This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============6421065787174027019==
Content-Language: en-US
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature";
 boundary="------------50UyYorks2YIQlqs8cMk02uw"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------50UyYorks2YIQlqs8cMk02uw
Content-Type: multipart/mixed;
 boundary="------------zqKGdBZXGjN25VgHG6bRtttY";
 protected-headers="v1"
From: Nico Campuzano <nicolas.campuzano@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <5f831a54-b6b3-45b5-b0f5-448f8f10e271@canonical.com>
Subject: [USN-7283-1] Apache Solr vulnerability

--------------zqKGdBZXGjN25VgHG6bRtttY
Content-Type: multipart/alternative;
 boundary="------------4BfyB4pjSd3ZDHxlA2WITzaL"

--------------4BfyB4pjSd3ZDHxlA2WITzaL
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64

==========================================================================
Ubuntu Security Notice USN-7283-1
February 21, 2025

lucene-solr vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Apache Solr could be made to execute arbitrary code if it received
specially crafted input.

Software Description:
- lucene-solr: Full-text search engine library for Java

Details:

It was discovered that the Apache Solr DataImportHandler module incorrectly
handled certain request parameters in a default configuration. A remote
attacker could possibly use this issue to execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS
   liblucene3-contrib-java         3.6.2+dfsg-18~18.04.1~esm2
                                   Available with Ubuntu Pro
   liblucene3-java                 3.6.2+dfsg-18~18.04.1~esm2
                                   Available with Ubuntu Pro
   libsolr-java                    3.6.2+dfsg-18~18.04.1~esm2
                                   Available with Ubuntu Pro

Ubuntu 16.04 LTS
   liblucene3-contrib-java         3.6.2+dfsg-8ubuntu0.1+esm1
                                   Available with Ubuntu Pro
   liblucene3-java                 3.6.2+dfsg-8ubuntu0.1+esm1
                                   Available with Ubuntu Pro
   libsolr-java                    3.6.2+dfsg-8ubuntu0.1+esm1
                                   Available with Ubuntu Pro

Ubuntu 14.04 LTS
   liblucene3-contrib-java         3.6.2+dfsg-2ubuntu0.1~esm4
                                   Available with Ubuntu Pro
   liblucene3-java                 3.6.2+dfsg-2ubuntu0.1~esm4
                                   Available with Ubuntu Pro
   libsolr-java                    3.6.2+dfsg-2ubuntu0.1~esm4
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-7283-1
   CVE-2019-0193

--------------4BfyB4pjSd3ZDHxlA2WITzaL
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE html>
<html>
  <head>

    <meta http-equiv=3D"Content-Type" content=3D"text/html;
 charset=3DUTF=
-8">
  </head>
  <body>
    <p>
    </p>
    <div class=3D"moz-text-plain" wrap=3D"true"
      style=3D"font-family: -moz-fixed; font-size: 12px;"
 lang=3D"x-unico=
de">
      <pre wrap=3D""
 class=3D"moz-quote-pre">=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Ubuntu Security Notice USN-7283-1
February 21, 2025

lucene-solr vulnerability
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Apache Solr could be made to execute arbitrary code if it received
specially crafted input.

Software Description:
- lucene-solr: Full-text search engine library for Java

Details:

It was discovered that the Apache Solr DataImportHandler module incorrect=
ly
handled certain request parameters in a default configuration. A remote
attacker could possibly use this issue to execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS
  liblucene3-contrib-java         3.6.2+dfsg-18~18.04.1~esm2
                                  Available with Ubuntu Pro
  liblucene3-java                 3.6.2+dfsg-18~18.04.1~esm2
                                  Available with Ubuntu Pro
  libsolr-java                    3.6.2+dfsg-18~18.04.1~esm2
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  liblucene3-contrib-java         3.6.2+dfsg-8ubuntu0.1+esm1
                                  Available with Ubuntu Pro
  liblucene3-java                 3.6.2+dfsg-8ubuntu0.1+esm1
                                  Available with Ubuntu Pro
  libsolr-java                    3.6.2+dfsg-8ubuntu0.1+esm1
                                  Available with Ubuntu Pro

Ubuntu 14.04 LTS
  liblucene3-contrib-java         3.6.2+dfsg-2ubuntu0.1~esm4
                                  Available with Ubuntu Pro
  liblucene3-java                 3.6.2+dfsg-2ubuntu0.1~esm4
                                  Available with Ubuntu Pro
  libsolr-java                    3.6.2+dfsg-2ubuntu0.1~esm4
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.=


References:
  <a class=3D"moz-txt-link-freetext"
      href=3D"https://ubuntu.com/security/notices/USN-7283-1">https://ubu=
ntu.com/security/notices/USN-7283-1</a>
  CVE-2019-0193

</pre>
    </div>
  </body>
</html>

--------------4BfyB4pjSd3ZDHxlA2WITzaL--

--------------zqKGdBZXGjN25VgHG6bRtttY--

--------------50UyYorks2YIQlqs8cMk02uw
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature.asc"

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEEKl1CaPno2Qy4/AU8lFzKVeTWQe4FAme3zVYFAwAAAAAACgkQlFzKVeTWQe65
RA/8Czm9/J9pG7CgqVZSsVPvX3SPn2soJyl3v3W7hwHkroRz5YLsCvCdCipt6X1T8fnjGLfFeCua
CjNfw9It3cRuxrs7bIPgeDcUPxyufSGFoBQnyUmkv15ZarAUmJv8HLsVXV9tmRAoMrEszEpG4Gy+
+dwJP9weHXpIxziqjauqrDQgifN2qYcQ9UXZjfBN7D7z3WY4sOgb/apJOj9FOC+bG2uTozEXg/ye
T4zHqWGbvDYNBnjjP/vYegjLtOWhG6d7R2TMZ9O8bRmTDrZu8lOEqKUUD8LE82dX9k4zTvCZNL4/
3AHOabP5Q7shukEa2ZI27f/TiZgFIA+7pDN09HYZqH+GWjccCMpWxVsHnhScsqybDOniodSRr8L0
//czpHK01X54GuX+ahHbpGOyJ5hnfSijpMaRGdFYq6v5fFQy5iPeti4NIstaqn0Cxr39S8Q5YIEk
w5tG7ZsCIyMSClq/w2vw32zJoZP7Ww+5HDPVxlo5jktAOC1kBEMqsGM5eIr7VJ+OihMOK60H4faN
yuatQO9XQppjBlGhi4zdvOdUR1CmhQL9Z1U46vcJHbzvZ4ERK13gWtO0Bgsg+kf/oiRBFC1x5kwR
mYqtPFR4ZJxO3wmK4jnYPEowxUnQw6WQBLMXLPhBaFE2Dy3Z3LwUHnPy5xYtL1/eNCcuMtiPTVg5
DJs=
=y9vA
-----END PGP SIGNATURE-----

--------------50UyYorks2YIQlqs8cMk02uw--


--===============6421065787174027019==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

Cg==

--===============6421065787174027019==--