SCIENTIFIC-LINUX-ERRATA Archives

August 2017

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Important: groovy on SL7.x (noarch)
From:
Pat Riehecky <[log in to unmask]>
Reply To:
[log in to unmask]
Date:
Mon, 21 Aug 2017 15:39:45 -0000
Content-Type:
text/plain
Parts/Attachments:
text/plain (23 lines) 
Synopsis:          Important: groovy security update
Advisory ID:       SLSA-2017:2486-1
Issue Date:        2017-08-17
CVE Numbers:       CVE-2016-6814
--

Security Fix(es):

* It was found that a flaw in Apache groovy library allows remote code
execution wherever deserialization occurs in the application. It is
possible for an attacker to craft a special serialized object that will
execute code directly when deserialized. All applications which rely on
serialization and do not isolate the code which deserializes objects are
subject to this vulnerability. (CVE-2016-6814)
--

SL7
  noarch
    groovy-1.8.9-8.el7_4.noarch.rpm
    groovy-javadoc-1.8.9-8.el7_4.noarch.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2