========================================================================== Ubuntu Security Notice USN-7283-1 February 21, 2025
lucene-solr vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Apache Solr could be made to execute arbitrary code if it received
specially crafted input.
Software Description:
- lucene-solr: Full-text search engine library for Java
Details:
It was discovered that the Apache Solr DataImportHandler module incorrectly
handled certain request parameters in a default configuration. A remote
attacker could possibly use this issue to execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS
liblucene3-contrib-java 3.6.2+dfsg-18~18.04.1~esm2
Available with Ubuntu Pro
liblucene3-java 3.6.2+dfsg-18~18.04.1~esm2
Available with Ubuntu Pro
libsolr-java 3.6.2+dfsg-18~18.04.1~esm2
Available with Ubuntu Pro
Ubuntu 16.04 LTS
liblucene3-contrib-java 3.6.2+dfsg-8ubuntu0.1+esm1
Available with Ubuntu Pro
liblucene3-java 3.6.2+dfsg-8ubuntu0.1+esm1
Available with Ubuntu Pro
libsolr-java 3.6.2+dfsg-8ubuntu0.1+esm1
Available with Ubuntu Pro
Ubuntu 14.04 LTS
liblucene3-contrib-java 3.6.2+dfsg-2ubuntu0.1~esm4
Available with Ubuntu Pro
liblucene3-java 3.6.2+dfsg-2ubuntu0.1~esm4
Available with Ubuntu Pro
libsolr-java 3.6.2+dfsg-2ubuntu0.1~esm4
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7283-1
CVE-2019-0193
OpenPGP_signature.asc
Description: OpenPGP digital signature
