[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1352-1] jruby security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : jruby
Version        : 1.5.6-5+deb7u2
CVE ID         : CVE-2018-1000074

An unsafe object deserialization vulnerability was found in jruby, a
100% pure-Java implementation of Ruby. An attacker can use this flaw
to run arbitrary code when gem owner is run on a specially crafted
YAML file.

For Debian 7 "Wheezy", these problems have been fixed in version
1.5.6-5+deb7u2.

We recommend that you upgrade your jruby packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlrWes1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeSfUw/9EySd9c4vTfZeUzuB7pS1SMI0uUFiK5/Sk4+L5wVdgjpDw4dSW2D/LEv+
ozFt1FptYFwaL7syG+TDJ8fTyq3YbsBydjYkBYgP94KpVXk0JyEgVB7gOSN0m65b
xyR+4KeuGIhW1Lmgzd91dGK3qz5EHsaDIcY+faCHY0Fzx+ivjhp3fRm1J5TE3iBL
qcihFks/MjpcjeS4T6s0aJnXeaNfaE+hi9xOudF1E6TjOQnusDP4NfWd3q4sEoSI
ra2YP1aFZdb34APFN5oWBzsMvkp/hm0eKH/hB3pR/RxaQhAQFc3X0jvB0R6PT1c2
O69COCoP49E/b3aCghgsmV0GFQH69lRzr1ZE6bxOb3DN+gyYtmWYwkBgtSCkwoia
taSfc6g3kAV+McikHICxbV+D90nxMNTr/q3AlLjOUqvMrfYhqavnS+y2Ek2rOhJm
3k4GTY6BbRMVZ/yUNV/RJGs4Nr9MBnyJMxjiGFxwnJDfGQRiB2nSYh4z7XPNkKVT
DUx3nWM3hNo963LwPjGBI0ww+6fcu1Y50qHh/Nrie23e7nve2+a32Eh1ytNZ1V7j
kp3QT0BrXRYLC+HbhOiDV4wvFlrH3e4/p+AfCo8F/fpziAmHwiuwvE01qvQ03ZR+
YMrC0DoJSXsFtcw5BjiNDPqrHs5SFnOw+AMgXLp6O5X897J3jzI=
=Q1MM
-----END PGP SIGNATURE-----


Reply to: