You are here
Home > Preporuke > Ranjivost programskog paketa batik

Ranjivost programskog paketa batik

by ncert - 0
  • Detalji os-a: LUB
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-2548-1
March 25, 2015

batik vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.10
– Ubuntu 14.04 LTS
– Ubuntu 12.04 LTS

Summary:

Batik could be made to consume resources or expose sensitive information.

Software Description:
– batik: xml.apache.org SVG Library

Details:

Nicolas Gregoire and Kevin Schaller discovered that Batik would load XML
external entities by default. If a user or automated system were tricked
into opening a specially crafted SVG file, an attacker could possibly
obtain access to arbitrary files or cause resource consumption.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.10:
libbatik-java 1.7.ubuntu-8ubuntu2.14.10.1

Ubuntu 14.04 LTS:
libbatik-java 1.7.ubuntu-8ubuntu2.14.04.1

Ubuntu 12.04 LTS:
libbatik-java 1.7.ubuntu-8ubuntu1.1

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2548-1
CVE-2015-0250

Package Information:
https://launchpad.net/ubuntu/+source/batik/1.7.ubuntu-8ubuntu2.14.10.1
https://launchpad.net/ubuntu/+source/batik/1.7.ubuntu-8ubuntu2.14.04.1
https://launchpad.net/ubuntu/+source/batik/1.7.ubuntu-8ubuntu1.1

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCgAGBQJVErIeAAoJEGVp2FWnRL6T6foQAKT6gZTrXiea3spJVu/12p/U
CQaoB9swltYm73QdOF0po787Kg6YahIvrHZoFCHGPKiA68YwCk/ZtmbshYFsC5w8
MQoDGXHFhBF9zctfhvLoVHEmxLkQA1sbXLQcIRCr1Rsw9xyc95L5fT/O1FABZNtS
dheSSihK2YZ6TTguYxh4FGYdLnVTzhJI/O8Te0E8h1l7BSiD1KocMypKWB8dsUzb
DzCL6yqkXS6NHFlR3inYnyBnPe35R8StZ0qwh755r3tNtqmGByCFrKpcoGfwY7Qb
tCYd4NUcFqYUmaEynu9VzK2qu3yQAyB0z6Bz8AHVWij7/cC32qoy4BmA8gK4ySTb
0P0WxVNe9nWEq57MNuzNc9yC14auzEVhOwWfZal/D3d5X5qnHfcijF8HfJRlPqs1
LNdbJnqyRmfHAksQn0AW0v/bJEjq23x2WC71gSUa/PfT9HmBA0MTyD3zoH0H40sy
RLSesFuw2YWkH8oE8dqBZIMspVTDgN1GMev3dEuuhd3jPAsPvKh++cEPFV9z7U/U
9ECb0/Wpcu4XlTBJiD8y6m7JMd1g+3uiY0j8UngXR2r8QFOmmLmRcA9WhlHHp/ZD
2rYFvdh1bS6sEW8vR/ukC+57+njF2yGUrM0RYrFlHT2DfHUSKf+XlyiyrUQyeqEg
4y36LysPvyOM7Z9SdoFN
=MA86
—–END PGP SIGNATURE—–

AutorTomislav Protega
Cert idNCERT-REF-2015-03-0015-ADV
CveCVE-2015-0250
ID izvornikaUSN-2548-1
Proizvodbatik
Izvorhttp://www.ubuntu.com
ncert
Top
More in Preporuke
Ranjivosti programskog paketa firefox

Otkrivene su dvije ranjivosti u web pregledniku Firefox za openSUSE. Prva ranjivost nalazila se u JIT-u (just-in-time compilation), a može...

Close