Test ID:	1.3.6.1.4.1.25623.1.1.12.2023.6117.1
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-6117-1)
Summary:	The remote host is missing an update for the 'batik' package(s) announced via the USN-6117-1 advisory.
Description:	Summary: The remote host is missing an update for the 'batik' package(s) announced via the USN-6117-1 advisory. Vulnerability Insight: It was discovered that Apache Batik incorrectly handled certain inputs. An attacker could possibly use this to perform a cross site request forgery attack. (CVE-2019-17566, CVE-2020-11987, CVE-2022-38398, CVE-2022-38648) It was discovered that Apache Batik incorrectly handled Jar URLs in some situations. A remote attacker could use this issue to access files on the server. (CVE-2022-40146) It was discovered that Apache Batik allowed running untrusted Java code from an SVG. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2022-41704, CVE-2022-42890) Affected Software/OS: 'batik' package(s) on Ubuntu 14.04, Ubuntu 16.04, Ubuntu 18.04, Ubuntu 20.04, Ubuntu 22.04, Ubuntu 22.10. Solution: Please install the updated package(s). CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2019-17566 https://security.gentoo.org/glsa/202401-11 https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuApr2021.html https://www.oracle.com/security-alerts/cpujan2021.html https://www.oracle.com/security-alerts/cpujan2022.html https://www.oracle.com/security-alerts/cpujul2022.html https://www.oracle.com/security-alerts/cpuoct2021.html https://xmlgraphics.apache.org/security.html https://lists.apache.org/thread.html/rab94fe68b180d2e2fba97abf6fe1ec83cff826be25f86cd90f047171@%3Ccommits.myfaces.apache.org%3E https://lists.apache.org/thread.html/rcab14a9ec91aa4c151e0729966282920423eff50a22759fd21db6509@%3Ccommits.myfaces.apache.org%3E Common Vulnerability Exposure (CVE) ID: CVE-2020-11987 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEDID4DAVPECE6O4QQCSIS75BLLBUUAM/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W7EAYO5XIHD6OIEA3HPK64UDDBSLNAC5/ https://lists.debian.org/debian-lts-announce/2023/10/msg00021.html https://lists.apache.org/thread.html/r588d05a0790b40a0eb81088252e1e8c1efb99706631421f17038eb05@%3Cdev.poi.apache.org%3E https://lists.apache.org/thread.html/r2877ae10e8be56a3c52d03e373512ddd32f16b863f24c2e22f5a5ba2@%3Cdev.poi.apache.org%3E Common Vulnerability Exposure (CVE) ID: CVE-2022-38398 https://lists.apache.org/thread/712c9xwtmyghyokzrm2ml6sps4xlmbsx Common Vulnerability Exposure (CVE) ID: CVE-2022-38648 https://lists.apache.org/thread/gfsktxvj7jtwyovmhhbrw0bs13wfjd7b Common Vulnerability Exposure (CVE) ID: CVE-2022-40146 https://lists.apache.org/thread/hxtddqjty2sbs12y97c8g7xfh17jzxsx Common Vulnerability Exposure (CVE) ID: CVE-2022-41704 Debian Security Information: DSA-5264 (Google Search) https://www.debian.org/security/2022/dsa-5264 https://lists.apache.org/thread/hplhx0o74jb7blj39fm4kw3otcnjd6xf https://lists.debian.org/debian-lts-announce/2022/10/msg00038.html http://www.openwall.com/lists/oss-security/2022/10/25/2 Common Vulnerability Exposure (CVE) ID: CVE-2022-42890 https://lists.apache.org/thread/pkvhy0nsj1h1mlon008wtzhosbtxjwly http://www.openwall.com/lists/oss-security/2022/10/25/3
Copyright	Copyright (C) 2023 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.