1. Ubuntu Security Notices
  2. USN-1480-1

USN-1480-1: Raptor vulnerability

Publication date

18 June 2012

Overview

Applications using Raptor could be made to expose sensitive information or run programs as your login if they opened a specially crafted file.

Releases

Packages

  • raptor - Raptor RDF parser and serializer library

Details

Timothy D. Morgan discovered that Raptor would unconditionally load XML
external entities. If a user were tricked into opening a specially crafted
document in an application linked against Raptor, an attacker could
possibly obtain access to arbitrary files on the user’s system or
potentially execute arbitrary code with the privileges of the user invoking
the program.

Timothy D. Morgan discovered that Raptor would unconditionally load XML
external entities. If a user were tricked into opening a specially crafted
document in an application linked against Raptor, an attacker could
possibly obtain access to arbitrary files on the user’s system or
potentially execute arbitrary code with the privileges of the user invoking
the program.

Update instructions

After a standard system update you need to restart any applications which use Raptor, such as OpenOffice.org or LibreOffice, to make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
12.04 precise libraptor1 –  1.4.21-7ubuntu0.1
11.10 oneiric libraptor1 –  1.4.21-5ubuntu0.1
11.04 natty libraptor1 –  1.4.21-2ubuntu0.1
10.04 lucid libraptor1 –  1.4.21-1ubuntu1.1

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›