1. Forum
  2. Fsxnet Message
  3. FSX BOT

  • Apache Solr vulnerability

    From bugz_ubuntu@21:4/110 to Ubuntu Users on Wednesday, January 29, 2020 16:10:07
    Apache Solr vulnerability

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 16.04 LTS

    Summary

    Apache Solr could be made to run programs if it received specially
    crafted network traffic.

    Software Description

    * lucene-solr - Full-text search engine library for Java -
    additional libraries

    Details

    Michael Stepankin and Olga Barinova discovered that Apache Solr
    was vulnerable to an XXE attack. An attacker could use this
    vulnerability to remotely execute code.

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 16.04 LTS
    liblucene3-contrib-java - 3.6.2+dfsg-8ubuntu0.1
    liblucene3-java - 3.6.2+dfsg-8ubuntu0.1
    libsolr-java - 3.6.2+dfsg-8ubuntu0.1
    solr-common - 3.6.2+dfsg-8ubuntu0.1
    solr-jetty - 3.6.2+dfsg-8ubuntu0.1
    solr-tomcat - 3.6.2+dfsg-8ubuntu0.1

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    In general, a standard system update will make all the necessary
    changes.

    References

    * CVE-2017-12629

    --- Mystic BBS v1.12 A43 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)