[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1254-1] lucene-solr security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : lucene-solr
Version        : 3.6.0+dfsg-1+deb7u3
CVE ID         : CVE-2017-12629

Michael Stepankin and Olga Barinova discovered a remote code execution
vulnerability in Apache Solr by exploiting XML External Entity
processing (XXE) in conjunction with use of a Config API add-listener
command to reach the RunExecutableListener class. To resolve this
issue the RunExecutableListener class has been removed and resolving
of external entities in the CoreParser class disallowed.

For Debian 7 "Wheezy", these problems have been fixed in version
3.6.0+dfsg-1+deb7u3.

We recommend that you upgrade your lucene-solr packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlplB1xfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeSN0xAAh0RivYpA/34wrameZer/gs82HZrnGescz+Nk5SsN+g0g3X6be5RO4FFe
FLyU5W4hUx+LCZv2RTj5ZdUGOzfZbbfUuqX+rsnssJXCNCQ7upree9AD7hyqMJfh
9R1HZsGXTU39FZmbLJikOUf4NLvFynzqkzGi4J2CarOCMd5jYqU6aIMFoNscinuz
oREXevAYnxTE3MTgA368y5RfsdtK1+AYvl8hdAFBhDDlHFv/645Tt5w37d6RA25n
err2NyURrQuqMR0jxXMYI7IEnXKlX2uI+2lXnhKB9xKc2iHLjBgWaouGqulTuATP
ydQxNjh+C7CUFVqOx9x8ZA87QeWCBBSkaQTdk5bGdd6dFjG+eTfQd09/057TI3V2
F82m6FwfAXDetZgB30iA4/00NR/uvLesT/il+VYtTYpsezhf1SOmaLWrk63WYqSr
raSTMSsie4nupKQtsKhPlRrNpcER3OGrZdIWT3uTcuhyaK1UPV90y35ZyT3RRXVO
DBDztpqquZ5slTwmwfQ9i4Luixkqvkavu5SAIqfi0P8a4O+uP7JugLoqVC2YrNSs
U5JIEEaO8FhI1p/NGodnfDf4FRwF256BtfZEYpo7URBS0TZrC4wdWq1nTt2PoGnl
dcHGZPllioybC7aCJa8yv4ieEvigVsmnbRM4rDY8UColTa3k00M=
=DF07
-----END PGP SIGNATURE-----


Reply to: