Debian Security Advisory
DSA-3893-1 jython -- security update
- Date Reported:
- 22 Jun 2017
- Affected Packages:
- Security database references:
- In the Debian bugtracking system: Bug 864859.
In Mitre's CVE dictionary: CVE-2016-4000.
- More information:
Alvaro Munoz and Christian Schneider discovered that jython, an implementation of the Python language seamlessly integrated with Java, is prone to arbitrary code execution triggered when sending a serialized function to the deserializer.
For the oldstable distribution (jessie), this problem has been fixed in version 2.5.3-3+deb8u1.
For the stable distribution (stretch), this problem has been fixed in version 2.5.3-16+deb9u1.
For the unstable distribution (sid), this problem has been fixed in version 2.5.3-17.
We recommend that you upgrade your jython packages.