Ubuntu Security Notice 2551-1 - David Jorm discovered that the Apache Standard Taglibs incorrectly handled external XML entities. A remote attacker could possibly use this issue to execute arbitrary code or perform other external XML entity attacks.
332e147796b76007a2eee0473067381a45d06b911cef8bd6a3122da5a3ae99eb
============================================================================
Ubuntu Security Notice USN-2551-1
March 30, 2015
jakarta-taglibs-standard vulnerability
============================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.10
- Ubuntu 14.04 LTS
Summary:
Apache Standard Taglibs loaded external XML entities.
Software Description:
- jakarta-taglibs-standard: Implementation of JSP Standard Tag Library (JSTL)
Details:
David Jorm discovered that the Apache Standard Taglibs incorrectly handled
external XML entities. A remote attacker could possibly use this issue to
execute arbitrary code or perform other external XML entity attacks.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.10:
libjakarta-taglibs-standard-java 1.1.2-2ubuntu1.14.10.1
libjstl1.1-java 1.1.2-2ubuntu1.14.10.1
Ubuntu 14.04 LTS:
libjakarta-taglibs-standard-java 1.1.2-2ubuntu1.14.04.1
libjstl1.1-java 1.1.2-2ubuntu1.14.04.1
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2551-1
CVE-2015-0254
Package Information:
https://launchpad.net/ubuntu/+source/jakarta-taglibs-standard/1.1.2-2ubuntu1.14.10.1
https://launchpad.net/ubuntu/+source/jakarta-taglibs-standard/1.1.2-2ubuntu1.14.04.1