Debian 10225 Published by

The following two security updates has been released for Debian GNU/Linux 7 LTS:

DLA 1360-1: lucene-solr security update
DLA 1361-1: psensor security update



DLA 1360-1: lucene-solr security update




Package : lucene-solr
Version : 3.6.0+dfsg-1+deb7u4
CVE ID : CVE-2018-1308
Debian Bug : #896604

It was discovered that there was an XML external entity expansion (XXE)
vulnerability in lucene-solr, a search engine library for Java.

It could be exploited to read arbitrary local files from the Solr server
or the internal network. For Debian 7 "Wheezy", this issue has been fixed
in lucene-solr version 3.6.0+dfsg-1+deb7u4.

We recommend that you upgrade your lucene-solr packages.




DLA 1361-1: psensor security update




Package : psensor
Version : 0.6.2.17-2+deb7u1
CVE ID : CVE-2014-10073
Debian Bug : 896195

It was discovered that psensor, a server for monitoring hardware
sensors remotely, was prone to a directory traversal vulnerability
because the create_response function in server/server.c lacks a check
for whether a file is under the webserver directory.

For Debian 7 "Wheezy", these problems have been fixed in version
0.6.2.17-2+deb7u1.

We recommend that you upgrade your psensor packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS