UbuntuUpdates.org

Package "libbatik-java"

Name: libbatik-java

Description:

xml.apache.org SVG Library

Latest version: 1.14-1ubuntu0.2
Release: jammy (22.04)
Level: updates
Repository: universe
Head package: batik
Homepage: https://xmlgraphics.apache.org/batik/

Links


Download "libbatik-java"


Other versions of "libbatik-java" in Jammy

Repository Area Version
base universe 1.14-1
security universe 1.14-1ubuntu0.2

Changelog

Version: 1.14-1ubuntu0.2 2023-05-25 22:07:06 UTC

  batik (1.14-1ubuntu0.2) jammy-security; urgency=medium

    - debian/patches/CVE-2022-38398.patch: BATIK-1331: Jar url should be
      blocked by DefaultExternalResourceSecurity.
    - debian/patches/CVE-2022-38648.patch: BATIK-1333: Block external
      resource before calling fop.
    - debian/patches/CVE-2022-40146.patch: BATIK-1335: Jar url should be
      blocked by DefaultScriptSecurity.
    - debian/patches/CVE-2022-41704.patch: BATIK-1338: Block loading jar
      inside svg.
    - debian/patches/CVE-2022-42890.patch: BATIK-1345: Restrict what java
      classes can be run thru rhino.
    - CVE-2022-38398
    - CVE-2022-38648
    - CVE-2022-40146
    - CVE-2022-41704
    - CVE-2022-42890

 -- Paulo Flabiano Smorigo <email address hidden> Tue, 23 May 2023 15:45:29 -0300

CVE-2022-38398 Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue a
CVE-2022-38648 Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects A
CVE-2022-40146 Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affec
CVE-2022-41704 A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics pri
CVE-2022-42890 A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML



About   -   Send Feedback to @ubuntu_updates