Debian Security Advisory
DLA-443-1 bsh -- LTS security update
- Date Reported:
- 29 Feb 2016
- Affected Packages:
- bsh
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2016-2510.
- More information:
-
A remote code execution vulnerability was found in BeanShell, an embeddable Java source interpreter with object scripting language features.
- CVE-2016-2510
An application that includes BeanShell on the classpath may be vulnerable if another part of the application uses Java serialization or XStream to deserialize data from an untrusted source. A vulnerable application could be exploited for remote code execution, including executing arbitrary shell commands.
For Debian 6
Squeeze
, these problems have been fixed in version 2.0b4-12+deb6u1.We recommend that you upgrade your bsh packages.
- CVE-2016-2510