Test ID:	1.3.6.1.4.1.25623.1.1.1.1.2023.5382
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-5382-1)
Summary:	The remote host is missing an update for the Debian 'cairosvg' package(s) announced via the DSA-5382-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'cairosvg' package(s) announced via the DSA-5382-1 advisory. Vulnerability Insight: It was reported that cairosvg, a SVG converter based on Cairo, can send requests to external hosts when processing specially crafted SVG files with external file resource loading. An attacker can take advantage of this flaw to perform a server-side request forgery or denial of service. Fetching of external files is disabled by default with this update. For the stable distribution (bullseye), this problem has been fixed in version 2.5.0-1.1+deb11u1. We recommend that you upgrade your cairosvg packages. For the detailed security status of cairosvg please refer to its security tracker page at: [link moved to references] Affected Software/OS: 'cairosvg' package(s) on Debian 11. Solution: Please install the updated package(s). CVSS Score: 6.6 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:N/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2023-27586 https://github.com/Kozea/CairoSVG/commit/12d31c653c0254fa9d9853f66b04ea46e7397255 https://github.com/Kozea/CairoSVG/commit/33007d4af9195e2bfb2ff9af064c4c2d8e4b2b53 https://github.com/Kozea/CairoSVG/releases/tag/2.7.0 https://github.com/Kozea/CairoSVG/security/advisories/GHSA-rwmf-w63j-p7gv
Copyright	Copyright (C) 2023 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.