SUSE-SU-2020:1800-1

Опубликовано: 30 июн. 2020

Источник: suse-cvrf

Описание

Security update for xmlgraphics-batik

This update for xmlgraphics-batik fixes the following issues:

CVE-2019-17566: Fixed a SSRF which might have allowed the underlying server to make arbitrary GET requests (bsc#1172961).

Список пакетов

SUSE Linux Enterprise Software Development Kit 12 SP4

xmlgraphics-batik-1.8-3.3.1

SUSE Linux Enterprise Software Development Kit 12 SP5

xmlgraphics-batik-1.8-3.3.1

Ссылки

https://www.suse.com/support/update/announcement/2020/suse-su-20201800-1/
Link for SUSE-SU-2020:1800-1
https://lists.suse.com/pipermail/sle-security-updates/2020-June/007054.html
E-Mail link for SUSE-SU-2020:1800-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1172961
SUSE Bug 1172961
https://www.suse.com/security/cve/CVE-2019-17566/
SUSE CVE CVE-2019-17566 page

Описание

Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.

Затронутые продукты

SUSE Linux Enterprise Software Development Kit 12 SP4:xmlgraphics-batik-1.8-3.3.1

SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-batik-1.8-3.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-17566.html
CVE-2019-17566
https://bugzilla.suse.com/1172961
SUSE Bug 1172961

SUSE-SU-2020:1800-1

Описание

Список пакетов

SUSE Linux Enterprise Software Development Kit 12 SP4

SUSE Linux Enterprise Software Development Kit 12 SP5

Ссылки

Уязвимость: CVE-2019-17566

Описание

Затронутые продукты

Ссылки