Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Mageia 9: 2024-0068 critical: batik SSRF threat resolved

mageia
Calendar Grey March 16, 2024
Dist Mageia Esm H88
Revised mosaic bundles mitigate SSRF vulnerabilities within Apache XML, bolstering Mageia's protection. Uncover essential remedies.
The updated packages fix security vulnerabilities: Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar pr...

Summary

The updated packages fix security vulnerabilities: Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. (CVE-2022-38398) Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. (CVE-2022-38648) Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. (CVE-2022-40146) A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. (CVE-2022-41704) A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. (CVE-2022-42890)

References

- https://bugs.mageia.org/show_bug.cgi?id=30882

- https://www.openwall.com/lists/oss-security/2022/09/22/2

- https://www.openwall.com/lists/oss-security/2022/09/22/3

- https://www.openwall.com/lists/oss-security/2022/09/22/4

- https://www.openwall.com/lists/oss-security/2022/10/25/2

- https://www.openwall.com/lists/oss-security/2022/10/25/3

-

- https://ubuntu.com/security/notices/USN-6117-1

- https://www.cve.org/CVERecord?id=CVE-2022-38398

- https://www.cve.org/CVERecord?id=CVE-2022-38648

- https://www.cve.org/CVERecord?id=CVE-2022-40146

- https://www.cve.org/CVERecord?id=CVE-2022-41704

- https://www.cve.org/CVERecord?id=CVE-2022-42890

Topics%20covered

Topics Covered

security advisory update critical security fix SSRF Mageia server-side request forgery Batik Apache XML

Resolution

SRPMS

- 9/core/batik-1.14-4.1.mga9

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 16 Mar 2024
URL: https://advisories.mageia.org/MGASA-2024-0068.html
Type: security
CVE: CVE-2022-38398, CVE-2022-38648, CVE-2022-40146, CVE-2022-41704, CVE-2022-42890

Topics%20covered

Topics Covered

security advisory update critical security fix SSRF Mageia server-side request forgery Batik Apache XML

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here