SCIENTIFIC-LINUX-ERRATA Archives

May 2014

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Important: struts on SL5.x i386/x86_64
From:
Pat Riehecky <[log in to unmask]>
Reply To:
[log in to unmask]
Date:
Wed, 7 May 2014 14:40:51 +0000
Content-Type:
text/plain
Parts/Attachments:
text/plain (32 lines) 
Synopsis:          Important: struts security update
Advisory ID:       SLSA-2014:0474-1
Issue Date:        2014-05-07
CVE Numbers:       CVE-2014-0114
--

It was found that the Struts 1 ActionForm object allowed access to the
'class' parameter, which is directly mapped to the getClass() method. A
remote attacker could use this flaw to manipulate the ClassLoader used by
an application server running Struts 1. This could lead to remote code
execution under certain conditions. (CVE-2014-0114)

All running applications using struts must be restarted for this update to
take effect.
--

SL5
  x86_64
    struts-1.2.9-4jpp.8.el5_10.x86_64.rpm
    struts-debuginfo-1.2.9-4jpp.8.el5_10.x86_64.rpm
    struts-javadoc-1.2.9-4jpp.8.el5_10.x86_64.rpm
    struts-manual-1.2.9-4jpp.8.el5_10.x86_64.rpm
    struts-webapps-tomcat5-1.2.9-4jpp.8.el5_10.x86_64.rpm
  i386
    struts-1.2.9-4jpp.8.el5_10.i386.rpm
    struts-debuginfo-1.2.9-4jpp.8.el5_10.i386.rpm
    struts-javadoc-1.2.9-4jpp.8.el5_10.i386.rpm
    struts-manual-1.2.9-4jpp.8.el5_10.i386.rpm
    struts-webapps-tomcat5-1.2.9-4jpp.8.el5_10.i386.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2