Launchpad.net

CVE 2017-15691

In Apache uimaj prior to 2.10.2, Apache uimaj 3.0.0-xxx prior to 3.0.0-beta, Apache uima-as prior to 2.10.2, Apache uimaFIT prior to 2.4.0, Apache uimaDUCC prior to 2.2.2, this vulnerability relates to an XML external entity expansion (XXE) capability of various XML parsers. UIMA as part of its configuration and operation may read XML from various sources, which could be tainted in ways to cause inadvertent disclosure of local files or other internal content.

Related bugs and status

CVE-2017-15691 (Candidate) is related to these bugs:

Bug #1814133: update to openjdk 11 in 18.04 LTS

		In	Importance	Status
1814133	update to openjdk 11 in 18.04 LTS	saaj (Ubuntu)	Undecided	Invalid
1814133	update to openjdk 11 in 18.04 LTS	ca-certificates-java (Ubuntu)	Undecided	Invalid
1814133	update to openjdk 11 in 18.04 LTS	jaxws-api (Ubuntu)	Undecided	Invalid
1814133	update to openjdk 11 in 18.04 LTS	jws-api (Ubuntu)	Undecided	Invalid
1814133	update to openjdk 11 in 18.04 LTS	metro-policy (Ubuntu)	Undecided	Invalid
1814133	update to openjdk 11 in 18.04 LTS	maven-debian-helper (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	testng (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	plexus-languages (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	libcommons-lang3-java (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	dd-plist (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	clojure1.8 (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	gradle (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	jtreg (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	maven-compiler-plugin (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	surefire (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	gradle-debian-helper (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	groovy (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	jasperreports (Ubuntu)	Undecided	Invalid
1814133	update to openjdk 11 in 18.04 LTS	octave (Ubuntu)	Undecided	Invalid
1814133	update to openjdk 11 in 18.04 LTS	gettext (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	insubstantial (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	java-common (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	javatools (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	jnr-posix (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	jruby (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	jython (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	libgpars-groovy-java (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	logback (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	maven-javadoc-plugin (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	openjdk-lts (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	openjfx (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	scala (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	openjdk-11-jre-dcevm (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	jameica-util (Ubuntu)	Undecided	Invalid
1814133	update to openjdk 11 in 18.04 LTS	libreoffice (Ubuntu)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	libreoffice-l10n (Ubuntu)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	gatk-native-bindings (Ubuntu)	Undecided	Invalid
1814133	update to openjdk 11 in 18.04 LTS	gkl (Ubuntu)	Undecided	Invalid
1814133	update to openjdk 11 in 18.04 LTS	htsjdk (Ubuntu)	Undecided	Invalid
1814133	update to openjdk 11 in 18.04 LTS	jameica (Ubuntu)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	jameica-datasource (Ubuntu)	Undecided	Invalid
1814133	update to openjdk 11 in 18.04 LTS	maven-bundle-plugin (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	maven-enforcer (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	maven-plugin-tools (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	maven-jaxb2-plugin (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	jruby-openssl (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	visualvm (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	libjogl2-java (Ubuntu)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	fonts-liberation2 (Ubuntu)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	libjavaewah-java (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	scilab (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	gluegen2 (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	ecj (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	activemq (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	afterburner.fx (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	annotation-indexer (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	apache-directory-server (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	aspectj (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	aspectj-maven-plugin (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	batik (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	bindex (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	bridge-method-injector (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	carrotsearch-hppc (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	commons-httpclient (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	eclipselink (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	elki (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	clojure (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	figtree (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	fontawesomefx (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	hikaricp (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	hsqldb (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	hsqldb1.8.0 (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	jabref (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	jackson-core (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	jackson-databind (Ubuntu Bionic)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2017-15691

Related bugs and status

Related bugs

References