ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2023.0126
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2023-0126)
Resumen:	The remote host is missing an update for the 'python-cairosvg' package(s) announced via the MGASA-2023-0126 advisory.
Descripción:	Summary: The remote host is missing an update for the 'python-cairosvg' package(s) announced via the MGASA-2023-0126 advisory. Vulnerability Insight: CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to version 2.7.0, Cairo can send requests to external hosts when processing SVG files. A malicious actor could send a specially crafted SVG file that allows them to perform a server-side request forgery or denial of service. Version 2.7.0 disables CairoSVG's ability to access other files online by default. (CVE-2023-27586) Affected Software/OS: 'python-cairosvg' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 6.6 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:N/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2023-27586 https://github.com/Kozea/CairoSVG/commit/12d31c653c0254fa9d9853f66b04ea46e7397255 https://github.com/Kozea/CairoSVG/commit/33007d4af9195e2bfb2ff9af064c4c2d8e4b2b53 https://github.com/Kozea/CairoSVG/releases/tag/2.7.0 https://github.com/Kozea/CairoSVG/security/advisories/GHSA-rwmf-w63j-p7gv
Copyright	Copyright (C) 2023 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.