Ubuntu Security Notice 1712-1 - It was discovered that Inkscape incorrectly handled XML external entities in SVG files. If a user were tricked into opening a specially-crafted SVG file, Inkscape could possibly include external files in drawings, resulting in information disclosure. It was discovered that Inkscape attempted to open certain files from the /tmp directory instead of the current directory. A local attacker could trick a user into opening a different file than the one that was intended. This issue only applied to Ubuntu 11.10, Ubuntu 12.04 LTS and Ubuntu 12.10. Various other issues were also addressed.
ad9711511dcca224388d073b2dfe23803a095bc6b5187c2009d479f41de3f37d
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed