Mandriva Linux Security Advisory : librsvg (MDVSA-2014:009)
Medium Nessus Plugin ID 72023
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionUpdated librsvg and gtk+3.0 packages fix security vulnerability :
librsvg before version 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference (CVE-2013-1881).
For Business Server 1 gtk+3.0 has been patched to cope with the changes in SVG loading due to the fix in librsvg.
SolutionUpdate the affected packages.