SUSE-SU-2013:1660-1: important: Security update for jakarta-commons-fileupload
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Tue Nov 12 11:04:16 MST 2013
SUSE Security Update: Security update for jakarta-commons-fileupload
______________________________________________________________________________
Announcement ID: SUSE-SU-2013:1660-1
Rating: important
References: #846174
Cross-References: CVE-2013-2186
Affected Products:
SUSE Linux Enterprise Server 11 SP3 for VMware
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP2 for VMware
SUSE Linux Enterprise Server 11 SP2
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
jakarta-commons-fileupload received a security fix:
* A poison null byte flaw was found in the
implementation of the DiskFileItem class. A remote attacker
could able to supply a serialized instance of the
DiskFileItem class, which would be deserialized on a
server, could use this flaw to write arbitrary content to
any location on the server that is permitted by the user
running the application server process. (CVE-2013-2186)
Security Issue reference:
* CVE-2013-2186
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2186
>
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 11 SP3 for VMware:
zypper in -t patch slessp3-jakarta-commons-fileupload-8446
- SUSE Linux Enterprise Server 11 SP3:
zypper in -t patch slessp3-jakarta-commons-fileupload-8446
- SUSE Linux Enterprise Server 11 SP2 for VMware:
zypper in -t patch slessp2-jakarta-commons-fileupload-8445
- SUSE Linux Enterprise Server 11 SP2:
zypper in -t patch slessp2-jakarta-commons-fileupload-8445
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Server 11 SP3 for VMware (noarch):
jakarta-commons-fileupload-1.1.1-1.35.1
jakarta-commons-fileupload-javadoc-1.1.1-1.35.1
- SUSE Linux Enterprise Server 11 SP3 (noarch):
jakarta-commons-fileupload-1.1.1-1.35.1
jakarta-commons-fileupload-javadoc-1.1.1-1.35.1
- SUSE Linux Enterprise Server 11 SP2 for VMware (noarch):
jakarta-commons-fileupload-1.1.1-1.35.1
jakarta-commons-fileupload-javadoc-1.1.1-1.35.1
- SUSE Linux Enterprise Server 11 SP2 (noarch):
jakarta-commons-fileupload-1.1.1-1.35.1
jakarta-commons-fileupload-javadoc-1.1.1-1.35.1
References:
http://support.novell.com/security/cve/CVE-2013-2186.html
https://bugzilla.novell.com/846174
http://download.novell.com/patch/finder/?keywords=4e850046eae7d47e6c4921a6249812b8
http://download.novell.com/patch/finder/?keywords=56b6ca4a38407b07a824c188acd7263e
More information about the sle-security-updates
mailing list