USN-7283-1: Apache Solr vulnerability
21 February 2025
Apache Solr could be made to execute arbitrary code if it received specially crafted input.
Releases
Packages
- lucene-solr - Full-text search engine library for Java
Details
It was discovered that the Apache Solr DataImportHandler module incorrectly
handled certain request parameters in a default configuration. A remote
attacker could possibly use this issue to execute arbitrary code.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.04
-
liblucene3-contrib-java
-
3.6.2+dfsg-18~18.04.1~esm2
Available with Ubuntu Pro
-
liblucene3-java
-
3.6.2+dfsg-18~18.04.1~esm2
Available with Ubuntu Pro
-
libsolr-java
-
3.6.2+dfsg-18~18.04.1~esm2
Available with Ubuntu Pro
Ubuntu 16.04
-
liblucene3-contrib-java
-
3.6.2+dfsg-8ubuntu0.1+esm1
Available with Ubuntu Pro
-
liblucene3-java
-
3.6.2+dfsg-8ubuntu0.1+esm1
Available with Ubuntu Pro
-
libsolr-java
-
3.6.2+dfsg-8ubuntu0.1+esm1
Available with Ubuntu Pro
Ubuntu 14.04
-
liblucene3-contrib-java
-
3.6.2+dfsg-2ubuntu0.1~esm4
-
liblucene3-java
-
3.6.2+dfsg-2ubuntu0.1~esm4
-
libsolr-java
-
3.6.2+dfsg-2ubuntu0.1~esm4
In general, a standard system update will make all the necessary changes.