- Issued:
- 2017-12-12
- Updated:
- 2017-12-12
RHSA-2017:3451 - Moderate: rh-java-common-lucene security update
Synopsis
Moderate: rh-java-common-lucene security update
Type/Severity
Security Advisory Moderate
Topic
An update for rh-java-common-lucene is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Apache Lucene is a high-performance, full-featured text search engine library written entirely in Java. It is a technology suitable for nearly any application that requires full-text search, especially cross-platform.
Security Fix(es):
- It was discovered that Lucene's XML query parser did not properly restrict doctype declaration and expansion of external entities. An attacker with access to an application using a Lucene XML query parser could exploit this flaw to perform XML eXternal Entity (XXE) attacks. (CVE-2017-12629)
For more information regarding CVE-2017-12629, see the article linked in the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat Software Collections (for RHEL Workstation) | 1 | x86_64 |
| Red Hat Software Collections (for RHEL Workstation) | 1 | x86_64 |
| Red Hat Software Collections (for RHEL Server) | 1 | x86_64 |
| Red Hat Software Collections (for RHEL Server) | 1 | x86_64 |
| Red Hat Software Collections (for RHEL Server) | 1 | x86_64 |
| Red Hat Software Collections (for RHEL Server) | 1 | x86_64 |
| Red Hat Software Collections (for RHEL Server) | 1 | x86_64 |
| Red Hat Software Collections (for RHEL Server) | 1 | x86_64 |
| Red Hat Software Collections (for RHEL Server) | 1 | x86_64 |
| Red Hat Software Collections (for RHEL Server) | 1 | x86_64 |
Updated Packages
- rh-java-common-lucene-codecs-4.8.0-6.9.el6.noarch.rpm
- rh-java-common-lucene-analyzers-stempel-4.8.0-6.9.el6.noarch.rpm
- rh-java-common-lucene-facet-4.8.0-6.9.el7.noarch.rpm
- rh-java-common-lucene-sandbox-4.8.0-6.9.el6.noarch.rpm
- rh-java-common-lucene-solr-grandparent-4.8.0-6.9.el6.noarch.rpm
- rh-java-common-lucene-suggest-4.8.0-6.9.el6.noarch.rpm
- rh-java-common-lucene-analyzers-phonetic-4.8.0-6.9.el6.noarch.rpm
- rh-java-common-lucene-classification-4.8.0-6.9.el7.noarch.rpm
- rh-java-common-lucene-analyzers-stempel-4.8.0-6.9.el7.noarch.rpm
- rh-java-common-lucene-highlighter-4.8.0-6.9.el7.noarch.rpm
- rh-java-common-lucene-misc-4.8.0-6.9.el6.noarch.rpm
- rh-java-common-lucene-analyzers-phonetic-4.8.0-6.9.el7.noarch.rpm
- rh-java-common-lucene-replicator-4.8.0-6.9.el7.noarch.rpm
- rh-java-common-lucene-analyzers-smartcn-4.8.0-6.9.el7.noarch.rpm
- rh-java-common-lucene-suggest-4.8.0-6.9.el7.noarch.rpm
- rh-java-common-lucene-analysis-4.8.0-6.9.el6.noarch.rpm
- rh-java-common-lucene-queries-4.8.0-6.9.el7.noarch.rpm
- rh-java-common-lucene-parent-4.8.0-6.9.el6.noarch.rpm
- rh-java-common-lucene-sandbox-4.8.0-6.9.el7.noarch.rpm
- rh-java-common-lucene-4.8.0-6.9.el6.noarch.rpm
- rh-java-common-lucene-facet-4.8.0-6.9.el6.noarch.rpm
- rh-java-common-lucene-highlighter-4.8.0-6.9.el6.noarch.rpm
- rh-java-common-lucene-analysis-4.8.0-6.9.el7.noarch.rpm
- rh-java-common-lucene-classification-4.8.0-6.9.el6.noarch.rpm
- rh-java-common-lucene-memory-4.8.0-6.9.el6.noarch.rpm
- rh-java-common-lucene-javadoc-4.8.0-6.9.el7.noarch.rpm
- rh-java-common-lucene-analyzers-smartcn-4.8.0-6.9.el6.noarch.rpm
- rh-java-common-lucene-grouping-4.8.0-6.9.el6.noarch.rpm
- rh-java-common-lucene-javadoc-4.8.0-6.9.el6.noarch.rpm
- rh-java-common-lucene-parent-4.8.0-6.9.el7.noarch.rpm
- rh-java-common-lucene-solr-grandparent-4.8.0-6.9.el7.noarch.rpm
- rh-java-common-lucene-queryparser-4.8.0-6.9.el7.noarch.rpm
- rh-java-common-lucene-misc-4.8.0-6.9.el7.noarch.rpm
- rh-java-common-lucene-join-4.8.0-6.9.el6.noarch.rpm
- rh-java-common-lucene-codecs-4.8.0-6.9.el7.noarch.rpm
- rh-java-common-lucene-join-4.8.0-6.9.el7.noarch.rpm
- rh-java-common-lucene-4.8.0-6.9.el7.noarch.rpm
- rh-java-common-lucene-queryparser-4.8.0-6.9.el6.noarch.rpm
- rh-java-common-lucene-replicator-4.8.0-6.9.el6.noarch.rpm
- rh-java-common-lucene-4.8.0-6.9.el6.src.rpm
- rh-java-common-lucene-4.8.0-6.9.el7.src.rpm
- rh-java-common-lucene-grouping-4.8.0-6.9.el7.noarch.rpm
- rh-java-common-lucene-queries-4.8.0-6.9.el6.noarch.rpm
- rh-java-common-lucene-memory-4.8.0-6.9.el7.noarch.rpm
Fixes
CVEs
References
- https://access.redhat.com/security/updates/classification/#moderate
- This content is not included.This content is not included.https://access.redhat.com/security/vulnerabilities/CVE-2017-12629
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.