According to the company, Apache Commons FileUpload could have been made to overwrite files.
It has been discovered that Apache Commons FileUpload incorrectly handled file names with NULL bytes in serialized instances. An attacker could have used this issue to possibly write to arbitrary files.
For a more detailed description of the security problems, you can see Canonical's security Notification.
The security flaws can be fixed if you upgrade your system(s) to the latest libcommons-fileupload-java package specific to each distribution. To apply the update, run the Update Manager application.
In general, a standard system update will make all the necessary changes and you won't need to restart the system.
No comments:
Post a Comment