1. Ubuntu Security Notices
  2. USN-1901-1

USN-1901-1: Raptor vulnerability

Publication date

8 July 2013

Overview

Applications using Raptor could be made to expose sensitive information or run programs as your login if they opened a specially crafted file.

Releases

Packages

  • raptor2 - Raptor 2 RDF syntax library

Details

Timothy D. Morgan discovered that Raptor would unconditionally load XML
external entities. If a user were tricked into opening a specially crafted
document in an application linked against Raptor, an attacker could
possibly obtain access to arbitrary files on the user’s system or
potentially execute arbitrary code with the privileges of the user invoking
the program.

Timothy D. Morgan discovered that Raptor would unconditionally load XML
external entities. If a user were tricked into opening a specially crafted
document in an application linked against Raptor, an attacker could
possibly obtain access to arbitrary files on the user’s system or
potentially execute arbitrary code with the privileges of the user invoking
the program.

Update instructions

After a standard system update you need to restart any applications which use Raptor, such as LibreOffice, to make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
12.04 precise libraptor2-0 –  2.0.6-1ubuntu0.1

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›