|
|
Log in / Subscribe / Register

Ubuntu alert USN-7283-1 (lucene-solr)



From:
              Nico Campuzano <nicolas.campuzano@canonical.com>


To:
              ubuntu-security-announce@lists.ubuntu.com


Subject:
              [USN-7283-1] Apache Solr vulnerability


Date:
              Thu, 20 Feb 2025 19:48:22 -0500


Message-ID:
              <5f831a54-b6b3-45b5-b0f5-448f8f10e271@canonical.com>


==========================================================================
Ubuntu Security Notice USN-7283-1
February 21, 2025

lucene-solr vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Apache Solr could be made to execute arbitrary code if it received
specially crafted input.

Software Description:
- lucene-solr: Full-text search engine library for Java

Details:

It was discovered that the Apache Solr DataImportHandler module incorrectly
handled certain request parameters in a default configuration. A remote
attacker could possibly use this issue to execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS
   liblucene3-contrib-java         3.6.2+dfsg-18~18.04.1~esm2
                                   Available with Ubuntu Pro
   liblucene3-java                 3.6.2+dfsg-18~18.04.1~esm2
                                   Available with Ubuntu Pro
   libsolr-java                    3.6.2+dfsg-18~18.04.1~esm2
                                   Available with Ubuntu Pro

Ubuntu 16.04 LTS
   liblucene3-contrib-java         3.6.2+dfsg-8ubuntu0.1+esm1
                                   Available with Ubuntu Pro
   liblucene3-java                 3.6.2+dfsg-8ubuntu0.1+esm1
                                   Available with Ubuntu Pro
   libsolr-java                    3.6.2+dfsg-8ubuntu0.1+esm1
                                   Available with Ubuntu Pro

Ubuntu 14.04 LTS
   liblucene3-contrib-java         3.6.2+dfsg-2ubuntu0.1~esm4
                                   Available with Ubuntu Pro
   liblucene3-java                 3.6.2+dfsg-2ubuntu0.1~esm4
                                   Available with Ubuntu Pro
   libsolr-java                    3.6.2+dfsg-2ubuntu0.1~esm4
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-7283-1
   CVE-2019-0193





Attachment: None (type=text/html)

(HTML attachment elided)



Attachment: OpenPGP_signature.asc (type=application/pgp-signature)

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEEKl1CaPno2Qy4/AU8lFzKVeTWQe4FAme3zVYFAwAAAAAACgkQlFzKVeTWQe65
RA/8Czm9/J9pG7CgqVZSsVPvX3SPn2soJyl3v3W7hwHkroRz5YLsCvCdCipt6X1T8fnjGLfFeCua
CjNfw9It3cRuxrs7bIPgeDcUPxyufSGFoBQnyUmkv15ZarAUmJv8HLsVXV9tmRAoMrEszEpG4Gy+
+dwJP9weHXpIxziqjauqrDQgifN2qYcQ9UXZjfBN7D7z3WY4sOgb/apJOj9FOC+bG2uTozEXg/ye
T4zHqWGbvDYNBnjjP/vYegjLtOWhG6d7R2TMZ9O8bRmTDrZu8lOEqKUUD8LE82dX9k4zTvCZNL4/
3AHOabP5Q7shukEa2ZI27f/TiZgFIA+7pDN09HYZqH+GWjccCMpWxVsHnhScsqybDOniodSRr8L0
//czpHK01X54GuX+ahHbpGOyJ5hnfSijpMaRGdFYq6v5fFQy5iPeti4NIstaqn0Cxr39S8Q5YIEk
w5tG7ZsCIyMSClq/w2vw32zJoZP7Ww+5HDPVxlo5jktAOC1kBEMqsGM5eIr7VJ+OihMOK60H4faN
yuatQO9XQppjBlGhi4zdvOdUR1CmhQL9Z1U46vcJHbzvZ4ERK13gWtO0Bgsg+kf/oiRBFC1x5kwR
mYqtPFR4ZJxO3wmK4jnYPEowxUnQw6WQBLMXLPhBaFE2Dy3Z3LwUHnPy5xYtL1/eNCcuMtiPTVg5
DJs=
=y9vA
-----END PGP SIGNATURE-----




Attachment: None (type=text/plain)
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds