Package "batik"
Name: |
batik
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description. Description samples from packages in group:
- xml.apache.org SVG Library
|
Latest version: |
1.12-1ubuntu0.1 |
Release: |
focal (20.04) |
Level: |
security |
Repository: |
universe |
Links
Other versions of "batik" in Focal
Packages in group
Deleted packages are displayed in grey.
Changelog
batik (1.12-1ubuntu0.1) focal-security; urgency=medium
* SECURITY UPDATE: Server-Side Request Forgery
- debian/patches/CVE-2019-17566.patch: BATIK-1276: Allow blocking of
external resources.
- debian/patches/CVE-2020-11987.patch: BATIK-1284: Dont load DTDs in
NodePickerPanel.
- debian/patches/CVE-2022-38398.patch: BATIK-1331: Jar url should be
blocked by DefaultExternalResourceSecurity.
- debian/patches/CVE-2022-38648.patch: BATIK-1333: Block external
resource before calling fop.
- debian/patches/CVE-2022-40146.patch: BATIK-1335: Jar url should be
blocked by DefaultScriptSecurity.
- debian/patches/CVE-2022-41704.patch: BATIK-1338: Block loading jar
inside svg.
- debian/patches/CVE-2022-42890.patch: BATIK-1345: Restrict what java
classes can be run thru rhino.
- CVE-2019-17566
- CVE-2020-11987
- CVE-2022-38398
- CVE-2022-38648
- CVE-2022-40146
- CVE-2022-41704
- CVE-2022-42890
-- Paulo Flabiano Smorigo <email address hidden> Tue, 23 May 2023 15:47:40 -0300
|
CVE-2019-17566 |
Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-c |
CVE-2020-11987 |
Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-craf |
CVE-2022-38398 |
Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue a |
CVE-2022-38648 |
Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects A |
CVE-2022-40146 |
Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affec |
CVE-2022-41704 |
A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics pri |
CVE-2022-42890 |
A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML |
|
About
-
Send Feedback to @ubuntu_updates