Preisgabe von Informationen in Batik
ID: | USN-2548-1 |
Distribution: | Ubuntu |
Plattformen: | Ubuntu 12.04 LTS, Ubuntu 14.04 LTS, Ubuntu 14.10 |
Datum: | Mi, 25. März 2015, 15:57 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0250 |
Applikationen: | Batik |
Originalnachricht |
|
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============2147518765877638804== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="eIUBpNjSrAQs1ohudtkpMuQ9A96FVdbJD" This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --eIUBpNjSrAQs1ohudtkpMuQ9A96FVdbJD Content-Type: text/plain; charset=utf- Content-Transfer-Encoding: quoted-printable ========================================================================== Ubuntu Security Notice USN-2548-1 March 25, 2015 batik vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: Batik could be made to consume resources or expose sensitive information. Software Description: - batik: xml.apache.org SVG Library Details: Nicolas Gregoire and Kevin Schaller discovered that Batik would load XML external entities by default. If a user or automated system were tricked into opening a specially crafted SVG file, an attacker could possibly obtain access to arbitrary files or cause resource consumption. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.10: libbatik-java 1.7.ubuntu-8ubuntu2.14.10.1 Ubuntu 14.04 LTS: libbatik-java 1.7.ubuntu-8ubuntu2.14.04.1 Ubuntu 12.04 LTS: libbatik-java 1.7.ubuntu-8ubuntu1.1 In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-2548-1 CVE-2015-0250 Package Information: https://launchpad.net/ubuntu/+source/batik/1.7.ubuntu-8ubuntu2.14.10.1 https://launchpad.net/ubuntu/+source/batik/1.7.ubuntu-8ubuntu2.14.04.1 https://launchpad.net/ubuntu/+source/batik/1.7.ubuntu-8ubuntu1.1 --eIUBpNjSrAQs1ohudtkpMuQ9A96FVdbJD Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJVErIeAAoJEGVp2FWnRL6T6foQAKT6gZTrXiea3spJVu/12p/U CQaoB9swltYm73QdOF0po787Kg6YahIvrHZoFCHGPKiA68YwCk/ZtmbshYFsC5w8 MQoDGXHFhBF9zctfhvLoVHEmxLkQA1sbXLQcIRCr1Rsw9xyc95L5fT/O1FABZNtS dheSSihK2YZ6TTguYxh4FGYdLnVTzhJI/O8Te0E8h1l7BSiD1KocMypKWB8dsUzb DzCL6yqkXS6NHFlR3inYnyBnPe35R8StZ0qwh755r3tNtqmGByCFrKpcoGfwY7Qb tCYd4NUcFqYUmaEynu9VzK2qu3yQAyB0z6Bz8AHVWij7/cC32qoy4BmA8gK4ySTb 0P0WxVNe9nWEq57MNuzNc9yC14auzEVhOwWfZal/D3d5X5qnHfcijF8HfJRlPqs1 LNdbJnqyRmfHAksQn0AW0v/bJEjq23x2WC71gSUa/PfT9HmBA0MTyD3zoH0H40sy RLSesFuw2YWkH8oE8dqBZIMspVTDgN1GMev3dEuuhd3jPAsPvKh++cEPFV9z7U/U 9ECb0/Wpcu4XlTBJiD8y6m7JMd1g+3uiY0j8UngXR2r8QFOmmLmRcA9WhlHHp/ZD 2rYFvdh1bS6sEW8vR/ukC+57+njF2yGUrM0RYrFlHT2DfHUSKf+XlyiyrUQyeqEg 4y36LysPvyOM7Z9SdoFN =MA86 -----END PGP SIGNATURE----- --eIUBpNjSrAQs1ohudtkpMuQ9A96FVdbJD-- --===============2147518765877638804== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce --===============2147518765877638804==-- |