Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2018.0439 A vulnerability has been identified in librsvg 14 February 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: librsvg Publisher: Debian Operating System: Debian GNU/Linux 7 Linux variants Impact/Access: Access Confidential Data -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2018-1000041 Original Bulletin: https://lists.debian.org/debian-lts-announce/2018/02/msg00013.html Comment: This advisory references vulnerabilities in products which run on platforms other than Debian. It is recommended that administrators running librsvg check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : librsvg Version : 2.36.1-2+deb7u3 CVE ID : CVE-2018-1000041 It was discovered that there was an input validation vulnerability in the librsvg renderer library that could result in data being leaked to remote attackers via a specially-crafted file. For Debian 7 "Wheezy", this issue has been fixed in librsvg version 2.36.1-2+deb7u3. We recommend that you upgrade your librsvg packages. Regards, - - -- ,''`. : :' : Chris Lamb `. `'` lamby@debian.org / chris-lamb.co.uk `- - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlqBYs4ACgkQHpU+J9Qx HlgIrg/9HdTExQGhKuVrLNWMxfkxjjiJgVno+4Ku8QzwTADwvPC61mV0TPzZOvZR Ph6G+CdvANmJ9/SpXaZm0TcexsBOTZaP88li4jgkJKruEWdUlMTkkIX4KR9F6g2r BHZ6nSBxN25nsDRVZ9wbEC/yfNbYXnXMoMjgVV09EGEM0rOTr0TtlwRCbNL+ZKJS +VH7QbXW0S4dSqfNDM+Kuo1pAy3LWghjxZLpWQwWxm2P12WG5ZKe8CR1sGdIMwd0 A0cVAks3kqofOw0fwCKZVPY62GBzmrXKUHpDJ4g83/D2v6DHQQdHXZkswoumMtOl vW2+DmN3kMNtKvurwXp5iLlt94/kkgQVXRcQskNi568aM1E8auM+z0y8d14/9Hzw bs1BFvdWTuLBEQ3Yju/nZKb/7ERk3wGp7uHLh9R2wqBb0VXjUhxyKdfRBoolIXqS yUVUgyax6VxDOS6cCD5+xzcwQImi3WGfflHBYi4/wC5NFkHzjMIsu1Sgr66QKmBa q5uw0tmBWPqzrfgGtR0PT2638Q6BbfDw5VrorID7bQ7gSD95xSzqiAUvyHYOPuJy 5Zp1bh7UMWQr+RxVrvaC2d6NT6PRo9M5e8PT2DuD7X+zhYpYWI44bFr6t7oezyUy aX/JbUrc+Nqr5yYGQZBhDXl1UXkwt+/DgIZdxsVosAHzgx7j6as= =KrND - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWoOTQ4x+lLeg9Ub1AQhWXQ/9HTM59QHFs5mdZ9IENfOg2U8aaeBvU7qo RYJ1meXnub8lhuDfiKN8pL4z3SkhwXneyPy2cf/wVJ5Z0B3YaP2u1r4iPZtOoy+A eensOkKliSrAL//fV9mUOZk7FlRlPuyiSq1punilKKYejovjM706cEo07ehbxBpL MaicjZEtRyyHporWBa4nQlgba0y6tXgLLdyPFgxwXbVGoj1nT/wLFtqOSzVRYB1b 3uCqBTitKtAA+XlEuHqBmnawmmvuh4og2VLtmFsJ9sLD5IRJVkGmSU2cXVYowOo2 sO7Bl3nfI36A2Jpljdp1eORJKaGBAzILgNNPoj9GD1wMvY3F8B2dPQSJJyWCnr68 rIdXLGEW0ZbBfHhUA6Ng1uGYqAkY2PHm7pein7NiIrUvbVAop5xXSYzXw5jbqXOs eljIWqxrKwr2XMChg7L4HpuXyle7DDGu+HSKYNeKht9rLl7IrP4SBd2H4eyUDUhZ vDOma8GiInOm5We61tYEn+plqbWN8FEue0i0l+KULUuBrBEC9Nv+DvH4K+FehcxE CHpbN55LNyB0w16BiFc9jMtN0h9uxDzRVqDGpb5qWrJF0EJ9N6vLL2crlugmgqid OMojg2S1Cxuf7WmJe05PevBFmyIfbEgBmLYy77BrQU/G+fAuBab8Cpc2yGXvXFz+ 4a7lO4bhu+4= =xsuQ -----END PGP SIGNATURE-----