Vulnerability & Exploit Database

Back to search

RHSA-2012:1537: jasperreports-server-pro security and bug fix update

Severity CVSS Published Added Modified
5 (AV:N/AC:L/Au:N/C:N/I:N/A:P) August 06, 2009 December 07, 2012 July 04, 2017

Description

An updated jasperreports-server-pro package that fixes one security issue and various bugs is now available. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

JasperReports Server is a reporting server. A flaw was found in the way the Apache Xerces2 Java Parser processed the SYSTEM identifier in DTDs. A remote attacker could provide a specially-crafted XML file, which once parsed by an application using the Apache Xerces2 Java Parser, would lead to a denial of service (application hang due to excessive CPU use). (CVE-2009-2625) This update also fixes the following bugs: * Adding a user to any ROLE caused an unexpected exception. (BZ#730712) * Previously, the jasperreports-server-pro RPM spec file contained the "%{dist}" tag on the "Release" line. To comply with the packaging and naming guidelines, the tag has been changed to "%{?dist}" with this update. (BZ#868927) * In some cases reports were opened with an incorrect list of Entity/Entities. (BZ#842687) Note: The jasperreports-server-pro package replaces rhevm-reports-server from Red Hat Enterprise Virtualization Manager 3.0. Users are advised to upgrade to this updated package, which corrects these issues.

Scan For This Vulnerability

Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities

 Free InsightVM Trial

References

Solution

redhat-upgrade-jasperreports-server-pro

Related Vulnerabilities