Debian Security Advisory 5484-1

Debian Security Advisory 5484-1: Posted Aug 28, 2023; Authored by Debian | Site debian.org; Debian Linux Security Advisory 5484-1 - Zac Sims discovered a directory traversal in the URL decoder of librsvg, a SAX-based renderer library for SVG files, which could result in read of arbitrary files when processing a specially crafted SVG file with an include element.; tags | advisory, arbitrary; systems | linux, debian; advisories | CVE-2023-38633; SHA-256 | 68217fd1bf54af9f988610bfdb0f9312a6e81a903dfa057c272c6ded66b9df1d; Download | Favorite | View

Debian Security Advisory 5484-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5484-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
August 27, 2023                       https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : librsvg
CVE ID         : CVE-2023-38633
Debian Bug     : 1041810

Zac Sims discovered a directory traversal in the URL decoder of librsvg,
a SAX-based renderer library for SVG files, which could result in read
of arbitrary files when processing a specially crafted SVG file with an
include element.

For the oldstable distribution (bullseye), this problem has been fixed
in version 2.50.3+dfsg-1+deb11u1.

For the stable distribution (bookworm), this problem has been fixed in
version 2.54.7+dfsg-1~deb12u1.

We recommend that you upgrade your librsvg packages.

For the detailed security status of librsvg please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/librsvg

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmTrXKhfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0TYkg//Q+FWCbAqpcLPI+InN0nga0wROM6JVxX3CVPTg6/4U0XKjPRmx4wlX6Rv
RPk1n4M8I7pjdtXT1PfdVsXpwT1+mFewUkOb4aLkuX5+0NOJbxAS6L6Oo1jNs4r0
PJYPcda7edePoIScJ2vH14/yhJs+7ROV3hI0to5CpxT5KejGLTbkhWSs79YMvHxZ
BPLcSE/NDOCkDzlJ1aVBndmvgqQGujN7hvjynIi8IGEXrPAofqHO1pfVGtBWtK5o
ajXwxdAU2t0+wy4Lc0U2NPDF6r9QIeZidamJ0yfgPbuiU4WCx1lbkCAMG4Bf6m5S
4JqbQmgc+rZCBHy3zaKlipFOEyPe2tfrcvH8zljRXSiKL5P0zMwVeYIRsQj3lUvP
ge+xV8Gqod99uv4fgN19OWvcP5HOiXxQnkRtReYiQgKut8W0HAXydCsrctAB2Xvp
rYIbsnR1lU8dBAaLqnC/nwrsLVLUv7y1oKDDNjXmNT/aF/ISVF70WVywQK/LbhXI
yECoGe+TeoxGjCjT+N/PibL3pMIZ/c8ZLMyH+2+Ad/oD614hPVbe7CUmRCX7Vz2a
x8v47b4JY2skki9XdASkKsyvBq9Xus6ZY04D0tTj87wF0Vr4iBAbnFWSJnw2tFVL
wn7/ncNkpU/MONR8CAPvhgBc8n/nfF9Fbg6ubEeAHdzlp8EOom8=
=uwUe
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 276 files
Ubuntu 65 files
Debian 25 files
Gentoo 16 files
LiquidWorm 10 files
nu11secur1ty 5 files
kai6u 3 files
Adam Gowdiak 3 files
liquidsky 3 files
gabe_k 3 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,028)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,483)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,509)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,710)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,480)
UNIX (9,395)
UnixWare (187)
Windows (6,653)
Other

Debian Security Advisory 5484-1

Debian Security Advisory 5484-1

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 5484-1

Share This

Debian Security Advisory 5484-1

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems