Package "libbatik-java"
Name: |
libbatik-java
|
Description: |
xml.apache.org SVG Library
|
Latest version: |
1.14-1ubuntu0.2 |
Release: |
jammy (22.04) |
Level: |
updates |
Repository: |
universe |
Head package: |
batik |
Homepage: |
https://xmlgraphics.apache.org/batik/ |
Links
Download "libbatik-java"
Other versions of "libbatik-java" in Jammy
Changelog
batik (1.14-1ubuntu0.2) jammy-security; urgency=medium
- debian/patches/CVE-2022-38398.patch: BATIK-1331: Jar url should be
blocked by DefaultExternalResourceSecurity.
- debian/patches/CVE-2022-38648.patch: BATIK-1333: Block external
resource before calling fop.
- debian/patches/CVE-2022-40146.patch: BATIK-1335: Jar url should be
blocked by DefaultScriptSecurity.
- debian/patches/CVE-2022-41704.patch: BATIK-1338: Block loading jar
inside svg.
- debian/patches/CVE-2022-42890.patch: BATIK-1345: Restrict what java
classes can be run thru rhino.
- CVE-2022-38398
- CVE-2022-38648
- CVE-2022-40146
- CVE-2022-41704
- CVE-2022-42890
-- Paulo Flabiano Smorigo <email address hidden> Tue, 23 May 2023 15:45:29 -0300
|
CVE-2022-38398 |
Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue a |
CVE-2022-38648 |
Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects A |
CVE-2022-40146 |
Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affec |
CVE-2022-41704 |
A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics pri |
CVE-2022-42890 |
A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML |
|
About
-
Send Feedback to @ubuntu_updates