[SECURITY] [DLA 1360-1] lucene-solr security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1360-1] lucene-solr security update
From: Chris Lamb <lamby@debian.org>
Date: Tue, 24 Apr 2018 18:57:05 +0100
Message-id: <[🔎] 1524592625.2940182.1349318552.4ACDE9BD@webmail.messagingengine.com>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : lucene-solr
Version        : 3.6.0+dfsg-1+deb7u4
CVE ID         : CVE-2018-1308
Debian Bug     : #896604

It was discovered that there was an XML external entity expansion (XXE)
vulnerability in lucene-solr, a search engine library for Java.

It could be exploited to read arbitrary local files from the Solr server
or the internal network. For Debian 7 "Wheezy", this issue has been fixed
in lucene-solr version 3.6.0+dfsg-1+deb7u4.

We recommend that you upgrade your lucene-solr packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlrfb70ACgkQHpU+J9Qx
Hlj1ORAAtdnZ+t6ohgV3aWxH47DxwY/zdnVI/ZdU5QNuEWa1GmFyuwfdACPLnK6O
o8A0Tx4NV+QFgyuxocSWo3mgmMWLHE5KBdl8TG8weuUz2nUqbuQDV6+T30icSwlx
a324h5YlAHsyWi1S5k1/O9zeRwlRxexyCT7NJ2dYazopFhXLTo3GmRQW1Gs8Mbko
XM8DaVquYSxtAJ5uO1KfMOK5yGZCSwfGxFCMUwITUd9BV3yq9hsPwSkLc6WItyz3
T9ah7w+OORMBRANNMTwA/9h2s54NkYugm9oksghNBGtaJTqsYqH3Bqt1wwFqcTIm
qvcmz24xTH4UPdfKSHcw7AvRBqjd7HoEcKHnJ15uL3pXlAd5Q5LmSAINIedz376+
Wf4b8fou1ORHOYQuK87pNO6hh+EGfWdM5JGeFuZqNYmxRwwEeDfbvyzQR4+kKy/k
L9kdCo03nR/8GDZTvEb+rqCI+DnF4tAECNWWODsg1806fb11ukI2c2M6X3+bxZAP
EjdbyMswjWVsNVB4uNzLa4EvKcUoDH9uGJbWCwXVFyc2cCDZNZDIBiLfAXBkxGph
1GP/7SyPhcvQKQCuh3H+QyIt1tEuMhvASKScGcxkjoX2k9HKOK9WqaaY4uheY8FB
tyQtRUtpine/hRR2H6t8ZrURgttKMyIJ1yOERXeztNW4u15dvn4=
=ucBW
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1359-1] ruby1.8 security update
Next by Date: [SECURITY] [DLA 1361-1] psensor security update
Previous by thread: [SECURITY] [DLA 1359-1] ruby1.8 security update
Next by thread: [SECURITY] [DLA 1361-1] psensor security update
Index(es):
- Date
- Thread