USN-2548-1: Batik vulnerability
25 March 2015
Batik could be made to consume resources or expose sensitive information.
- batik - xml.apache.org SVG Library
Nicolas Gregoire and Kevin Schaller discovered that Batik would load XML
external entities by default. If a user or automated system were tricked
into opening a specially crafted SVG file, an attacker could possibly
obtain access to arbitrary files or cause resource consumption.
The problem can be corrected by updating your system to the following package versions:
In general, a standard system update will make all the necessary changes.