Advisories » MGASA-2016-0162

Updated jenkins-remoting packages fix CVE-2016-0792

Publication date: 05 May 2016
Modification date: 05 May 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-0792

Description

Updated jenkins-remoting packages fix security vulnerability:

Jenkins has several API endpoints that allow low-privilege users to POST 
XML files that then get deserialized by Jenkins. Maliciously crafted XML 
files sent to these API endpoints could result in arbitrary code execution.
(SECURITY-247 / CVE-2016-0792)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=18033
• https://lists.fedoraproject.org/pipermail/package-announce/2016-March/179009.html
• https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0792

SRPMS

5/core

• jenkins-remoting-2.53.3-1.mga5