[Frugalware-security] [ FSA-140 ] inkscape
voroskoi
noreply at frugalware.org
Wed Mar 28 12:31:11 CEST 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Frugalware Security Advisory FSA-140
Date: 2007-03-28
Package: inkscape
Vulnerable versions: <= 0.45-1
Unaffected versions: >= 0.45.1-1terminus1
Related bugreport: http://bugs.frugalware.org/task/1857
CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1463
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1464
Description
===========
Some vulnerabilities have been reported in Inkscape, which potentially can be exploited by malicious people to compromise a user's system.
1) A format string error exists in certain dialogs. This can be exploited to execute arbitrary code by tricking the user into opening a specially crafted URI containing format string specifiers.
2) A format string error exists in the Whiteboard Jabber client, which potentially can be exploited to execute arbitrary code. Successful exploitation requires that the user is logged in to a Jabber server.
Updated Packages
================
Check if you have inkscape installed:
# pacman -Q inkscape
If found, then you should upgrade to the latest version:
# pacman -Sy inkscape
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: See http://ftp.frugalware.org/pub/README.GPG for info
iD8DBQFGCkPvZ7NElSD1VhkRApPCAJ96DaEIlTxKiNaGDAfoCLdh/nU4/ACcDb3w
8UgNHGKKy2AUhP7C6JT8bD0=
=Q0Nc
-----END PGP SIGNATURE-----
More information about the Frugalware-security
mailing list