Explore top 10 tips to secure your open-source projects now. Read More
×
Batik could be made to consume resources or expose sensitive information.
Software Description:
- batik: xml.apache.org SVG Library
Details:
Nicolas Gregoire and Kevin Schaller discovered that Batik would load XML
external entities by default. If a user or automated system were tricked
into opening a specially crafted SVG file, an attacker could possibly
obtain access to arbitrary files or cause resource consumption.
The problem can be corrected by updating your system to the following package versions: Ubuntu 14.10: libbatik-java 1.7.ubuntu-8ubuntu2.14.10.1 Ubuntu 14.04 LTS: libbatik-java 1.7.ubuntu-8ubuntu2.14.04.1 Ubuntu 12.04 LTS: libbatik-java 1.7.ubuntu-8ubuntu1.1 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-2548-1
CVE-2015-0250
Get the latest Linux and open source security news straight to your inbox.