openSUSE-SU-2016:0788-1

Опубликовано: 16 мар. 2016

Источник: suse-cvrf

Описание

Security update for bsh2

This update for bsh2 fixes the following issues:

CVE-2016-2510: An application that includes BeanShell on the classpath may be vulnerable if another part of the application uses Java serialization or XStream to deserialize data from an untrusted source.

Please see https://github.com/beanshell/beanshell/releases/tag/2.0b6 for more information.

This update was imported from the SUSE:SLE-12:Update update project.

Список пакетов

openSUSE Leap 42.1

bsh2-2.0.0.b5-30.1

bsh2-bsf-2.0.0.b5-30.1

bsh2-classgen-2.0.0.b5-30.1

bsh2-demo-2.0.0.b5-30.1

bsh2-javadoc-2.0.0.b5-30.1

bsh2-manual-2.0.0.b5-30.1

bsh2-src-2.0.0.b5-30.1

Ссылки

https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00056.html
E-Mail link for openSUSE-SU-2016:0788-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

BeanShell (bsh) before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler.

Затронутые продукты

openSUSE Leap 42.1:bsh2-2.0.0.b5-30.1

openSUSE Leap 42.1:bsh2-bsf-2.0.0.b5-30.1

openSUSE Leap 42.1:bsh2-classgen-2.0.0.b5-30.1

openSUSE Leap 42.1:bsh2-demo-2.0.0.b5-30.1

Ссылки

https://www.suse.com/security/cve/CVE-2016-2510.html
CVE-2016-2510
https://bugzilla.suse.com/967593
SUSE Bug 967593

openSUSE-SU-2016:0788-1

Описание

Список пакетов

openSUSE Leap 42.1

Ссылки

Уязвимость: CVE-2016-2510

Описание

Затронутые продукты

Ссылки