VARIoT IoT vulnerabilities database
| VAR-202006-0238 | CVE-2020-14095 | Xiaomi R3600 Injection vulnerabilities in routers |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
In Xiaomi router R3600, ROM version<1.0.20, a connect service suffers from an injection vulnerability through the web interface, leading to a stack overflow or remote code execution. Xiaomi R3600 A router contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Xiaomi R3600 is a wireless router of China's Xiaomi Technology (Xiaomi) company.
There are security vulnerabilities in Xiaomi R3600 ROM versions before 1.0.20. A remote attacker can use this vulnerability to execute code
| VAR-202006-0237 | CVE-2020-14094 | Xiaomi R3600 Injection vulnerabilities in routers |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
In Xiaomi router R3600, ROM version<1.0.20, the connection service can be injected through the web interface, resulting in stack overflow or remote code execution. Xiaomi R3600 A router contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Xiaomi R3600 is a wireless router of China's Xiaomi Technology (Xiaomi) company.
There are security vulnerabilities in Xiaomi R3600 ROM versions before 1.0.20. A remote attacker can use this vulnerability to execute code
| VAR-202006-1682 | CVE-2020-6870 | ZTE U31R20 Product vulnerabilities |
CVSS V2: 5.2 CVSS V3: 8.0 Severity: HIGH |
The version V12.17.20T115 of ZTE U31R20 product is impacted by a design error vulnerability. An attacker could exploit the vulnerability to log in to the FTP server to tamper with the password, and illegally download, modify, upload, or delete files, causing improper operation of the network management system and equipment. This affects: NetNumenU31R20 V12.17.20T115. ZTE U31R20 The product contains unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. ZTE U31R20 is a network management product of China ZTE Corporation.
There are security vulnerabilities in the ZTE U31R20 V12.17.20T115 version
| VAR-202006-0272 | CVE-2020-10276 | Vulnerability in using hard-coded credentials in multiple products |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
The password for the safety PLC is the default and thus easy to find (in manuals, etc.). This allows a manipulated program to be uploaded to the safety PLC, effectively disabling the emergency stop in case an object is too close to the robot. Navigation and any other components dependent on the laser scanner are not affected (thus it is hard to detect before something happens) though the laser scanner configuration can also be affected altering further the safety of the device. Several products contain vulnerabilities in the use of hard-coded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state
| VAR-202006-0270 | CVE-2020-10274 | Information leak vulnerabilities in multiple products |
CVSS V2: 5.5 CVSS V3: 7.1 Severity: HIGH |
The access tokens for the REST API are directly derived (sha256 and base64 encoding) from the publicly available default credentials from the Control Dashboard (refer to CVE-2020-10270 for related flaws). This flaw in combination with CVE-2020-10273 allows any attacker connected to the robot networks (wired or wireless) to exfiltrate all stored data (e.g. indoor mapping images) and associated metadata from the robot's database. Information leakage vulnerabilities exist in multiple products.Information may be obtained and tampered with
| VAR-202006-0268 | CVE-2020-10272 | plural MiR Vulnerability regarding lack of authentication for critical features in the product |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
MiR100, MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computational graph without any sort of authentication. This allows attackers with access to the internal wireless and wired networks to take control of the robot seamlessly. In combination with CVE-2020-10269 and CVE-2020-10271, this flaw allows malicious actors to command the robot at desire. plural MiR The product contains vulnerabilities related to lack of authentication for critical features.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state
| VAR-202006-0266 | CVE-2020-10270 | plural MiR Vulnerabilities in the use of hard-coded credentials in products |
CVSS V2: 5.0 CVSS V3: 9.8 Severity: CRITICAL |
Out of the wired and wireless interfaces within MiR100, MiR200 and other vehicles from the MiR fleet, it's possible to access the Control Dashboard on a hardcoded IP address. Credentials to such wireless interface default to well known and widely spread users (omitted) and passwords (omitted). This information is also available in past User Guides and manuals which the vendor distributed. This flaw allows cyber attackers to take control of the robot remotely and make use of the default user interfaces MiR has created, lowering the complexity of attacks and making them available to entry-level attackers. More elaborated attacks can also be established by clearing authentication and sending network requests directly. We have confirmed this flaw in MiR100 and MiR200 but according to the vendor, it might also apply to MiR250, MiR500 and MiR1000. plural MiR The product contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state
| VAR-202006-0259 | CVE-2020-10279 | MiR robot Vulnerability in improper default permissions on controller |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
MiR robot controllers (central computation unit) makes use of Ubuntu 16.04.2 an operating system, Thought for desktop uses, this operating system presents insecure defaults for robots. These insecurities include a way for users to escalate their access beyond what they were granted via file creation, access race conditions, insecure home directory configurations and defaults that facilitate Denial of Service (DoS) attacks. MiR robot The controller contains a vulnerability regarding improper default permissions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state
| VAR-202006-1859 | No CVE | The KingView web data transmission service has a denial of service vulnerability (CNVD-2020-31725) |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
KingView is an industrial automation configuration software produced by Beijing Yakong Technology Development Co., Ltd.
There is a denial of service vulnerability in KingView's web data transmission service. Attackers can use this vulnerability to launch remote denial of service attacks.
| VAR-202006-1868 | No CVE | The KingView web data transmission service has a denial of service vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
KingView is an industrial automation configuration software produced by Beijing Yakong Technology Development Co., Ltd.
There is a denial of service vulnerability in KingView's web data transmission service. Attackers can use this vulnerability to launch remote denial of service attacks.
| VAR-202006-1858 | No CVE | Denial of service vulnerability exists in KingView web data transmission service (CNVD-2020-31722) |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
KingView is an industrial automation configuration software produced by Beijing Yakong Technology Development Co., Ltd.
There is a denial of service vulnerability in KingView's web data transmission service. Attackers can use this vulnerability to launch remote denial of service attacks.
| VAR-202006-1869 | No CVE | The KingView web data transmission service has a denial of service vulnerability (CNVD-2020-31723) |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
KingView is an industrial automation configuration software produced by Beijing Yakong Technology Development Co., Ltd.
There is a denial of service vulnerability in KingView's web data transmission service. Attackers can use this vulnerability to launch remote denial of service attacks.
| VAR-202006-1866 | No CVE | The KingView web data transmission service has a denial of service vulnerability (CNVD-2020-31724) |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
KingView is an industrial automation configuration software produced by Beijing Yakong Technology Development Co., Ltd.
There is a denial of service vulnerability in KingView's web data transmission service. Attackers can use this vulnerability to launch remote denial of service attacks.
| VAR-202006-1862 | No CVE | The KingView web data transmission service has a denial of service vulnerability (CNVD-2020-31721) |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
KingView is an industrial automation configuration software produced by Beijing Yakong Technology Development Co., Ltd.
There is a denial of service vulnerability in KingView's web data transmission service. Attackers can use this vulnerability to launch remote denial of service attacks.
| VAR-202006-0022 | CVE-2020-10624 | ControlEdge PLC and RTU Vulnerability in plaintext transmission of important information in |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R140, R150, and R151) exposes a session token on the network. ControlEdge PLC and RTU Includes a vulnerability in the transmission of important information in clear text.Information may be obtained. Honeywell ControlEdge PLC and ControlEdge RTU are products of American Honeywell (Honeywell) company. ControlEdge PLC is a programmable logic controller (PLC). ControlEdge RTU is a remote terminal unit (RTU)
| VAR-202006-0005 | CVE-2020-10628 | ControlEdge PLC and RTU Vulnerability in plaintext transmission of important information in |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R140, R150, and R151) exposes unencrypted passwords on the network. ControlEdge PLC and RTU Includes a vulnerability in the transmission of important information in clear text.Information may be obtained. Honeywell ControlEdge PLC and ControlEdge RTU are products of American Honeywell (Honeywell) company. ControlEdge PLC is a programmable logic controller (PLC). ControlEdge RTU is a remote terminal unit (RTU)
| VAR-202006-1005 | CVE-2020-14993 | plural DrayTek Out-of-bounds write vulnerabilities in product devices |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
A stack-based buffer overflow on DrayTek Vigor2960, Vigor3900, and Vigor300B devices before 1.5.1.1 allows remote attackers to execute arbitrary code via the formuserphonenumber parameter in an authusersms action to mainfunction.cgi. Draytek Vigor2960 , Vigor3900 , Vigor300B The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. DrayTek Vigor3900, etc. are all products of DrayTek, Taiwan, China. DrayTek Vigor3900 is a broadband router/VPN gateway device. Vigor2960 is a load balancing router and VPN gateway device. Vigor300B is a load balancing router.
There is a buffer overflow vulnerability in DrayTek Vigor2960, Vigor3900 and Vigor300B versions before 1.5.1.1
| VAR-202006-1511 | CVE-2020-5594 | Made by Mitsubishi Electric MELSEC iQ-R , iQ-F , Q , L , FX Of the series CPU With the unit GX Works3 and GX Works2 Vulnerability in plaintext communication between |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules all versions contain a vulnerability that allows cleartext transmission of sensitive information between CPU modules and GX Works3 and/or GX Works2 via unspecified vectors. Mitsubishi Electric MELSEC iQ-R series, etc. are all a programmable logic controller of Japan's Mitsubishi Electric (Mitsubishi Electric) company.
There are security vulnerabilities in many Mitsubishi Electric products. The vulnerabilities stem from the use of clear text communication between the CPU module and GX Works3 or GX Works2. Attackers can use the vulnerabilities to eavesdrop or tamper with communication data, perform unauthorized operations, and cause denial of service
| VAR-202006-0988 | CVE-2020-14965 | TP-Link TL-WR740N and TL-WR740ND Injection vulnerabilities in devices |
CVSS V2: 3.5 CVSS V3: 4.8 Severity: MEDIUM |
On TP-Link TL-WR740N v4 and TL-WR740ND v4 devices, an attacker with access to the admin panel can inject HTML code and change the HTML context of the target pages and stations in the access-control settings via targets_lists_name or hosts_lists_name. The vulnerability can also be exploited through a CSRF, requiring no authentication as an administrator. TP-Link TL-WR740N and TL-WR740ND A device contains an injection vulnerability.Information may be obtained and tampered with. TP-Link TL-WR740N and TP-Link TL-WR740ND are both wireless routers of China's TP-Link company.
There are security vulnerabilities in TP-Link TL-WR740N v4 and TL-WR740ND v4
| VAR-202011-1478 | CVE-2019-17566 | ApacheĀ BatikĀ Server-side Request Forgery Vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. Pillow is a Python-based image processing library.
There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements.
The purpose of this text-only errata is to inform you about the security
issues fixed in this release.
Installation instructions are available from the Fuse 7.8.0 product
documentation page:
https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/
4. Bugs fixed (https://bugzilla.redhat.com/):
1665601 - CVE-2018-1000873 jackson-modules-java8: DoS due to an Improper Input Validation
1666499 - CVE-2019-14900 hibernate: SQL injection issue in Hibernate ORM
1670593 - CVE-2019-3773 spring-ws: XML External Entity Injection (XXE) when receiving XML data from untrusted sources
1670597 - CVE-2019-3774 spring-batch: XML External Entity Injection (XXE) when receiving XML data from untrusted sources
1694235 - CVE-2020-10683 dom4j: XML External Entity vulnerability in default SAX parser
1703402 - CVE-2019-2692 mysql-connector-java: privilege escalation in MySQL connector
1705975 - CVE-2020-1714 keycloak: Lack of checks in ObjectInputStream leading to Remote Code Execution
1731271 - CVE-2019-10202 codehaus: incomplete fix for unsafe deserialization in jackson-databind vulnerabilities
1738673 - CVE-2019-10219 hibernate-validator: safeHTML validator allows XSS
1764607 - CVE-2019-0210 thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol
1764612 - CVE-2019-0205 thrift: Endless loop when feed with specific input data
1780445 - CVE-2019-19343 Undertow: Memory Leak in Undertow HttpOpenListener due to holding remoting connections indefinitely
1796617 - CVE-2020-1719 Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain
1797006 - CVE-2019-12423 cxf: OpenId Connect token service does not properly validate the clientId
1799475 - CVE-2020-5398 springframework: RFD attack via Content-Disposition Header sourced from request input by Spring MVC or Spring WebFlux Application
1801149 - CVE-2019-13990 libquartz: XXE attacks via job description
1801380 - CVE-2020-7226 cryptacular: excessive memory allocation during a decode operation
1816170 - CVE-2019-12406 cxf: does not restrict the number of message attachments
1816216 - CVE-2020-11612 netty: compression/decompression codecs don't enforce limits on buffer allocation sizes
1822759 - CVE-2020-1950 tika: excessive memory usage in PSDParser
1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender
1834512 - CVE-2020-10740 wildfly: unsafe deserialization in Wildfly Enterprise Java Beans
1848126 - CVE-2020-1960 apache-flink: JMX information disclosure vulnerability
1848433 - CVE-2020-11971 camel: DNS Rebinding in JMX Connector could result in remote command execution
1848464 - CVE-2020-11972 camel: RabbitMQ enables Java deserialization by default which could leed to remote code execution
1848465 - CVE-2020-11973 camel: Netty enables Java deserialization by default which could leed to remote code execution
1848617 - CVE-2019-17566 batik: SSRF via "xlink:href"
1850042 - CVE-2020-9489 tika-core: Denial of Service Vulnerabilities in Some of Apache Tika's Parsers
1850069 - CVE-2020-11989 shiro: spring dynamic controllers, a specially crafted request may cause an authentication bypass
1850450 - CVE-2020-11980 karaf: A remote client could create MBeans from arbitrary URLs
1852985 - CVE-2020-13692 postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML
1855786 - CVE-2020-11994 camel: server-side template injection and arbitrary file disclosure on templating components
1855826 - CVE-2020-14326 RESTEasy: Caching routes in RootNode may result in DoS
1864680 - CVE-2019-17638 jetty: double release of resource can lead to information disclosure
1869860 - CVE-2020-13933 shiro: specially crafted HTTP request may cause an authentication bypass
1879743 - CVE-2019-11777 org.eclipse.paho.client.mqttv3: Improper hostname validation in the MQTT library
5. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: Red Hat Decision Manager 7.9.0 security update
Advisory ID: RHSA-2020:4960-01
Product: Red Hat Decision Manager
Advisory URL: https://access.redhat.com/errata/RHSA-2020:4960
Issue date: 2020-11-05
CVE Names: CVE-2019-14900 CVE-2019-17566 CVE-2020-1748
CVE-2020-1945 CVE-2020-1954 CVE-2020-2875
CVE-2020-2933 CVE-2020-2934 CVE-2020-10683
CVE-2020-10693 CVE-2020-10714
=====================================================================
1. Summary:
An update is now available for Red Hat Decision Manager.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Description:
Red Hat Decision Manager is an open source decision management platform
that combines business rules management, complex event processing, Decision
Model & Notation (DMN) execution, and Business Optimizer for solving
planning problems. It automates business decisions and makes that logic
available to the entire business.
This release of Red Hat Decision Manager 7.9.0 serves as an update to Red
Hat Decision Manager 7.8.1, and includes bug fixes and enhancements, which
are documented in the Release Notes document linked to in the References.
Security Fix(es):
* hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)
* batik: SSRF via "xlink:href" (CVE-2019-17566)
* Wildfly: Improper authorization issue in WildFlySecurityManager when
using alternative protection domain (CVE-2020-1748)
* ant: insecure temporary file vulnerability (CVE-2020-1945)
* dom4j: XML External Entity vulnerability in default SAX parser
(CVE-2020-10683)
* hibernate-validator: Improper input validation in the interpolation of
constraint error messages (CVE-2020-10693)
* wildfly-elytron: session fixation when using FORM authentication
(CVE-2020-10714)
* cxf: JMX integration is vulnerable to a MITM attack (CVE-2020-1954)
* mysql-connector-java: allows unauthenticated attacker with network access
via multiple protocols to compromise MySQL Connectors which could result in
unauthorized update, insert or delete (CVE-2020-2875)
* mysql-connector-java: allows high privileged attacker with network access
via multiple protocols to compromise MySQL Connectors which could result in
unauthorized partial DoS (CVE-2020-2933)
* mysql-connector-java: allows unauthenticated attacker with network access
via multiple protocols to compromise MySQL Connectors which could result in
unauthorized update, insert or delete (CVE-2020-2934)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
3. Solution:
For on-premise installations, before applying the update, back up your
existing installation, including all applications, configuration files,
databases and database settings, and so on.
It is recommended to halt the server by stopping the JBoss Application
Server process before installing this update; after installing the update,
restart the server by starting the JBoss Application Server process.
The References section of this erratum contains a download link (you must
log in to download the update).
4. Bugs fixed (https://bugzilla.redhat.com/):
1666499 - CVE-2019-14900 hibernate: SQL injection issue in Hibernate ORM
1694235 - CVE-2020-10683 dom4j: XML External Entity vulnerability in default SAX parser
1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages
1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain
1824301 - CVE-2020-1954 cxf: JMX integration is vulnerable to a MITM attack
1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication
1837444 - CVE-2020-1945 ant: insecure temporary file vulnerability
1848617 - CVE-2019-17566 batik: SSRF via "xlink:href"
1851014 - CVE-2020-2934 mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete
1851019 - CVE-2020-2875 mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete
1851022 - CVE-2020-2933 mysql-connector-java: allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized partial DoS
5. References:
https://access.redhat.com/security/cve/CVE-2019-14900
https://access.redhat.com/security/cve/CVE-2019-17566
https://access.redhat.com/security/cve/CVE-2020-1748
https://access.redhat.com/security/cve/CVE-2020-1945
https://access.redhat.com/security/cve/CVE-2020-1954
https://access.redhat.com/security/cve/CVE-2020-2875
https://access.redhat.com/security/cve/CVE-2020-2933
https://access.redhat.com/security/cve/CVE-2020-2934
https://access.redhat.com/security/cve/CVE-2020-10683
https://access.redhat.com/security/cve/CVE-2020-10693
https://access.redhat.com/security/cve/CVE-2020-10714
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=rhdm&version=7.9.0
https://access.redhat.com/documentation/en-us/red_hat_decision_manager/7.9/
6. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBX6RI8tzjgjWX9erEAQgb8g//bOAn52SE3WqFyv9Xew8jkqzxj0eO6uEf
K4knKv2sOff6Kp9+PW7nBTU6+5c+ejBXEpT4BGUwlOKF6b77l0Rt/p4mfaN1ZzqA
95IjiTQ1szog0CPhTCpFqAabeenKr1fLMz8Y9+CEM4EIC8NJoKP4KdNx8m96OtjA
2gPFHGV7kSe9TZErvsicTmnBWiTfq9Nh8OUvg5hOLJ1p+O3nK6UA2kBSrs18vjyA
9QhT6D+v/ptddiRrNFq4OjgRw68BllFZpidSQD+SDZ3fEJqK5A/cVFzUBQYLVk4h
azVywCt49CtT9wLxGFDeL13d24KziAoWDWVuC5kz/ERfdOzPKl+cEP8x5K1PBZgi
uLp4le4n/GczjJiLVouHKsUaWQFBAQcJlOiAI6t/4j9ht1NaRd4cQEC5+ANzkjGr
qm1nAub3cUszL3rdb1YVt+uJ1uWCIz6EmrfNeglWAfVLBqOeS6Ng0AtBbVQTj5qK
4J2ZujOjegc3eH3SYz2/ilc4cClpMigR6v83pAUDG/k7nMKp4b6KnDLi2YIzq4Fk
nrq3scZ03u0L+4a2WOUaKtoBcRJGr8sM1w45dWPtTiEEzA1U95UT0f+zidlexQSR
6V93caKvx3mrmEUh+dly/N6IL0EHGU/YRRXhouKjd6Zx+psgcDgg7pGu3YLWtIo7
6ENlCG73lC4=
=cbJe
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
. =========================================================================
Ubuntu Security Notice USN-6117-1
May 30, 2023
batik vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)
Summary:
Several security issues were fixed in Apache Batik. An
attacker could possibly use this to perform a cross site request forgery
attack. (CVE-2019-17566, CVE-2020-11987, CVE-2022-38398, CVE-2022-38648)
It was discovered that Apache Batik incorrectly handled Jar URLs in some
situations. A remote attacker could use this issue to access files on the
server. (CVE-2022-40146)
It was discovered that Apache Batik allowed running untrusted Java code from
an SVG. (CVE-2022-41704, CVE-2022-42890)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.10:
libbatik-java 1.14-2ubuntu0.1
Ubuntu 22.04 LTS:
libbatik-java 1.14-1ubuntu0.2
Ubuntu 20.04 LTS:
libbatik-java 1.12-1ubuntu0.1
Ubuntu 18.04 LTS:
libbatik-java 1.10-2~18.04.1
Ubuntu 16.04 LTS (Available with Ubuntu Pro):
libbatik-java 1.8-3ubuntu1+esm1
Ubuntu 14.04 LTS (Available with Ubuntu Pro):
libbatik-java 1.7.ubuntu-8ubuntu2.14.04.3+esm1
In general, a standard system update will make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202401-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Apache Batik: Multiple Vulnerabilities
Date: January 07, 2024
Bugs: #724534, #872689, #918088
ID: 202401-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in Apache Batik, the worst of
which could result in arbitrary code execution.
Background
==========
Apache Batik is a Java-based toolkit for applications or applets that
want to use images in the Scalable Vector Graphics (SVG) format for
various purposes, such as display, generation or manipulation.
Affected packages
=================
Package Vulnerable Unaffected
-------------- ------------ ------------
dev-java/batik < 1.17 >= 1.17
Description
===========
Multiple vulnerabilities have been discovered in Apache Batik. Please
review the CVE identifiers referenced below for details.
Impact
======
Please review the referenced CVE identifiers for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Apache Batik users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-java/batik-1.17"
References
==========
[ 1 ] CVE-2018-8013
https://nvd.nist.gov/vuln/detail/CVE-2018-8013
[ 2 ] CVE-2019-17566
https://nvd.nist.gov/vuln/detail/CVE-2019-17566
[ 3 ] CVE-2020-11987
https://nvd.nist.gov/vuln/detail/CVE-2020-11987
[ 4 ] CVE-2022-38398
https://nvd.nist.gov/vuln/detail/CVE-2022-38398
[ 5 ] CVE-2022-38648
https://nvd.nist.gov/vuln/detail/CVE-2022-38648
[ 6 ] CVE-2022-40146
https://nvd.nist.gov/vuln/detail/CVE-2022-40146
[ 7 ] CVE-2022-41704
https://nvd.nist.gov/vuln/detail/CVE-2022-41704
[ 8 ] CVE-2022-42890
https://nvd.nist.gov/vuln/detail/CVE-2022-42890
[ 9 ] CVE-2022-44729
https://nvd.nist.gov/vuln/detail/CVE-2022-44729
[ 10 ] CVE-2022-44730
https://nvd.nist.gov/vuln/detail/CVE-2022-44730
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202401-11
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2024 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5