Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2023.0126
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2023-0126)
Zusammenfassung:	The remote host is missing an update for the 'python-cairosvg' package(s) announced via the MGASA-2023-0126 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'python-cairosvg' package(s) announced via the MGASA-2023-0126 advisory. Vulnerability Insight: CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to version 2.7.0, Cairo can send requests to external hosts when processing SVG files. A malicious actor could send a specially crafted SVG file that allows them to perform a server-side request forgery or denial of service. Version 2.7.0 disables CairoSVG's ability to access other files online by default. (CVE-2023-27586) Affected Software/OS: 'python-cairosvg' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 6.6 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:N/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2023-27586 https://github.com/Kozea/CairoSVG/commit/12d31c653c0254fa9d9853f66b04ea46e7397255 https://github.com/Kozea/CairoSVG/commit/33007d4af9195e2bfb2ff9af064c4c2d8e4b2b53 https://github.com/Kozea/CairoSVG/releases/tag/2.7.0 https://github.com/Kozea/CairoSVG/security/advisories/GHSA-rwmf-w63j-p7gv
Copyright	Copyright (C) 2023 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.