Unix News Tutorials Events and Stuff: [USN-2029-1] Apache Commons FileUpload vulnerability

Wednesday, November 13, 2013

[USN-2029-1] Apache Commons FileUpload vulnerability

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCgAGBQJSg5qwAAoJEGVp2FWnRL6T/5YQAK9hpJoO3isW+hV37Z8SzrwN
4o+TwbbI93/hfx/y1J39omvU8jaWsjruMexj+rbj7vbZ4rxKD6s0WlA7L/hpmg7+
+YYYRCPV9hITXunbiosK0Y5ZgPHLx/PosmUvuUdacUFPwyTGREJOgZEz1nif4EqH
FtaU/HDz70k0vplLEyfWBkbKhxZvaQNlvHWVMBgIrfE2vPF0r7KCW3QZtjUvxqec
XeLq0D8XuyLT9jwv9QZe61azsxIdkpOL/Qzm9cDoR4f8T+b5NAEG9+MaHT44sDxA
MvGmj4PS15cwZSFZSgxHw+kKToPAnqV3HKIGlrd3Pv5mO7YVIqCXkKlAhSSKMsw3
qSRTKK8TuExUoIKFPgl+/xkM88B0RlGqtSwbCg0PLVePcViT5p1uDWrw9thRuk0v
0GpAKEuEm0Vlzc4wwWUtDXnYZih6eZ4LvtSxGt1l/jJcs+mqrDIyw7PxuJC1wF8R
uePcpkX8C9b6IUJxiXHrDjiKmOzPNElkRW/juK2rCYui+8se3I5a+nrHgvb+O6fG
+RZRX7uZrkSpaz7PGMfNbXP19G+yF/KRKg6aR0cO4bSxL+0lE9i3/mqFWhtok8Im
BPFhwKEikhZqH7AyEdu1NDv7sQ9PPGUG0JpiGvlBQSlBj5T1YCOsA2bP2McNNTcf
TqhOxfXp3XW1G8qvbE/3
=S+OX
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2029-1
November 13, 2013

libcommons-fileupload-java vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 10.04 LTS

Summary:

Apache Commons FileUpload could be made to overwrite files.

Software Description:
- libcommons-fileupload-java: File upload capability for servlets and web
applications

Details:

It was discovered that Apache Commons FileUpload incorrectly handled file
names with NULL bytes in serialized instances. An attacker could use this
issue to possibly write to arbitrary files.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 10.04 LTS:
libcommons-fileupload-java 1.2.1-3ubuntu2.1

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2029-1
CVE-2013-2186

Package Information:
https://launchpad.net/ubuntu/+source/libcommons-fileupload-java/1.2.1-3ubuntu2.1

Wednesday, November 13, 2013

[USN-2029-1] Apache Commons FileUpload vulnerability

No comments:

Post a Comment