Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : inkscape vulnerabilities (USN-1712-1)

Ubuntu Security Notice (C) 2013-2014 Canonical, Inc. / NASL script (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing a security-related patch.

Description :

It was discoverd that Inkscape incorrectly handled XML external
entities in SVG files. If a user were tricked into opening a specially
crafted SVG file, Inkscape could possibly include external files in
drawings, resulting in information disclosure. (CVE-2012-5656)

It was discovered that Inkscape attempted to open certain files from
the /tmp directory instead of the current directory. A local attacker
could trick a user into opening a different file than the one that was
intended. This issue only applied to Ubuntu 11.10, Ubuntu 12.04 LTS
and Ubuntu 12.10. (CVE-2012-6076).

Solution :

Update the affected inkscape package.

Risk factor :

Medium / CVSS Base Score : 4.4
(CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P)

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 64375 ()

Bugtraq ID:

CVE ID: CVE-2012-5656
CVE-2012-6076