drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Preisgabe von Informationen in Batik
Name: |
Preisgabe von Informationen in Batik |
|
ID: |
DSA-3205-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian wheezy |
|
Datum: |
Fr, 27. März 2015, 12:10 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0250 |
|
Applikationen: |
Batik |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
- ------------------------------------------------------------------------- Debian Security Advisory DSA-3205-1 security@debian.org http://www.debian.org/security/ Sebastien Delafond March 27, 2015 http://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : batik CVE ID : CVE-2015-0250 Debian Bug : 780897
Nicolas Gregoire and Kevin Schaller discovered that Batik, a toolkit for processing SVG images, would load XML external entities by default. If a user or automated system were tricked into opening a specially crafted SVG file, an attacker could possibly obtain access to arbitrary files or cause resource consumption.
For the stable distribution (wheezy), this problem has been fixed in version 1.7+dfsg-3+deb7u1.
For the upcoming stable distribution (jessie) and unstable distribution (sid), this problem has been fixed in version 1.7+dfsg-5.
We recommend that you upgrade your batik packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iQEcBAEBCAAGBQJVFTgPAAoJEBC+iYPz1Z1kqicIAKCLo3t4mPu0n3xGb6EioHap 5lqQhZmw8+E6o8etb10hdbNCts8otYi4Qp0cE7/pejXDA0zJkQCRdSN40Xhj+q1r KKzUyLFnX32Oit5MDameqeEKkLGRbtJe7oahV5FirPvjTfLLvXIzkwmoehQzW/VG bcIo5XdO5yJ0SrBy7Xte3aYCx9IsCtKH2Ub61UVH8HnZBj+PTVTFcrmJ0h4F2aLb WmWleAM/SaVzBOyBmqMWs06YkV+xzDpy0Svmb1xaUDW/ltIEGk1eQlWSqgkof2MV Fin97+OzgC+YK5BKZNWkfwBUAxRSd7hhfYfpX4ProZSUVt/prNPEOIWYFDGftvs= =eVvG -----END PGP SIGNATURE-----
-- To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: https://lists.debian.org/E1YbRzU-0000qB-8z@pool.mine.nu
|
|
|
|