All errata/sisyphus/ALT-PU-2023-8841-1
ALT-PU-2023-8841-1

Package update librsvg in branch sisyphus

Version2.56.3-alt1
Task#325321
Published2023-07-21
Max severityMEDIUM
Severity:

Closed issues (2)

BDU:2023-05427
MEDIUM5.5

Уязвимость механизма объединения XML-документов XInclude библиотеки отрисовки векторной графики librsvg, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Published: 2023-09-11Modified: 2024-04-27
CVSS 3.xMEDIUM 5.5
CVSS:3.x/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS 2.0MEDIUM 4.6
CVSS:2.0/AV:L/AC:L/Au:S/C:C/I:N/A:N
References
CVE-2023-38633
MEDIUM5.5

A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element.

Published: 2023-07-22Modified: 2024-11-21
CVSS 3.xMEDIUM 5.5
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
References