Login
Newsletter
Werbung

Sicherheit: Preisgabe von Informationen in Batik
Aktuelle Meldungen Distributionen
Name: Preisgabe von Informationen in Batik
ID: USN-2548-1
Distribution: Ubuntu
Plattformen: Ubuntu 12.04 LTS, Ubuntu 14.04 LTS, Ubuntu 14.10
Datum: Mi, 25. März 2015, 15:57
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0250
Applikationen: Batik

Originalnachricht

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============2147518765877638804==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="eIUBpNjSrAQs1ohudtkpMuQ9A96FVdbJD"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--eIUBpNjSrAQs1ohudtkpMuQ9A96FVdbJD
Content-Type: text/plain; charset=utf-
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-2548-1
March 25, 2015

batik vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS

Summary:

Batik could be made to consume resources or expose sensitive information.

Software Description:
- batik: xml.apache.org SVG Library

Details:

Nicolas Gregoire and Kevin Schaller discovered that Batik would load XML
external entities by default. If a user or automated system were tricked
into opening a specially crafted SVG file, an attacker could possibly
obtain access to arbitrary files or cause resource consumption.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.10:
libbatik-java 1.7.ubuntu-8ubuntu2.14.10.1

Ubuntu 14.04 LTS:
libbatik-java 1.7.ubuntu-8ubuntu2.14.04.1

Ubuntu 12.04 LTS:
libbatik-java 1.7.ubuntu-8ubuntu1.1

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2548-1
CVE-2015-0250

Package Information:
https://launchpad.net/ubuntu/+source/batik/1.7.ubuntu-8ubuntu2.14.10.1
https://launchpad.net/ubuntu/+source/batik/1.7.ubuntu-8ubuntu2.14.04.1
https://launchpad.net/ubuntu/+source/batik/1.7.ubuntu-8ubuntu1.1



--eIUBpNjSrAQs1ohudtkpMuQ9A96FVdbJD
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJVErIeAAoJEGVp2FWnRL6T6foQAKT6gZTrXiea3spJVu/12p/U
CQaoB9swltYm73QdOF0po787Kg6YahIvrHZoFCHGPKiA68YwCk/ZtmbshYFsC5w8
MQoDGXHFhBF9zctfhvLoVHEmxLkQA1sbXLQcIRCr1Rsw9xyc95L5fT/O1FABZNtS
dheSSihK2YZ6TTguYxh4FGYdLnVTzhJI/O8Te0E8h1l7BSiD1KocMypKWB8dsUzb
DzCL6yqkXS6NHFlR3inYnyBnPe35R8StZ0qwh755r3tNtqmGByCFrKpcoGfwY7Qb
tCYd4NUcFqYUmaEynu9VzK2qu3yQAyB0z6Bz8AHVWij7/cC32qoy4BmA8gK4ySTb
0P0WxVNe9nWEq57MNuzNc9yC14auzEVhOwWfZal/D3d5X5qnHfcijF8HfJRlPqs1
LNdbJnqyRmfHAksQn0AW0v/bJEjq23x2WC71gSUa/PfT9HmBA0MTyD3zoH0H40sy
RLSesFuw2YWkH8oE8dqBZIMspVTDgN1GMev3dEuuhd3jPAsPvKh++cEPFV9z7U/U
9ECb0/Wpcu4XlTBJiD8y6m7JMd1g+3uiY0j8UngXR2r8QFOmmLmRcA9WhlHHp/ZD
2rYFvdh1bS6sEW8vR/ukC+57+njF2yGUrM0RYrFlHT2DfHUSKf+XlyiyrUQyeqEg
4y36LysPvyOM7Z9SdoFN
=MA86
-----END PGP SIGNATURE-----

--eIUBpNjSrAQs1ohudtkpMuQ9A96FVdbJD--


--===============2147518765877638804==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============2147518765877638804==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung