CVE 2018-8013
In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization.
Related bugs and status
CVE-2018-8013 (Candidate) is related to these bugs:
Bug #1814133: update to openjdk 11 in 18.04 LTS
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1814133 | update to openjdk 11 in 18.04 LTS | saaj (Ubuntu) | Undecided | Invalid | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | ca-certificates-java (Ubuntu) | Undecided | Invalid | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | jaxws-api (Ubuntu) | Undecided | Invalid | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | jws-api (Ubuntu) | Undecided | Invalid | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | metro-policy (Ubuntu) | Undecided | Invalid | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | maven-debian-helper (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | testng (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | plexus-languages (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | libcommons-lang3-java (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | dd-plist (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | clojure1.8 (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | gradle (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | jtreg (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | maven-compiler-plugin (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | surefire (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | gradle-debian-helper (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | groovy (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | jasperreports (Ubuntu) | Undecided | Invalid | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | octave (Ubuntu) | Undecided | Invalid | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | gettext (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | insubstantial (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | java-common (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | javatools (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | jnr-posix (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | jruby (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | jython (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | libgpars-groovy-java (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | logback (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | maven-javadoc-plugin (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | openjdk-lts (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | openjfx (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | scala (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | openjdk-11-jre-dcevm (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | jameica-util (Ubuntu) | Undecided | Invalid | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | libreoffice (Ubuntu) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | libreoffice-l10n (Ubuntu) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | gatk-native-bindings (Ubuntu) | Undecided | Invalid | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | gkl (Ubuntu) | Undecided | Invalid | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | htsjdk (Ubuntu) | Undecided | Invalid | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | jameica (Ubuntu) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | jameica-datasource (Ubuntu) | Undecided | Invalid | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | maven-bundle-plugin (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | maven-enforcer (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | maven-plugin-tools (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | maven-jaxb2-plugin (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | jruby-openssl (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | visualvm (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | libjogl2-java (Ubuntu) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | fonts-liberation2 (Ubuntu) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | libjavaewah-java (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | scilab (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | gluegen2 (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | ecj (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | activemq (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | afterburner.fx (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | annotation-indexer (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | apache-directory-server (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | aspectj (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | aspectj-maven-plugin (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | batik (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | bindex (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | bridge-method-injector (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | carrotsearch-hppc (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | commons-httpclient (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | eclipselink (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | elki (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | clojure (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | figtree (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | fontawesomefx (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | hikaricp (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | hsqldb (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | hsqldb1.8.0 (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | jabref (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | jackson-core (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | jackson-databind (Ubuntu Bionic) | Undecided | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
