- Vulnerability/
- RHSA-2012:1537
RHSA-2012:1537: Moderate: jasperreports-server-pro security and bug fix update
First published: Tue Dec 04 2012(Updated: )
JasperReports Server is a reporting server.<br>A flaw was found in the way the Apache Xerces2 Java Parser processed the<br>SYSTEM identifier in DTDs. A remote attacker could provide a<br>specially-crafted XML file, which once parsed by an application using the<br>Apache Xerces2 Java Parser, would lead to a denial of service (application<br>hang due to excessive CPU use). (CVE-2009-2625)<br>This update also fixes the following bugs:<br><li> Adding a user to any ROLE caused an unexpected exception. (BZ#730712)</li> <li> Previously, the jasperreports-server-pro RPM spec file contained the</li> "%{dist}" tag on the "Release" line. To comply with the packaging and<br>naming guidelines, the tag has been changed to "%{?dist}" with this update.<br>(BZ#868927)<br><li> In some cases reports were opened with an incorrect list of</li> Entity/Entities. (BZ#842687)<br>Note: The jasperreports-server-pro package replaces rhevm-reports-server<br>from Red Hat Enterprise Virtualization Manager 3.0.<br>Users are advised to upgrade to this updated package, which corrects these<br>issues.<br>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/jasperreports-server-pro | <4.7.1-2.el6e | 4.7.1-2.el6e |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2012:1537
- agent/software-canonical-lookup
- package-manager/redhat