librsvg could be made to expose sensitive information.
Software Description:
- librsvg: renderer library for SVG files
Details:
Zac Sims discovered that librsvg incorrectly handled decoding URLs. A
remote attacker could possibly use this issue to read arbitrary files by
using an include element.
The problem can be corrected by updating your system to the following package versions: Ubuntu 23.04: librsvg2-2 2.54.5+dfsg-1ubuntu2.1 Ubuntu 22.04 LTS: librsvg2-2 2.52.5+dfsg-3ubuntu0.2 Ubuntu 20.04 LTS: librsvg2-2 2.48.9-1ubuntu0.20.04.4 After a standard system update you need to restart your session to make all the necessary changes.
https://ubuntu.com/security/notices/USN-6266-1
CVE-2023-38633
Get the latest Linux and open source security news straight to your inbox.