USN-3280-1: Apache Batik vulnerability
USN-3280-1: Apache Batik vulnerability
Ubuntu Security Notice USN-3280-1
9th May, 2017
batik vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
Summary
Apache Batik would allow unintended access to files over the network or could be made to crash.
Software description
Details
Lars Krapf and Pierre Ernst discovered that Apache Batik incorrectly
handled XML external entities. A remote attacker could possibly use this
issue to obtain sensitive files from the filesystem, or cause a denial of
service.
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 14.04 LTS:
- libbatik-java 1.7.ubuntu-8ubuntu2.14.04.2
To update your system, please follow these instructions: http://ift.tt/17VXqjU.
In general, a standard system update will make all the necessary changes.
References
from Ubuntu Security Notices http://ift.tt/2q0gRYg