Lucene search

Gentoo FoundationMGASA-2015-0138

HistoryApr 10, 2015 - 1:44 a.m.

Updated batik packages fix security vulnerabilities

2015-04-1001:44:14

Gentoo Foundation

advisories.mageia.org

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

0.059 Low

EPSS

Percentile

93.4%

JSON

Updated batik packages fix security vulnerability: Nicolas Gregoire and Kevin Schaller discovered that Batik would load XML external entities by default. If a user or automated system were tricked into opening a specially crafted SVG file, an attacker could possibly obtain access to arbitrary files or cause resource consumption (CVE-2015-0250).

OSVersionArchitecturePackageVersionFilename
Mageia4noarchbatik< 1.8-0.1.svn1230816.10batik-1.8-0.1.svn1230816.10.mga4

OS	Version	Architecture	Package	Version	Filename
Mageia	4	noarch	batik	< 1.8-0.1.svn1230816.10	batik-1.8-0.1.svn1230816.10.mga4

References

openwall.com/lists/oss-security/2015/03/17/4

www.ubuntu.com/usn/usn-2548-1/

bugs.mageia.org/show_bug.cgi?id=15566

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

0.059 Low

EPSS

Percentile

93.4%

JSON

Related for MGASA-2015-0138