Apache Solr could be made to execute arbitrary code if it received
specially crafted input.
Software Description:
- lucene-solr: Full-text search engine library for Java
Details:
It was discovered that the Apache Solr DataImportHandler module incorrectly
handled certain request parameters in a default configuration. A remote
attacker could possibly use this issue to execute arbitrary code.
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS
liblucene3-contrib-java 3.6.2+dfsg-18~18.04.1~esm2
Available with Ubuntu Pro
liblucene3-java 3.6.2+dfsg-18~18.04.1~esm2
Available with Ubuntu Pro
libsolr-java 3.6.2+dfsg-18~18.04.1~esm2
Available with Ubuntu Pro
Ubuntu 16.04 LTS
liblucene3-contrib-java 3.6.2+dfsg-8ubuntu0.1+esm1
Available with Ubuntu Pro
liblucene3-java 3.6.2+dfsg-8ubuntu0.1+esm1
Available with Ubuntu Pro
libsolr-java 3.6.2+dfsg-8ubuntu0.1+esm1
Available with Ubuntu Pro
Ubuntu 14.04 LTS
liblucene3-contrib-java 3.6.2+dfsg-2ubuntu0.1~esm4
Available with Ubuntu Pro
liblucene3-java 3.6.2+dfsg-2ubuntu0.1~esm4
Available with Ubuntu Pro
libsolr-java 3.6.2+dfsg-2ubuntu0.1~esm4
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.https://ubuntu.com/security/notices/USN-7283-1
CVE-2019-0193
Get the latest Linux and open source security news straight to your inbox.