The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Apache Batik: information disclosure via AbstractDocument

Synthesis of the vulnerability 

An attacker can bypass access restrictions to data via AbstractDocument of Apache Batik, in order to obtain sensitive information.
Impacted systems: Debian, Fedora, Oracle Communications, Oracle DB, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle Internet Directory, Tuxedo, Oracle Virtual Directory, WebLogic, Ubuntu.
Severity of this alert: 2/4.
Creation date: 28/05/2018.
Références of this alert: cpuapr2019, cpujan2019, cpujul2018, cpujul2019, cpujul2020, cpuoct2018, CVE-2018-8013, DLA-1385-1, DSA-4215-1, FEDORA-2018-168af81706, FEDORA-2018-79792e0c64, USN-3661-1, VIGILANCE-VUL-26231.

Description of the vulnerability 

An attacker can bypass access restrictions to data via AbstractDocument of Apache Batik, in order to obtain sensitive information.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This security note impacts software or systems such as Debian, Fedora, Oracle Communications, Oracle DB, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle Internet Directory, Tuxedo, Oracle Virtual Directory, WebLogic, Ubuntu.

Our Vigil@nce team determined that the severity of this threat announce is medium.

The trust level is of type confirmed by the editor, with an origin of document.

An attacker with a expert ability can exploit this computer weakness announce.

Solutions for this threat 

Debian 7: new batik packages.
New packages are available:
  Debian 7: batik 1.7+dfsg-3+deb7u3

Debian 8/9: new batik packages.
New packages are available:
  Debian 8: batik 1.7+dfsg-5+deb8u1
  Debian 9: batik 1.8-4+deb9u1

Fedora: new batik packages.
New packages are available:
  Fedora 27: batik 1.10-1.fc27
  Fedora 28: batik 1.10-1.fc28

Oracle Communications: CPU of January 2019.
A Critical Patch Update is available:
  https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

Oracle Communications: CPU of July 2019.
A Critical Patch Update is available:
  https://support.oracle.com/rs?type=doc&id=2559239.1
  https://support.oracle.com/rs?type=doc&id=2563691.1
  https://support.oracle.com/rs?type=doc&id=2559240.1
  https://support.oracle.com/rs?type=doc&id=2559722.1
  https://support.oracle.com/rs?type=doc&id=2559225.1
  https://support.oracle.com/rs?type=doc&id=2559721.1
  https://support.oracle.com/rs?type=doc&id=2559256.1
  https://support.oracle.com/rs?type=doc&id=2559242.1
  https://support.oracle.com/rs?type=doc&id=2559243.1
  https://support.oracle.com/rs?type=doc&id=2559648.1

Oracle Communications: CPU of Octobre 2018.
A Critical Patch Update is available:
  https://support.oracle.com/rs?type=doc&id=2451363.1
  https://support.oracle.com/rs?type=doc&id=2450339.1
  https://support.oracle.com/rs?type=doc&id=2450354.1
  https://support.oracle.com/rs?type=doc&id=2450340.1
  https://support.oracle.com/rs?type=doc&id=2452772.1
  https://support.oracle.com/rs?type=doc&id=2451007.1

Oracle Database: CPU of July 2020.
A Critical Patch Update is available:
  https://support.oracle.com/rs?type=doc&id=2664876.1

Oracle Fusion Middleware: CPU of April 2019.
A Critical Patch Update is available:
  https://support.oracle.com/rs?type=doc&id=2498664.1

Oracle Fusion Middleware: CPU of July 2018.
A Critical Patch Update is available:
  https://support.oracle.com/rs?type=doc&id=2394520.1

Oracle Fusion Middleware: CPU of July 2019.
A Critical Patch Update is available:
  https://support.oracle.com/rs?type=doc&id=2534806.1

Oracle Fusion Middleware: CPU of Octobre 2018.
A Critical Patch Update is available:
  https://support.oracle.com/rs?type=doc&id=2433477.1

Ubuntu 14.04: new libbatik-java packages.
New packages are available:
  Ubuntu 14.04 LTS: libbatik-java 1.7.ubuntu-8ubuntu2.14.04.3
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides networks vulnerabilities patches. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.