Novell Home

CVE-2012-5656

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2012-5656 at MITRE

Description

The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack.

NVD CVSS v2 Base Score: 2.1 (AV:L/AC:L/Au:N/C:P/I:N/A:N)

Novell/SUSE information

Novell Bugzilla entry: 794958

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SLE 11 SP2 DEBUGINFO
  • inkscape-debuginfo >= 0.46-62.38.1
  • inkscape-debugsource >= 0.46-62.38.1
Builds
SAT Patch Nr: 7380
SUSE Linux Enterprise Desktop 11 SP2
SUSE Linux Enterprise Software Development Kit 11 SP2
  • inkscape >= 0.46-62.38.1
  • inkscape-extensions-dia >= 0.46-62.38.1
  • inkscape-extensions-extra >= 0.46-62.38.1
  • inkscape-extensions-fig >= 0.46-62.38.1
  • inkscape-extensions-gimp >= 0.46-62.38.1
  • inkscape-lang >= 0.46-62.38.1
Builds
SAT Patch Nr: 7380
SLE SDK 10 SP4 for IBM iSeries and IBM pSeries
SLE SDK 10 SP4 for IBM zSeries
SLE SDK 10 SP4 for IPF
SLE SDK 10 SP4 for X86-64
SLE SDK 10 SP4 for x86
SUSE Linux Enterprise Desktop 10 SP4 for AMD64 and Intel EM64T
SUSE Linux Enterprise Desktop 10 SP4 for x86
  • inkscape >= 0.43-20.22.1
Builds
ZYPP Patch Nr: 8471

© 2014 Novell