============================================================================ Ubuntu Security Notice USN-2551-1 March 30, 2015 jakarta-taglibs-standard vulnerability ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.10 - Ubuntu 14.04 LTS Summary: Apache Standard Taglibs loaded external XML entities. Software Description: - jakarta-taglibs-standard: Implementation of JSP Standard Tag Library (JSTL) Details: David Jorm discovered that the Apache Standard Taglibs incorrectly handled external XML entities. A remote attacker could possibly use this issue to execute arbitrary code or perform other external XML entity attacks. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.10: libjakarta-taglibs-standard-java 1.1.2-2ubuntu1.14.10.1 libjstl1.1-java 1.1.2-2ubuntu1.14.10.1 Ubuntu 14.04 LTS: libjakarta-taglibs-standard-java 1.1.2-2ubuntu1.14.04.1 libjstl1.1-java 1.1.2-2ubuntu1.14.04.1 In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-2551-1 CVE-2015-0254 Package Information: https://launchpad.net/ubuntu/+source/jakarta-taglibs-standard/1.1.2-2ubuntu1.14.10.1 https://launchpad.net/ubuntu/+source/jakarta-taglibs-standard/1.1.2-2ubuntu1.14.04.1