Ubuntu Security Notice (C) 2013-2014 Canonical, Inc. / NASL script (C) 2013-2014 Tenable Network Security, Inc.
The remote Ubuntu host is missing a security-related patch.
It was discoverd that Inkscape incorrectly handled XML external
entities in SVG files. If a user were tricked into opening a specially
crafted SVG file, Inkscape could possibly include external files in
drawings, resulting in information disclosure. (CVE-2012-5656)
It was discovered that Inkscape attempted to open certain files from
the /tmp directory instead of the current directory. A local attacker
could trick a user into opening a different file than the one that was
intended. This issue only applied to Ubuntu 11.10, Ubuntu 12.04 LTS
and Ubuntu 12.10. (CVE-2012-6076).
Update the affected inkscape package.
Risk factor :
Medium / CVSS Base Score : 4.4