Debian Long Term Support / LTS Security Information / 2016 / Security Information -- DLA-443-1 bsh

Debian Security Advisory

DLA-443-1 bsh -- LTS security update

Date Reported:

29 Feb 2016

Affected Packages:

bsh

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2016-2510.

More information:

A remote code execution vulnerability was found in BeanShell, an embeddable Java source interpreter with object scripting language features.

• CVE-2016-2510

  An application that includes BeanShell on the classpath may be vulnerable if another part of the application uses Java serialization or XStream to deserialize data from an untrusted source. A vulnerable application could be exploited for remote code execution, including executing arbitrary shell commands.

For Debian 6 Squeeze, these problems have been fixed in version 2.0b4-12+deb6u1.

We recommend that you upgrade your bsh packages.