========================================================================== Ubuntu Security Notice USN-4259-1 January 29, 2020 Apache Solr vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS Summary: Apache Solr could be made to run programs if it received specially crafted network traffic. Software Description: - lucene-solr: Full-text search engine library for Java - additional libraries Details: Michael Stepankin and Olga Barinova discovered that Apache Solr was vulnerable to an XXE attack. An attacker could use this vulnerability to remotely execute code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: liblucene3-contrib-java 3.6.2+dfsg-8ubuntu0.1 liblucene3-java 3.6.2+dfsg-8ubuntu0.1 libsolr-java 3.6.2+dfsg-8ubuntu0.1 solr-common 3.6.2+dfsg-8ubuntu0.1 solr-jetty 3.6.2+dfsg-8ubuntu0.1 solr-tomcat 3.6.2+dfsg-8ubuntu0.1 In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/4259-1 CVE-2017-12629 Package Information: https://launchpad.net/ubuntu/+source/lucene-solr/3.6.2+dfsg-8ubuntu0.1