(RHSA-2012:1537) Moderate: jasperreports-server-pro security and bug fix update

ID RHSA-2012:1537
Type redhat
Reporter RedHat
Modified 2017-03-03T16:46:54


JasperReports Server is a reporting server.

A flaw was found in the way the Apache Xerces2 Java Parser processed the SYSTEM identifier in DTDs. A remote attacker could provide a specially-crafted XML file, which once parsed by an application using the Apache Xerces2 Java Parser, would lead to a denial of service (application hang due to excessive CPU use). (CVE-2009-2625)

This update also fixes the following bugs:

  • Adding a user to any ROLE caused an unexpected exception. (BZ#730712)

  • Previously, the jasperreports-server-pro RPM spec file contained the "%{dist}" tag on the "Release" line. To comply with the packaging and naming guidelines, the tag has been changed to "%{?dist}" with this update. (BZ#868927)

  • In some cases reports were opened with an incorrect list of Entity/Entities. (BZ#842687)

Note: The jasperreports-server-pro package replaces rhevm-reports-server from Red Hat Enterprise Virtualization Manager 3.0.

Users are advised to upgrade to this updated package, which corrects these issues.