drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Preisgabe von Informationen in lucene-solr
| Name: |
Preisgabe von Informationen in lucene-solr |
|
| ID: |
DSA-4194-1 |
|
| Distribution: |
Debian |
|
| Plattformen: |
Debian jessie, Debian stretch |
|
| Datum: |
So, 6. Mai 2018, 22:00 |
|
| Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1308 |
|
| Applikationen: |
Apache Solr |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4194-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
May 06, 2018 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : lucene-solr
CVE ID : CVE-2018-1308
An XML external entity expansion vulnerability was discovered in the
DataImportHandler of Solr, a search server based on Lucene, which could
result in information disclosure.
For the oldstable distribution (jessie), this problem has been fixed
in version 3.6.2+dfsg-5+deb8u2.
For the stable distribution (stretch), this problem has been fixed in
version 3.6.2+dfsg-10+deb9u2.
We recommend that you upgrade your lucene-solr packages.
For the detailed security status of lucene-solr please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/lucene-solr
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlrvPkMACgkQEMKTtsN8
TjZLxQ/+KktDJPpsG5DxRvVka3pECHzGnI1ZkI6Ln/kCwo55DNON9gLHCP1Ga/Fg
WQd7/k2LsNYqUfzdu9wa98hS2BeRhPm13fOrUC0HdM7VE4GUh05xboTYlfsABTgz
srJM6OTCurXDiYbWUxrGvn/06/Eh/QuwsvGoOQ1H2UvNSd5TJwOmkK+3oGtxWiL2
kgwN6el1fgBaA6mRLN2YkTgvkUmmYjbHww1EW4AYVpp+EJgrumXA3k3234jA8mNh
lzmiGKWyVJs6JngCT3ZYVu4BXf0X2mn/sagVaXZ+UJws67FR9qUGM9HTjjkl4htp
groN0CXaQ1tni91FDHyfvMvgkuM2YrgIV867ziz5J0gzzV0MYc6b6bK5i9rdUHbB
YodB59wzE8uky69Zs6WA7j2f0k1z250jzAUEhj+MgYG+rVycF9vfOvVbsO3umkjA
sT7pjzktzd1iZ5keVuDBJQEREEA+ZetzEj+ZBrW5o0wTibf0pJSZ4JAtC8hBiO3S
UGtWTl428lAZK7zPyxMkZAGh1EmvyYf5dNJTjZE/UY8UlhPybnMfzdlREOkLIS96
x0VIIetmXrw0FVUXZsDdMsnbikHbMe5999w3Fd5vo/xlBEriksaqBcWUd8oTHw5a
1FuiJPU64/Ulyo2Y2ZbA27O7zbJAC2LRIacSlLUz4mQAxxKfhjM=
=tbeu
-----END PGP SIGNATURE-----
|
|
|
|
