Ubuntu Security Notice 2149-1 - It was discovered that librsvg would load XML external entities by default. If a user were tricked into viewing a specially crafted SVG file, an attacker could possibly obtain access to arbitrary files.
543f622bfe3bb7fe528fc224f4699359de9f4893eb9828f3de40efa064f6ece8
Ubuntu Security Notice 2149-2 - USN-2149-1 fixed a vulnerability in librsvg. This update provides a compatibility fix for GTK+ to work with the librsvg security update. It was discovered that librsvg would load XML external entities by default. If a user were tricked into viewing a specially crafted SVG file, an attacker could possibly obtain access to arbitrary files. Various other issues were also addressed.
8cde872057a3b59093e5f6af791629f3c92de754c70fd76ca0e552652468a8e0
Red Hat Security Advisory 2014-0127-01 - The librsvg2 packages provide an SVG library based on libart. An XML External Entity expansion flaw was found in the way librsvg2 processed SVG files. If a user were to open a malicious SVG file, a remote attacker could possibly obtain a copy of the local resources that the user had access to. All librsvg2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications that use librsvg2 must be restarted for this update to take effect.
fcbc112c2011bbfaa630a03173d317b36980caa81e028f8712270b3e2516fabe
Mandriva Linux Security Advisory 2014-009 - librsvg before version 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference. For Business Server 1 gtk+3.0 has been patched to cope with the changes in SVG loading due to the fix in librsvg.
a8a5daad2c6d3d3246c089eaf7364d8a45fe880d93a700d893540b19bc9de1d3