Debian DSA-3205-1 : batik - security update
Medium Nessus Plugin ID 82302
SynopsisThe remote Debian host is missing a security-related update.
DescriptionNicolas Gregoire and Kevin Schaller discovered that Batik, a toolkit for processing SVG images, would load XML external entities by default. If a user or automated system were tricked into opening a specially crafted SVG file, an attacker could possibly obtain access to arbitrary files or cause resource consumption.
SolutionUpgrade the batik packages.
For the stable distribution (wheezy), this problem has been fixed in version 1.7+dfsg-3+deb7u1.
For the upcoming stable distribution (jessie) and unstable distribution (sid), this problem has been fixed in version 1.7+dfsg-5.