Ubuntu Security Notice USN-2548-1
25th March, 2015
batik vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary
Batik could be made to consume resources or expose sensitive information.
Software description
- batik
– xml.apache.org SVG Library
Details
Nicolas Gregoire and Kevin Schaller discovered that Batik would load XML
external entities by default. If a user or automated system were tricked
into opening a specially crafted SVG file, an attacker could possibly
obtain access to arbitrary files or cause resource consumption.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 14.10:
-
libbatik-java
1.7.ubuntu-8ubuntu2.14.10.1
- Ubuntu 14.04 LTS:
-
libbatik-java
1.7.ubuntu-8ubuntu2.14.04.1
- Ubuntu 12.04 LTS:
-
libbatik-java
1.7.ubuntu-8ubuntu1.1
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.