SUSE-SU-2013:1660-1: important: Security update for jakarta-commons-fileupload

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Tue Nov 12 11:04:16 MST 2013 

   SUSE Security Update: Security update for jakarta-commons-fileupload
______________________________________________________________________________

Announcement ID:    SUSE-SU-2013:1660-1
Rating:             important
References:         #846174 
Cross-References:   CVE-2013-2186
Affected Products:
                    SUSE Linux Enterprise Server 11 SP3 for VMware
                    SUSE Linux Enterprise Server 11 SP3
                    SUSE Linux Enterprise Server 11 SP2 for VMware
                    SUSE Linux Enterprise Server 11 SP2
______________________________________________________________________________

   An update that fixes one vulnerability is now available.

Description:


   jakarta-commons-fileupload received a security fix:

   * A poison null byte flaw was found in the
   implementation of the DiskFileItem class. A remote attacker
   could able to supply a serialized instance of the
   DiskFileItem class, which would be deserialized on a
   server, could use this flaw to write arbitrary content to
   any location on the server that is permitted by the user
   running the application server process. (CVE-2013-2186)

   Security Issue reference:

   * CVE-2013-2186
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2186
   >


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 11 SP3 for VMware:

      zypper in -t patch slessp3-jakarta-commons-fileupload-8446

   - SUSE Linux Enterprise Server 11 SP3:

      zypper in -t patch slessp3-jakarta-commons-fileupload-8446

   - SUSE Linux Enterprise Server 11 SP2 for VMware:

      zypper in -t patch slessp2-jakarta-commons-fileupload-8445

   - SUSE Linux Enterprise Server 11 SP2:

      zypper in -t patch slessp2-jakarta-commons-fileupload-8445

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Server 11 SP3 for VMware (noarch):

      jakarta-commons-fileupload-1.1.1-1.35.1
      jakarta-commons-fileupload-javadoc-1.1.1-1.35.1

   - SUSE Linux Enterprise Server 11 SP3 (noarch):

      jakarta-commons-fileupload-1.1.1-1.35.1
      jakarta-commons-fileupload-javadoc-1.1.1-1.35.1

   - SUSE Linux Enterprise Server 11 SP2 for VMware (noarch):

      jakarta-commons-fileupload-1.1.1-1.35.1
      jakarta-commons-fileupload-javadoc-1.1.1-1.35.1

   - SUSE Linux Enterprise Server 11 SP2 (noarch):

      jakarta-commons-fileupload-1.1.1-1.35.1
      jakarta-commons-fileupload-javadoc-1.1.1-1.35.1


References:

   http://support.novell.com/security/cve/CVE-2013-2186.html
   https://bugzilla.novell.com/846174
   http://download.novell.com/patch/finder/?keywords=4e850046eae7d47e6c4921a6249812b8
   http://download.novell.com/patch/finder/?keywords=56b6ca4a38407b07a824c188acd7263e

More information about the sle-security-updates mailing list