Mageia 2021-0168: batik security update | LinuxSecurity.com

What Are You Looking For?

Popular Tags

Contribute
MGASA-2021-0168 - Updated batik packages fix security vulnerabilities

Publication date: 02 Apr 2021
URL: https://advisories.mageia.org/MGASA-2021-0168.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2019-17566,
     CVE-2020-11987

A flaw was found in the Apache Batik library, where it is vulnerable to a
Server-Side Request Forgery attack (SSRF) via "xlink:href" attributes. This
flaw allows an attacker to cause the underlying server to make arbitrary GET
requests. The highest threat from this vulnerability is to system integrity
(CVE-2019-17566).

The Apache Batik library is vulnerable to SSRF via the NodePickerPanel that
allow an attacker to cause the underlying server to make arbitrary GET requests
(CVE-2020-11987).

References:
- https://bugs.mageia.org/show_bug.cgi?id=26800
- https://www.openwall.com/lists/oss-security/2021/02/24/2
- https://xmlgraphics.apache.org/security.html
- https://lists.fedoraproject.org/archives/list/[email protected]/thread/N3V3MJVGDUNTVPXXGYR335PZJJK7LDXC/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17566
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11987

SRPMS:
- 7/core/batik-1.13-1.3.mga7

Mageia 2021-0168: batik security update

A flaw was found in the Apache Batik library, where it is vulnerable to a Server-Side Request Forgery attack (SSRF) via "xlink:href" attributes

Summary

A flaw was found in the Apache Batik library, where it is vulnerable to a Server-Side Request Forgery attack (SSRF) via "xlink:href" attributes. This flaw allows an attacker to cause the underlying server to make arbitrary GET requests. The highest threat from this vulnerability is to system integrity (CVE-2019-17566).
The Apache Batik library is vulnerable to SSRF via the NodePickerPanel that allow an attacker to cause the underlying server to make arbitrary GET requests (CVE-2020-11987).

References

- https://bugs.mageia.org/show_bug.cgi?id=26800

- https://www.openwall.com/lists/oss-security/2021/02/24/2

- https://xmlgraphics.apache.org/security.html

- https://lists.fedoraproject.org/archives/list/[email protected]/thread/N3V3MJVGDUNTVPXXGYR335PZJJK7LDXC/

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17566

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11987

Resolution

MGASA-2021-0168 - Updated batik packages fix security vulnerabilities

SRPMS

- 7/core/batik-1.13-1.3.mga7

Severity
Publication date: 02 Apr 2021
URL: https://advisories.mageia.org/MGASA-2021-0168.html
Type: security
CVE: CVE-2019-17566, CVE-2020-11987

Related News

How OpenSSF Aims to Make Log4j-Like Incidents Rare

New Mirai Botnet Variant 'V3G4' Exploiting 13 Flaws to Target Linux and IoT Devices

Linux 6.3 To Support Pluton's CRB TPM2 On AMD Ryzen CPUs

7 Mistakes New Linux Users Make (and How to Avoid Them)

News

Advisories

HOWTOs

Features

Best Linux Backup Solutions to Prevent Data Loss in A Ransomware Attack
ManageEngine Vulnerability Manager Plus: How To Protect Your Enterprise from Security Vulnerabilities
High-Impact DoS, Arbitrary Code Execution, Spoofing Bugs Fixed in Thunderbird 102.9.0
A Guide to Business Cybersecurity: Common Digital Attacks and Precautions
New Linux IceFire Ransomware Variant Discovered: What You Need to Know to Secure Your Systems

About Us

Powered By

Footer Logo

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

Learn More About Our Cookie Policy