drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Preisgabe von Informationen in lucene-solr
Name: |
Preisgabe von Informationen in lucene-solr |
|
ID: |
DSA-4194-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian jessie, Debian stretch |
|
Datum: |
So, 6. Mai 2018, 22:00 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1308 |
|
Applikationen: |
Apache Solr |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-4194-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 06, 2018 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : lucene-solr CVE ID : CVE-2018-1308
An XML external entity expansion vulnerability was discovered in the DataImportHandler of Solr, a search server based on Lucene, which could result in information disclosure.
For the oldstable distribution (jessie), this problem has been fixed in version 3.6.2+dfsg-5+deb8u2.
For the stable distribution (stretch), this problem has been fixed in version 3.6.2+dfsg-10+deb9u2.
We recommend that you upgrade your lucene-solr packages.
For the detailed security status of lucene-solr please refer to its security tracker page at: https://security-tracker.debian.org/tracker/lucene-solr
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlrvPkMACgkQEMKTtsN8 TjZLxQ/+KktDJPpsG5DxRvVka3pECHzGnI1ZkI6Ln/kCwo55DNON9gLHCP1Ga/Fg WQd7/k2LsNYqUfzdu9wa98hS2BeRhPm13fOrUC0HdM7VE4GUh05xboTYlfsABTgz srJM6OTCurXDiYbWUxrGvn/06/Eh/QuwsvGoOQ1H2UvNSd5TJwOmkK+3oGtxWiL2 kgwN6el1fgBaA6mRLN2YkTgvkUmmYjbHww1EW4AYVpp+EJgrumXA3k3234jA8mNh lzmiGKWyVJs6JngCT3ZYVu4BXf0X2mn/sagVaXZ+UJws67FR9qUGM9HTjjkl4htp groN0CXaQ1tni91FDHyfvMvgkuM2YrgIV867ziz5J0gzzV0MYc6b6bK5i9rdUHbB YodB59wzE8uky69Zs6WA7j2f0k1z250jzAUEhj+MgYG+rVycF9vfOvVbsO3umkjA sT7pjzktzd1iZ5keVuDBJQEREEA+ZetzEj+ZBrW5o0wTibf0pJSZ4JAtC8hBiO3S UGtWTl428lAZK7zPyxMkZAGh1EmvyYf5dNJTjZE/UY8UlhPybnMfzdlREOkLIS96 x0VIIetmXrw0FVUXZsDdMsnbikHbMe5999w3Fd5vo/xlBEriksaqBcWUd8oTHw5a 1FuiJPU64/Ulyo2Y2ZbA27O7zbJAC2LRIacSlLUz4mQAxxKfhjM= =tbeu -----END PGP SIGNATURE-----
|
|
|
|