Sauli Pahlman discovered that librsvg did not correctly handle malformed filter names. If a user or automated system were tricked into processing a specially crafted SVG image, a remote attacker could gain user privileges. Updated packages are available from security.ubuntu.com.
========================================================================== Ubuntu Security Notice USN-1206-1 September 13, 2011 librsvg vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS Summary: SVG image rendering library has had flaws fixed. Software Description: - librsvg: Rendering library for SVG files Details: Sauli Pahlman discovered that librsvg did not correctly handle malformed filter names. If a user or automated system were tricked into processing a specially crafted SVG image, a remote attacker could gain user privileges. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.04: librsvg2-2 2.32.1-0ubuntu3.1 librsvg2-bin 2.32.1-0ubuntu3.1 librsvg2-common 2.32.1-0ubuntu3.1 librsvg2-dev 2.32.1-0ubuntu3.1 Ubuntu 10.10: librsvg2-2 2.32.0-0ubuntu1.1 librsvg2-bin 2.32.0-0ubuntu1.1 librsvg2-common 2.32.0-0ubuntu1.1 librsvg2-dev 2.32.0-0ubuntu1.1 Ubuntu 10.04 LTS: librsvg2-2 2.26.3-0ubuntu1.1 librsvg2-bin 2.26.3-0ubuntu1.1 librsvg2-common 2.26.3-0ubuntu1.1 librsvg2-dev 2.26.3-0ubuntu1.1 After a standard system update you need to restart your session to make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1206-1 CVE-2011-3146 Package Information: https://launchpad.net/ubuntu/+source/librsvg/2.32.1-0ubuntu3.1 https://launchpad.net/ubuntu/+source/librsvg/2.32.0-0ubuntu1.1 https://launchpad.net/ubuntu/+source/librsvg/2.26.3-0ubuntu1.1