Advisories

Mandriva Advisories

Package name	inkscape
Date	March 22nd, 2007
Advisory ID	MDKSA-2007:069
Affected versions	2007.0
Synopsis	Updated inkscape packages to format string vulnerability

Problem Description

Format string vulnerability in Inkscape before 0.45.1 allows
user-assisted remote attackers to execute arbitrary code via format
string specifiers in a URI, which is not properly handled by certain
dialogs.

Updated packages have been patched to address this issue.

Updated Packages

Mandriva Linux 2007

 5f11975b5aeae4ea6ff5c96f2e433baa  2007.0/i586/inkscape-0.44-4.1mdv2007.0.i586.rpm 
 626bb6d54333ee2e86cd13353952b95a  2007.0/SRPMS/inkscape-0.44-4.1mdv2007.0.src.rpm

Mandriva Linux 2007/X86_64

 a42bb3246e026d19031a72b963649917  2007.0/x86_64/inkscape-0.44-4.1mdv2007.0.x86_64.rpm 
 626bb6d54333ee2e86cd13353952b95a  2007.0/SRPMS/inkscape-0.44-4.1mdv2007.0.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1463

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.

URL:

https://mandriva.com/security/advisories

Short link:

https://mandriva.com/content/view/full/1075

Intersites Menu

Mandriva

Tools

Top menu

Advisories

Footer