Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 573
Alerts This Week
Warning Icon 1 573

Ubuntu 14.10 & 14.04: 2551-1 Critical Jakarta Taglibs Remote Code Execution

ubuntu
Calendar Grey March 30, 2015
Dist Ubuntu Esm H88
A critical Jakarta Taglibs vulnerability may let attackers exploit web apps and access sensitive data. Update your systems now to stay secure
Apache Standard Taglibs loaded external XML entities.

Summary

Apache Standard Taglibs loaded external XML entities.

Software Description:

- jakarta-taglibs-standard: Implementation of JSP Standard Tag Library (JSTL)

Details:

David Jorm discovered that the Apache Standard Taglibs incorrectly handled

external XML entities. A remote attacker could possibly use this issue to

execute arbitrary code or perform other external XML entity attacks.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.10:
  libjakarta-taglibs-standard-java  1.1.2-2ubuntu1.14.10.1
  libjstl1.1-java                 1.1.2-2ubuntu1.14.10.1

Ubuntu 14.04 LTS:
  libjakarta-taglibs-standard-java  1.1.2-2ubuntu1.14.04.1
  libjstl1.1-java                 1.1.2-2ubuntu1.14.04.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-2551-1

CVE-2015-0254

Severity
critical
Lowest
Low
Medium
High
Critical

March 30, 2015

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.