USN-2548-1: Batik vulnerability

Ubuntu Security Notice USN-2548-1

25th March, 2015

batik vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 14.10
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

Batik could be made to consume resources or expose sensitive information.

Software description

  • batik
    – xml.apache.org SVG Library

Details

Nicolas Gregoire and Kevin Schaller discovered that Batik would load XML
external entities by default. If a user or automated system were tricked
into opening a specially crafted SVG file, an attacker could possibly
obtain access to arbitrary files or cause resource consumption.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.10:
libbatik-java

1.7.ubuntu-8ubuntu2.14.10.1
Ubuntu 14.04 LTS:
libbatik-java

1.7.ubuntu-8ubuntu2.14.04.1
Ubuntu 12.04 LTS:
libbatik-java

1.7.ubuntu-8ubuntu1.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2015-0250

Leave a Reply