RHSA-2014:0389: Important: jasperreports-server-pro security update
The Red Hat Enterprise Virtualization reports package provides a suite ofpre-configured reports and dashboards that enable you to monitor thesystem. The reports module is based on JasperReports and JasperServer, andcan also be used to create ad-hoc reports.XStream is a simple library used by the Red Hat Enterprise Virtualizationreports package to serialize and de-serialize objects to and from XML.It was found that XStream could deserialize arbitrary user-supplied XMLcontent, representing objects of any type. A remote attacker able to passXML to XStream could use this flaw to perform a variety of attacks,including remote code execution in the context of the server running theXStream application. (CVE-2013-7285)All jasperreports-server-pro users are advised to upgrade to this updatedpackage, which contains a backported patch to correct this issue.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2014:0389?
The severity of RHSA-2014:0389 is classified as important.
How do I fix RHSA-2014:0389?
To fix RHSA-2014:0389, update the jasperreports-server-pro package to version 5.5.0 or above.
Which software is affected by RHSA-2014:0389?
RHSA-2014:0389 affects the jasperreports-server-pro package version 5.5.0-6.el6e.
What type of vulnerability is described in RHSA-2014:0389?
RHSA-2014:0389 addresses vulnerabilities in the reports module of Red Hat Enterprise Virtualization.
Is there a risk if I do not address RHSA-2014:0389?
Yes, not addressing RHSA-2014:0389 may expose your system to security risks and potential data breaches.