Forum Thread: Insecure python file within the Inkscape directories

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Inkscape
And, this specific program:
Inkscape 0.x

This thread has been marked as locked.
ParzivalRM Insecure python file within the Inkscape directories
Member 5th Feb, 2014 02:35
Ranking: 13
Posts: 42
User Since: 15th May, 2010
System Score: N/A
Location: AU
Secunia PSI 2.0.0.3003 reports that I had an old version of Python (version 2.7.3150.1013). I downloaded Python 2.6 and installed it, but Secunia still complained.

Then I realised that the insecure file was within the Inkscape installation directories:
* C:\Program Files\Inkscape-0.48\python\python27.dll
When I looked at the Inkscape installation files, there seems to be a full set of Python subdirectories there. I am using 64-bit Windows 7 Pro, and I only downloaded and installed Inkscape 64-bit a couple of hours ago.

So Inkscape has included an old version of Python in its installation --- I haven't seen such a thing for many years! I remember we used to find ancient Flash installers within the software of other programmes.

(I searched the new C:\Python 2.6 installation directories for a file named python27.dll, but C:\Python 2.6 has no file python27.dll anywhere. I was going to try swapping the new for the old, just to see what happened.)

What does one do about this situation?


Maurice Joyce RE: Insecure python file within the Inkscape directories
Handling Contributor 5th Feb, 2014 09:33
Score: 12325
Posts: 9,575
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Last edited on 5th Feb, 2014 09:46
There are many cases where Python is embedded. In most situations it is harmless & requires a database correction by Secunia so that it not detected as vulnerable.

If they do not respond to your thread in a timely manner I would write to them at support@secunia.com & ask them investigate & carry out the adjustment if necessary.

EDIT:
Have you noted that this programme is vulnerable?

https://secunia.com/advisories/41222/

--
Maurice

Microsoft Surface 4 Intel i7 64Bit
Windows 10 Pro version 1809 Build 17763.404
16 GB RAM
IE & Edge Only
Was this reply relevant?
+1
-0
This user no longer exists RE: Insecure python file within the Inkscape directories
Secunia Official 7th Feb, 2014 10:26
Hi,

Our filesignatures team has just updated the rules.
Please perform a new scan with the Secunia PSI and see if the issue has been solved.
ParzivalRM RE: Insecure python file within the Inkscape directories
Member 7th Feb, 2014 11:17
Score: 13
Posts: 42
User Since: 15th May 2010
System Score: N/A
Location: AU
I have just rescanned my PC and my notebook, and they are now both 100% --- always a nice result.

Thanks very much Maurice and M. Hansen for sorting this out.
Was this reply relevant?
+0
-0
Maurice Joyce RE: Insecure python file within the Inkscape directories
Handling Contributor 7th Feb, 2014 13:04
Score: 12325
Posts: 9,575
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Pleased to see you are all fixed up.

On that basis, I will lock this thread for you sometime tomorrow unless you post back asking for it to be left open.

This will protect your mail box from possible update emails from "tag on" posts

Secunia Support can always reopen threads by applying by email to: support@secunia.com

Have a nice weekend.




--
Maurice

Microsoft Surface 4 Intel i7 64Bit
Windows 10 Pro version 1809 Build 17763.404
16 GB RAM
IE & Edge Only
Was this reply relevant?
+0
-0
ParzivalRM RE: Insecure python file within the Inkscape directories
Member 8th Feb, 2014 00:45
Score: 13
Posts: 42
User Since: 15th May 2010
System Score: N/A
Location: AU
One further point, Maurice, before you close the thread.

I presume, from the advisory you refer to about the insecurities in InkScape, that I am perfectly safe provided that:
* I only work on my own InkScape files on my own computer, or
* I work on downloaded InkScape files, again only on my computer.
The problem seems only to arise when working on files resident on "a remote WebDAV or SMB share".
Was this reply relevant?
+0
-0
Maurice Joyce RE: Insecure python file within the Inkscape directories
Handling Contributor 8th Feb, 2014 02:16
Score: 12325
Posts: 9,575
User Since: 4th Jan 2009
System Score: N/A
Location: UK
I am no expert on how it actually affects that programme but I would certainly use it within the parameters you mention.

It is a very old vulnerability dated back to 1/9/2010.

I was under the impression from your previous post that Secunia was now showing your Inkscape as up to date & you have a 100% score?

--
Maurice

Microsoft Surface 4 Intel i7 64Bit
Windows 10 Pro version 1809 Build 17763.404
16 GB RAM
IE & Edge Only
Was this reply relevant?
+0
-0
ParzivalRM RE: Insecure python file within the Inkscape directories
Member 8th Feb, 2014 05:03
Score: 13
Posts: 42
User Since: 15th May 2010
System Score: N/A
Location: AU
Yes, Secunia is indeed 100%, with a very pleasant green colour. I was just following up on your earlier comment:
"Have you noted that this programme [InkScape] is vulnerable? https://secunia.com/advisories/41222"
and I thank you for that warning, because I didn't know that there was a problem.

I reckon that you can close this thread now.
Was this reply relevant?
+0
-0

This thread has been marked as locked.