Packages
- inkscape - vector-based drawing program
Details
It was discoverd that Inkscape incorrectly handled XML external entities in
SVG files. If a user were tricked into opening a specially-crafted SVG
file, Inkscape could possibly include external files in drawings, resulting
in information disclosure. (CVE-2012-5656)
It was discovered that Inkscape attempted to open certain files from the
/tmp directory instead of the current directory. A local attacker could
trick a user into opening a different file than the one that was intended.
This issue only applied to Ubuntu 11.10, Ubuntu 12.04 LTS and Ubuntu 12.10.
(CVE-2012-6076)
It was discoverd that Inkscape incorrectly handled XML external entities in
SVG files. If a user were tricked into opening a specially-crafted SVG
file, Inkscape could possibly include external files in drawings, resulting
in information disclosure. (CVE-2012-5656)
It was discovered that Inkscape attempted to open certain files from the
/tmp directory instead of the current directory. A local attacker could
trick a user into opening a different file than the one that was intended.
This issue only applied to Ubuntu 11.10, Ubuntu 12.04 LTS and Ubuntu 12.10.
(CVE-2012-6076)
Update instructions
In general, a standard system update will make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 12.10 quantal | inkscape – 0.48.3.1-1ubuntu6.1 | ||
| 12.04 precise | inkscape – 0.48.3.1-1ubuntu1.1 | ||
| 11.10 oneiric | inkscape – 0.48.2-0ubuntu1.1 | ||
| 10.04 lucid | inkscape – 0.47.0-2ubuntu2.1 | ||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.