Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 573
Alerts This Week
Warning Icon 1 573

Ubuntu 2548-1: Advisory on Batik Resource Usage (CVE-2015-0250, Moderate)

ubuntu
Calendar Grey March 25, 2015
Dist Ubuntu Esm H88
To address potential data exposure or resource overuse with Batik on Ubuntu, follow these essential steps for a secure and updated installation
Batik could be made to consume resources or expose sensitive information.

Summary

Batik could be made to consume resources or expose sensitive information.

Software Description:

- batik: xml.apache.org SVG Library

Details:

Nicolas Gregoire and Kevin Schaller discovered that Batik would load XML

external entities by default. If a user or automated system were tricked

into opening a specially crafted SVG file, an attacker could possibly

obtain access to arbitrary files or cause resource consumption.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.10:
  libbatik-java                   1.7.ubuntu-8ubuntu2.14.10.1

Ubuntu 14.04 LTS:
  libbatik-java                   1.7.ubuntu-8ubuntu2.14.04.1

Ubuntu 12.04 LTS:
  libbatik-java                   1.7.ubuntu-8ubuntu1.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-2548-1

CVE-2015-0250

March 25, 2015

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.