Advisories » MGASA-2015-0138

Updated batik packages fix security vulnerabilities

Publication date: 09 Apr 2015
Modification date: 09 Apr 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2015-0250

Description

Updated batik packages fix security vulnerability:

Nicolas Gregoire and Kevin Schaller discovered that Batik would load XML
external entities by default. If a user or automated system were tricked into
opening a specially crafted SVG file, an attacker could possibly obtain access
to arbitrary files or cause resource consumption (CVE-2015-0250).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=15566
• http://openwall.com/lists/oss-security/2015/03/17/4
• http://www.ubuntu.com/usn/usn-2548-1/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0250

SRPMS

4/core

• batik-1.8-0.1.svn1230816.10.mga4