MGASA-2015-0138

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2015-0138.html

Import Source

https://advisories.mageia.org/MGASA-2015-0138.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2015-0138

Related

CVE-2015-0250

Published

2015-04-09T22:44:14Z

Modified

2015-04-09T22:28:08Z

Summary

Updated batik packages fix security vulnerabilities

Details

Updated batik packages fix security vulnerability:

Nicolas Gregoire and Kevin Schaller discovered that Batik would load XML external entities by default. If a user or automated system were tricked into opening a specially crafted SVG file, an attacker could possibly obtain access to arbitrary files or cause resource consumption (CVE-2015-0250).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:4 / batik

Package

Name: batik
Purl: pkg:rpm/mageia/batik?distro=mageia-4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8-0.1.svn1230816.10.mga4

Ecosystem specific

{
    "section": "core"
}