo8nfNalgQ86Lb+4yR5SVhw0Obfu7u08xQ7/Dn5vceuiPZOQBbFJX2z2O4xoC
rzRO0LOXUBddSck0w7PHzLT1F+0HDzzMCElDlJvJgUmhwwvjmMTDFuuxxVIIMtwQ
pvKyUm/WjZLgDJ0MhJwNkl4TL/bF8zAK5NEXteDq13E9yW2YX8m/KmggxGpM8z8C
F6DLv4T/GX9Nw35HlP41hnM9/FAFaq9sjbC3YZRaApZMGEHri0YEaXrr1PbOW8y7
pKYKQ8zL7Z6+YDrRnUOd5hE5YBdVOj497LoTox0s8TcJ+Fq9uR3n7slWvg8U7x33
edGvmIyrsqApi26jHZYCuG0K6u7miQABl7hkFboZCFclzpCTRon3/u0+INGmjcoU
/NGV28Xq3GOws8HmdidhCahRnuDn3fxYD+woA28iXaJzWQh14+D5dbgGA5FU6Xhg
xtPJlei6oYwGyd1McASK
=+Oud
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1712-1
January 30, 2013

inkscape vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in Inkscape.

Software Description:
- inkscape: vector-based drawing program

Details:

It was discoverd that Inkscape incorrectly handled XML external entities in
SVG files. If a user were tricked into opening a specially-crafted SVG
file, Inkscape could possibly include external files in drawings, resulting
in information disclosure. (CVE-2012-5656)

It was discovered that Inkscape attempted to open certain files from the
/tmp directory instead of the current directory. A local attacker could
trick a user into opening a different file than the one that was intended.
This issue only applied to Ubuntu 11.10, Ubuntu 12.04 LTS and Ubuntu 12.10.
(CVE-2012-6076)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.10:
inkscape 0.48.3.1-1ubuntu6.1

Ubuntu 12.04 LTS:
inkscape 0.48.3.1-1ubuntu1.1

Ubuntu 11.10:
inkscape 0.48.2-0ubuntu1.1

Ubuntu 10.04 LTS:
inkscape 0.47.0-2ubuntu2.1

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1712-1
CVE-2012-5656, CVE-2012-6076

Package Information:
https://launchpad.net/ubuntu/+source/inkscape/0.48.3.1-1ubuntu6.1
https://launchpad.net/ubuntu/+source/inkscape/0.48.3.1-1ubuntu1.1
https://launchpad.net/ubuntu/+source/inkscape/0.48.2-0ubuntu1.1
https://launchpad.net/ubuntu/+source/inkscape/0.47.0-2ubuntu2.1

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)