USN-1712-1: Inkscape vulnerabilities
Ubuntu Security Notice USN-1712-1
30th January, 2013
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 10.04 LTS
Several security issues were fixed in Inkscape.
- inkscape - vector-based drawing program
It was discoverd that Inkscape incorrectly handled XML external entities in
SVG files. If a user were tricked into opening a specially-crafted SVG
file, Inkscape could possibly include external files in drawings, resulting
in information disclosure. (CVE-2012-5656)
It was discovered that Inkscape attempted to open certain files from the
/tmp directory instead of the current directory. A local attacker could
trick a user into opening a different file than the one that was intended.
This issue only applied to Ubuntu 11.10, Ubuntu 12.04 LTS and Ubuntu 12.10.
The problem can be corrected by updating your system to the following package version:
- Ubuntu 12.10:
- inkscape 0.48.3.1-1ubuntu6.1
- Ubuntu 12.04 LTS:
- inkscape 0.48.3.1-1ubuntu1.1
- Ubuntu 11.10:
- inkscape 0.48.2-0ubuntu1.1
- Ubuntu 10.04 LTS:
- inkscape 0.47.0-2ubuntu2.1
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.