Advisories ยป MGASA-2015-0138

Updated batik packages fix security vulnerabilities

Publication date: 09 Apr 2015
Modification date: 09 Apr 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2015-0250

Description

Updated batik packages fix security vulnerability:

Nicolas Gregoire and Kevin Schaller discovered that Batik would load XML
external entities by default. If a user or automated system were tricked into
opening a specially crafted SVG file, an attacker could possibly obtain access
to arbitrary files or cause resource consumption (CVE-2015-0250).
                

References

SRPMS

4/core