Debian Security Advisory
DLA-443-1 bsh -- LTS security update
- Date Reported:
- 29 Feb 2016
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2016-2510.
- More information:
A remote code execution vulnerability was found in BeanShell, an embeddable Java source interpreter with object scripting language features.
An application that includes BeanShell on the classpath may be vulnerable if another part of the application uses Java serialization or XStream to deserialize data from an untrusted source. A vulnerable application could be exploited for remote code execution, including executing arbitrary shell commands.
For Debian 6
Squeeze, these problems have been fixed in version 2.0b4-12+deb6u1.
We recommend that you upgrade your bsh packages.