Updated librsvg and gtk+3.0 packages fix security vulnerability: librsvg before version 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference . For Business Server 1 gtk+3.0 has been patched to cope with the changes in SVG loading due to the fix in librsvg.