Security Information / 2018 / Security Information -- DSA-4215-1 batik

Debian Security Advisory

DSA-4215-1 batik -- security update

Date Reported:

02 Jun 2018

Affected Packages:

batik

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 860566, Bug 899374.
In Mitre's CVE dictionary: CVE-2017-5662, CVE-2018-8013.

More information:

Man Yue Mo, Lars Krapf and Pierre Ernst discovered that Batik, a toolkit for processing SVG images, did not properly validate its input. This would allow an attacker to cause a denial-of-service, mount cross-site scripting attacks, or access restricted files on the server.

For the oldstable distribution (jessie), these problems have been fixed in version 1.7+dfsg-5+deb8u1.

For the stable distribution (stretch), these problems have been fixed in version 1.8-4+deb9u1.

We recommend that you upgrade your batik packages.

For the detailed security status of batik please refer to its security tracker page at: https://security-tracker.debian.org/tracker/batik