RHEL 6 : Virtualization Manager (RHSA-2012:1537)

medium Nessus Plugin ID 78942

Synopsis

The remote Red Hat host is missing a security update.

Description

An updated jasperreports-server-pro package that fixes one security issue and various bugs is now available.

The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

JasperReports Server is a reporting server.

A flaw was found in the way the Apache Xerces2 Java Parser processed the SYSTEM identifier in DTDs. A remote attacker could provide a specially crafted XML file, which once parsed by an application using the Apache Xerces2 Java Parser, would lead to a denial of service (application hang due to excessive CPU use). (CVE-2009-2625)

This update also fixes the following bugs :

* Adding a user to any ROLE caused an unexpected exception.
(BZ#730712)

* Previously, the jasperreports-server-pro RPM spec file contained the '%{dist}' tag on the 'Release' line. To comply with the packaging and naming guidelines, the tag has been changed to '%{?dist}' with this update. (BZ#868927)

* In some cases reports were opened with an incorrect list of Entity/Entities. (BZ#842687)

Note: The jasperreports-server-pro package replaces rhevm-reports-server from Red Hat Enterprise Virtualization Manager 3.0.

Users are advised to upgrade to this updated package, which corrects these issues.

Solution

Update the affected jasperreports-server-pro package.

See Also

https://access.redhat.com/errata/RHSA-2012:1537

https://access.redhat.com/security/cve/cve-2009-2625

Plugin Details

Severity: Medium

ID: 78942

File Name: redhat-RHSA-2012-1537.nasl

Version: 1.11

Type: local

Agent: unix

Published: 11/8/2014

Updated: 1/14/2021

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:jasperreports-server-pro, cpe:/o:redhat:enterprise_linux:6

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 12/4/2012

Vulnerability Publication Date: 8/6/2009

Reference Information

CVE: CVE-2009-2625

BID: 35958

CWE: 264

RHSA: 2012:1537