Debian Linux Security Advisory 4215-1 - Man Yue Mo, Lars Krapf and Pierre Ernst discovered that Batik, a toolkit for processing SVG images, did not properly validate its input. This would allow an attacker to cause a denial-of-service, mount cross-site scripting attacks, or access restricted files on the server.
2d9b39b974a5f33b1f7a930d82705a27101df4d1aae48a72b20c8eed72590be3
Red Hat Security Advisory 2018-0319-01 - Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards compliant messaging system that is tailored for use in mission critical applications. This patch is an update to Red Hat JBoss Fuse 6.3 and Red Hat JBoss A-MQ 6.3. It includes bug fixes and enhancements, which are documented in the readme.txt file included with the patch files. Multiple security issues have been addressed.
e9ca392c86cd43b73ddc249d9d75bd30c2fe2225043a4b704dc7bf442df864f0
Red Hat Security Advisory 2017-2546-01 - Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. This release of Red Hat JBoss BPM Suite 6.4.5 serves as a replacement for Red Hat JBoss BPM Suite 6.4.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Multiple security issues have been addressed.
f93c793451958d740348f9745b1ba97fbeb875988cbf60a8db15b87fc17e9809
Red Hat Security Advisory 2017-2547-01 - Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This release of Red Hat JBoss BRMS 6.4.5 serves as a replacement for Red Hat JBoss BRMS 6.4.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.
2c948ef159b1b3489ab627d5ae835bf6a411055a848f97674b6c0b4796177655
Ubuntu Security Notice 3280-1 - Lars Krapf and Pierre Ernst discovered that Apache Batik incorrectly handled XML external entities. A remote attacker could possibly use this issue to obtain sensitive files from the filesystem, or cause a denial of service.
e1e1e8865f980dc06df57b6325f1c29578143f1f4a46dd0d2421e9ca30d67d13