Mageia Advisory: MGASA-2015-0296 - Updated groovy package fixes security vulnerability

Updated groovy package fixes security vulnerability

Publication date: 30 Jul 2015
Modification date: 30 Jul 2015
Type: security
Affected Mageia releases : 4 , 5
CVE: CVE-2015-3253

Description

When an application has Groovy on the classpath and that it uses standard
Java serialization mechanim to communicate between servers, or to store
local data, it is possible for an attacker to bake a special serialized
object that will execute code directly when deserialized. All applications
which rely on serialization and do not isolate the code which deserializes
objects are subject to this vulnerability (CVE-2015-3253).

References

https://bugs.mageia.org/show_bug.cgi?id=16393
http://groovy-lang.org/security.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3253

SRPMS

4/core

groovy-1.8.7-3.1.mga4

5/core

groovy-1.8.9-5.1.mga5

Advisories » MGASA-2015-0296

Updated groovy package fixes security vulnerability

Description

References

SRPMS

4/core

5/core