[SECURITY] [DLA 443-1] bsh security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : bsh
Version : 2.0b4-12+deb6u1
CVE ID : CVE-2016-2510
A remote code execution vulnerability was found in BeanShell, an
embeddable Java source interpreter with object scripting language
features.
CVE-2016-2510:
An application that includes BeanShell on the classpath may be
vulnerable if another part of the application uses Java
serialization or XStream to deserialize data from an untrusted
source. A vulnerable application could be exploited for remote
code execution, including executing arbitrary shell commands.
For Debian 6 "Squeeze", these problems have been fixed in version
2.0b4-12+deb6u1.
We recommend that you upgrade your bsh packages.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQJ8BAEBCgBmBQJW1FwTXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE
OUFEMTRCOTUxM0I1MUU0AAoJENmtFLlRO1Hkp78QALYrnVIaBJW3AAImW147+9Zf
Jc8Y6bioIqoxPpGB5HeIAZ1D1eWq8qMIwNUQW4PCI18m/OzeUxHWYsJ30fzFowCg
rervz9JbdA/a9fIZChwyNmvOfIiakrYIl9w6QXZF0FZyVcNEL+wwJsnIA5Mjdi/4
YaNfHkqxdKJ+Y6+kf9ftLUNZOeEQFaLyaUJqkMeIErRUZSKcn164HXS8Q/KgelSm
SbMJ++6Ha/7PQGEwsO2uyu7CFkZlE5PirPvAQn9DrRaDzEigSqkHNdJVqpK7MBRY
bxmZ2U5BcEFkwjJG8sTxYsGDRgvwvI3RJIu5Qxn5jFSvk1+Yac9uNyB6rd+1hb47
TyAkYikfcSh8DBV/epTxqFfJZuBviSEWa4cL7I0+ze+p397t2VCK/2Fz6J1rL2Qd
YBB8T1wxZbQjtvp7JQTk6X0QN6owW23u5DPji1QnwoLr0UaV3thWUk5apE/o89/+
jpW+rfh+7AB3CZe8jDdzQvQL66ZHzIHBYATCMedxNReLVm7ZqJUJ8JDrs3qRua/C
rgFDS5d1dQWNPfY3rM1EKyIUjsmm8M05K80Wf47hc6zuvNf2xYF1mE2LZkbFRtGX
y92GQFUNgKiWzyhctiQIu//ubv5z4aYTEj5WHfNh7G0vSolgTbrmtsKU4v/zyEQE
aKOrddNlAaRTtbzeBWts
=aF56
-----END PGP SIGNATURE-----
Reply to: