MDVSA-2012:061 -- Mandriva raptorID: oval:org.secpod.oval:def:302841 | Date: (C)2012-12-20 (M)2024-02-19 |
Class: PATCH | Family: unix |
An XML External Entity expansion flaw was found in the way Raptor processed RDF files. If an application linked against Raptor were to open a specially-crafted RDF file, it could possibly allow a remote attacker to obtain a copy of an arbitrary local file that the user running the application had access to. A bug in the way Raptor handled external entities could cause that application to crash or, possibly, execute arbitrary code with the privileges of the user running the application . The updated packages have been patched to correct this issue. raptor2 for Mandriva Linux 2011 has been upgraded to the 2.0.7 version which is not vulnerable to this issue.
Platform: |
Mandriva Linux 2011.0 |
Mandriva Linux 2010.1 |