Fedora has issued an advisory on December 19: http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095380.html The issue was fixed upstream in 0.48.4 (which we have in Cauldron). The upstream change to fix this is linked in the RedHat bug: https://bugzilla.redhat.com/show_bug.cgi?id=888249
CC: (none) => fundawang
Created attachment 3338 [details] PoC From https://bugs.launchpad.net/inkscape/+bug/1025185 inkscape -e xxe-inkscape.png xxe.svg
Whiteboard: (none) => has_procedure
If we wanted to patch it, it's not as simple as rediffing the upstream change, as the code has changed quite a bit. We probably need to just upgrade it to 0.48.4.
Updated package uploaded for Mageia 2. Advisory: ======================== Updated inkscape package fixes security vulnerability: An XML eXternal Entity (XXE) flaw was found in the way Inkscape before 0.48.4 performed rasterization of certain SVG images. A remote attacker could provide a specially-crafted SVG image that, when opened in inkscape would lead to arbitrary local file disclosure or denial of service (CVE-2012-5656). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5656 http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095380.html ======================== Updated packages in core/updates_testing: ======================== inkscape-0.48.4-1.mga2 from inkscape-0.48.4-1.mga2.src.rpm
Assignee: fundawang => qa-bugs
Testing complete mga2 64 Before, green square with /etc/passwd in it. After, green square without.
Whiteboard: has_procedure => has_procedure mga2-64-OK
Testing complete mga2 32 Validating Advisory & srpm in comment 3 Could sysadmin please push from core/updates_testing to core/updates Thanks!
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugsHardware: i586 => AllWhiteboard: has_procedure mga2-64-OK => has_procedure mga2-64-OK mga2-32-OK
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0006
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED
Ubuntu has issued an advisory today (January 30): http://www.ubuntu.com/usn/usn-1712-1/ It fixes this issue as well as CVE-2012-6076. According to Ubuntu, CVE-2012-6076 was also fixed in 0.48.4, so we're good. from http://lwn.net/Vulnerabilities/535218/