- Issued:
- 2017-12-12
- Updated:
- 2017-12-12
RHSA-2017:3452 - Moderate: rh-java-common-lucene5 security update
Synopsis
Moderate: rh-java-common-lucene5 security update
Type/Severity
Security Advisory Moderate
Topic
An update for rh-java-common-lucene5 is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Apache Lucene is a high-performance, full-featured text search engine library written entirely in Java. It is a technology suitable for nearly any application that requires full-text search, especially cross-platform.
Security Fix(es):
- It was discovered that Lucene's XML query parser did not properly restrict doctype declaration and expansion of external entities. An attacker with access to an application using a Lucene XML query parser could exploit this flaw to perform XML eXternal Entity (XXE) attacks. (CVE-2017-12629)
For more information regarding CVE-2017-12629, see the article linked in the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat Software Collections (for RHEL Workstation) | 1 | x86_64 |
| Red Hat Software Collections (for RHEL Workstation) | 1 | x86_64 |
| Red Hat Software Collections (for RHEL Server) | 1 | x86_64 |
| Red Hat Software Collections (for RHEL Server) | 1 | x86_64 |
| Red Hat Software Collections (for RHEL Server) | 1 | x86_64 |
| Red Hat Software Collections (for RHEL Server) | 1 | x86_64 |
| Red Hat Software Collections (for RHEL Server) | 1 | x86_64 |
| Red Hat Software Collections (for RHEL Server) | 1 | x86_64 |
| Red Hat Software Collections (for RHEL Server) | 1 | x86_64 |
| Red Hat Software Collections (for RHEL Server) | 1 | x86_64 |
Updated Packages
- rh-java-common-lucene5-codecs-5.4.1-2.4.el7.noarch.rpm
- rh-java-common-lucene5-facet-5.4.1-2.4.el6.noarch.rpm
- rh-java-common-lucene5-memory-5.4.1-2.4.el7.noarch.rpm
- rh-java-common-lucene5-analysis-5.4.1-2.4.el6.noarch.rpm
- rh-java-common-lucene5-replicator-5.4.1-2.4.el6.noarch.rpm
- rh-java-common-lucene5-analyzers-smartcn-5.4.1-2.4.el6.noarch.rpm
- rh-java-common-lucene5-backward-codecs-5.4.1-2.4.el7.noarch.rpm
- rh-java-common-lucene5-facet-5.4.1-2.4.el7.noarch.rpm
- rh-java-common-lucene5-memory-5.4.1-2.4.el6.noarch.rpm
- rh-java-common-lucene5-queries-5.4.1-2.4.el6.noarch.rpm
- rh-java-common-lucene5-queryparser-5.4.1-2.4.el6.noarch.rpm
- rh-java-common-lucene5-highlighter-5.4.1-2.4.el7.noarch.rpm
- rh-java-common-lucene5-highlighter-5.4.1-2.4.el6.noarch.rpm
- rh-java-common-lucene5-javadoc-5.4.1-2.4.el7.noarch.rpm
- rh-java-common-lucene5-queries-5.4.1-2.4.el7.noarch.rpm
- rh-java-common-lucene5-grouping-5.4.1-2.4.el7.noarch.rpm
- rh-java-common-lucene5-classification-5.4.1-2.4.el6.noarch.rpm
- rh-java-common-lucene5-misc-5.4.1-2.4.el6.noarch.rpm
- rh-java-common-lucene5-queryparser-5.4.1-2.4.el7.noarch.rpm
- rh-java-common-lucene5-analyzers-smartcn-5.4.1-2.4.el7.noarch.rpm
- rh-java-common-lucene5-suggest-5.4.1-2.4.el6.noarch.rpm
- rh-java-common-lucene5-grouping-5.4.1-2.4.el6.noarch.rpm
- rh-java-common-lucene5-join-5.4.1-2.4.el6.noarch.rpm
- rh-java-common-lucene5-sandbox-5.4.1-2.4.el7.noarch.rpm
- rh-java-common-lucene5-classification-5.4.1-2.4.el7.noarch.rpm
- rh-java-common-lucene5-5.4.1-2.4.el7.src.rpm
- rh-java-common-lucene5-solr-grandparent-5.4.1-2.4.el7.noarch.rpm
- rh-java-common-lucene5-backward-codecs-5.4.1-2.4.el6.noarch.rpm
- rh-java-common-lucene5-replicator-5.4.1-2.4.el7.noarch.rpm
- rh-java-common-lucene5-5.4.1-2.4.el6.noarch.rpm
- rh-java-common-lucene5-javadoc-5.4.1-2.4.el6.noarch.rpm
- rh-java-common-lucene5-join-5.4.1-2.4.el7.noarch.rpm
- rh-java-common-lucene5-5.4.1-2.4.el6.src.rpm
- rh-java-common-lucene5-sandbox-5.4.1-2.4.el6.noarch.rpm
- rh-java-common-lucene5-codecs-5.4.1-2.4.el6.noarch.rpm
- rh-java-common-lucene5-suggest-5.4.1-2.4.el7.noarch.rpm
- rh-java-common-lucene5-parent-5.4.1-2.4.el7.noarch.rpm
- rh-java-common-lucene5-5.4.1-2.4.el7.noarch.rpm
- rh-java-common-lucene5-analysis-5.4.1-2.4.el7.noarch.rpm
- rh-java-common-lucene5-misc-5.4.1-2.4.el7.noarch.rpm
- rh-java-common-lucene5-parent-5.4.1-2.4.el6.noarch.rpm
- rh-java-common-lucene5-solr-grandparent-5.4.1-2.4.el6.noarch.rpm
Fixes
CVEs
References
- https://access.redhat.com/security/updates/classification/#moderate
- This content is not included.This content is not included.https://access.redhat.com/security/vulnerabilities/CVE-2017-12629
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.