[ MDVSA-2015:203 ] batik

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:203
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : batik
 Date    : April 10, 2015
 Affected: Business Server 1.0, Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Updated batik packages fix security vulnerability:
 
 Nicolas Gregoire and Kevin Schaller discovered that Batik would load
 XML external entities by default. If a user or automated system were
 tricked into opening a specially crafted SVG file, an attacker could
 possibly obtain access to arbitrary files or cause resource consumption
 (CVE-2015-0250).
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0250
 http://advis

007 Software

[ MDVSA-2015:203 ] batik

Leave a Reply Cancel reply

Software and Security Information