Updated batik packages fix security vulnerabilities
Publication date: 09 Apr 2015Modification date: 09 Apr 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2015-0250
Description
Updated batik packages fix security vulnerability: Nicolas Gregoire and Kevin Schaller discovered that Batik would load XML external entities by default. If a user or automated system were tricked into opening a specially crafted SVG file, an attacker could possibly obtain access to arbitrary files or cause resource consumption (CVE-2015-0250).
References
SRPMS
4/core
- batik-1.8-0.1.svn1230816.10.mga4