The Red Hat Enterprise Virtualization reports package provides a suite of
pre-configured reports and dashboards that enable you to monitor the
system. The reports module is based on JasperReports and JasperServer, and
can also be used to create ad-hoc reports.
Apache Axis did not verify that the server hostname matched the domain name
in the subject’s Common Name (CN) or subjectAltName field in X.509
certificates. This could allow a man-in-the-middle attacker to spoof an SSL
server if they had a certificate that was valid for any domain name.
(CVE-2012-5784)
A flaw was found in the Apache Hadoop RPC protocol. A man-in-the-middle
attacker could possibly use this flaw to unilaterally disable bidirectional
authentication between a client and a server, forcing a downgrade to simple
(unidirectional) authentication. This flaw only affects users who have
enabled Hadoop’s Kerberos security features. (CVE-2013-2192)
This update fixes several bugs and adds multiple enhancements.
Documentation for these changes will be available shortly from the
Technical Notes document linked to in the References section.
All jasperreports-server-pro users are advised to upgrade to this updated
package, which contains backported patches to correct these issues and add
these enhancements.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 6 | src | jasperreports-server-pro | < 5.5.0-4.el6ev | jasperreports-server-pro-5.5.0-4.el6ev.src.rpm |
RedHat | 6 | noarch | jasperreports-server-pro | < 5.5.0-4.el6ev | jasperreports-server-pro-5.5.0-4.el6ev.noarch.rpm |