Amazon Linux 2 Security Advisory: ALAS-2025-2801
Advisory Release Date: 2025-03-13 01:30 Pacific
Advisory Updated Date: 2025-03-25 16:12 Pacific
Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16.
On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even information disclosure. Users are recommended to upgrade to version 1.17 or later. (CVE-2022-44729)
Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16.
A malicious SVG can probe user profile / data and send it directly as parameter to a URL. (CVE-2022-44730)
Affected Packages:
batik
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update batik to update your system.
noarch:
batik-1.8-0.12.svn1230816.amzn2.0.2.noarch
batik-squiggle-1.8-0.12.svn1230816.amzn2.0.2.noarch
batik-svgpp-1.8-0.12.svn1230816.amzn2.0.2.noarch
batik-ttf2svg-1.8-0.12.svn1230816.amzn2.0.2.noarch
batik-rasterizer-1.8-0.12.svn1230816.amzn2.0.2.noarch
batik-slideshow-1.8-0.12.svn1230816.amzn2.0.2.noarch
batik-javadoc-1.8-0.12.svn1230816.amzn2.0.2.noarch
batik-demo-1.8-0.12.svn1230816.amzn2.0.2.noarch
src:
batik-1.8-0.12.svn1230816.amzn2.0.2.src