Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

Ubuntu 16.04 LTS: USN-4259-1 Critical: Apache Solr XXE Attack

ubuntu
Calendar Grey January 29, 2020
Dist Ubuntu Esm H88
A critical Apache Solr flaw in Ubuntu permits remote code execution through specially designed network packets. Follow the guidelines for updating.
Apache Solr could be made to run programs if it received specially crafted network traffic.

Summary

Apache Solr could be made to run programs if it received

specially crafted network traffic.

Software Description:

- lucene-solr: Full-text search engine library for Java - additional libraries

Details:

Michael Stepankin and Olga Barinova discovered that Apache Solr was

vulnerable to an XXE attack. An attacker could use this vulnerability to

remotely execute code.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
  liblucene3-contrib-java         3.6.2+dfsg-8ubuntu0.1
  liblucene3-java                 3.6.2+dfsg-8ubuntu0.1
  libsolr-java                    3.6.2+dfsg-8ubuntu0.1
  solr-common                     3.6.2+dfsg-8ubuntu0.1
  solr-jetty                      3.6.2+dfsg-8ubuntu0.1
  solr-tomcat                     3.6.2+dfsg-8ubuntu0.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4259-1

CVE-2017-12629

Severity
critical
Lowest
Low
Medium
High
Critical

January 29, 2020

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here