Wednesday, March 25, 2015

[USN-2548-1] Batik vulnerability

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJVErIeAAoJEGVp2FWnRL6T6foQAKT6gZTrXiea3spJVu/12p/U
CQaoB9swltYm73QdOF0po787Kg6YahIvrHZoFCHGPKiA68YwCk/ZtmbshYFsC5w8
MQoDGXHFhBF9zctfhvLoVHEmxLkQA1sbXLQcIRCr1Rsw9xyc95L5fT/O1FABZNtS
dheSSihK2YZ6TTguYxh4FGYdLnVTzhJI/O8Te0E8h1l7BSiD1KocMypKWB8dsUzb
DzCL6yqkXS6NHFlR3inYnyBnPe35R8StZ0qwh755r3tNtqmGByCFrKpcoGfwY7Qb
tCYd4NUcFqYUmaEynu9VzK2qu3yQAyB0z6Bz8AHVWij7/cC32qoy4BmA8gK4ySTb
0P0WxVNe9nWEq57MNuzNc9yC14auzEVhOwWfZal/D3d5X5qnHfcijF8HfJRlPqs1
LNdbJnqyRmfHAksQn0AW0v/bJEjq23x2WC71gSUa/PfT9HmBA0MTyD3zoH0H40sy
RLSesFuw2YWkH8oE8dqBZIMspVTDgN1GMev3dEuuhd3jPAsPvKh++cEPFV9z7U/U
9ECb0/Wpcu4XlTBJiD8y6m7JMd1g+3uiY0j8UngXR2r8QFOmmLmRcA9WhlHHp/ZD
2rYFvdh1bS6sEW8vR/ukC+57+njF2yGUrM0RYrFlHT2DfHUSKf+XlyiyrUQyeqEg
4y36LysPvyOM7Z9SdoFN
=MA86
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2548-1
March 25, 2015

batik vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS

Summary:

Batik could be made to consume resources or expose sensitive information.

Software Description:
- batik: xml.apache.org SVG Library

Details:

Nicolas Gregoire and Kevin Schaller discovered that Batik would load XML
external entities by default. If a user or automated system were tricked
into opening a specially crafted SVG file, an attacker could possibly
obtain access to arbitrary files or cause resource consumption.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.10:
libbatik-java 1.7.ubuntu-8ubuntu2.14.10.1

Ubuntu 14.04 LTS:
libbatik-java 1.7.ubuntu-8ubuntu2.14.04.1

Ubuntu 12.04 LTS:
libbatik-java 1.7.ubuntu-8ubuntu1.1

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2548-1
CVE-2015-0250

Package Information:
https://launchpad.net/ubuntu/+source/batik/1.7.ubuntu-8ubuntu2.14.10.1
https://launchpad.net/ubuntu/+source/batik/1.7.ubuntu-8ubuntu2.14.04.1
https://launchpad.net/ubuntu/+source/batik/1.7.ubuntu-8ubuntu1.1

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)