[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 443-1] bsh security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : bsh
Version        : 2.0b4-12+deb6u1
CVE ID	       : CVE-2016-2510

A remote code execution vulnerability was found in BeanShell, an
embeddable Java source interpreter with object scripting language
features.

CVE-2016-2510:
	An application that includes BeanShell on the classpath may be
	vulnerable if another part of the application uses Java
 	serialization or XStream to deserialize data from an untrusted
	source. A vulnerable application could be exploited for remote
	code execution, including executing arbitrary shell commands.


For Debian 6 "Squeeze", these problems have been fixed in version
2.0b4-12+deb6u1.

We recommend that you upgrade your bsh packages.



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQJ8BAEBCgBmBQJW1FwTXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE
OUFEMTRCOTUxM0I1MUU0AAoJENmtFLlRO1Hkp78QALYrnVIaBJW3AAImW147+9Zf
Jc8Y6bioIqoxPpGB5HeIAZ1D1eWq8qMIwNUQW4PCI18m/OzeUxHWYsJ30fzFowCg
rervz9JbdA/a9fIZChwyNmvOfIiakrYIl9w6QXZF0FZyVcNEL+wwJsnIA5Mjdi/4
YaNfHkqxdKJ+Y6+kf9ftLUNZOeEQFaLyaUJqkMeIErRUZSKcn164HXS8Q/KgelSm
SbMJ++6Ha/7PQGEwsO2uyu7CFkZlE5PirPvAQn9DrRaDzEigSqkHNdJVqpK7MBRY
bxmZ2U5BcEFkwjJG8sTxYsGDRgvwvI3RJIu5Qxn5jFSvk1+Yac9uNyB6rd+1hb47
TyAkYikfcSh8DBV/epTxqFfJZuBviSEWa4cL7I0+ze+p397t2VCK/2Fz6J1rL2Qd
YBB8T1wxZbQjtvp7JQTk6X0QN6owW23u5DPji1QnwoLr0UaV3thWUk5apE/o89/+
jpW+rfh+7AB3CZe8jDdzQvQL66ZHzIHBYATCMedxNReLVm7ZqJUJ8JDrs3qRua/C
rgFDS5d1dQWNPfY3rM1EKyIUjsmm8M05K80Wf47hc6zuvNf2xYF1mE2LZkbFRtGX
y92GQFUNgKiWzyhctiQIu//ubv5z4aYTEj5WHfNh7G0vSolgTbrmtsKU4v/zyEQE
aKOrddNlAaRTtbzeBWts
=aF56
-----END PGP SIGNATURE-----


Reply to: