Site icon 지락문화예술공작단

USN-3280-1: Apache Batik vulnerability

USN-3280-1: Apache Batik vulnerability

Ubuntu Security Notice USN-3280-1

9th May, 2017

batik vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

Summary

Apache Batik would allow unintended access to files over the network or
could be made to crash.

Software description

Details

Lars Krapf and Pierre Ernst discovered that Apache Batik incorrectly
handled XML external entities. A remote attacker could possibly use this
issue to obtain sensitive files from the filesystem, or cause a denial of
service.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.04 LTS:
libbatik-java

1.7.ubuntu-8ubuntu2.14.04.2

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2017-5662

Source: USN-3280-1: Apache Batik vulnerability

Exit mobile version