Updated struts packages fix security vulnerabilities
Publication date: 08 Jul 2016Modification date: 08 Jul 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-1181 , CVE-2016-1182
Description
Updated struts packages fix security vulnerabilities:
A vulnerability in Apache Struts 1 ActionForm allowing unintended remote
operations against components on server memory, such as Servlets and
ClassLoader, was found (CVE-2016-1181).
It was reported that The Apache Struts 1 Validator contains a vulnerability
where input validation configurations (validation rules, error messages, etc.)
may be modified. This occurs when ValidatorForm and ValidatorActionForm
(including its subclasses) are in the session scope (CVE-2016-1182).
References
- https://bugs.mageia.org/show_bug.cgi?id=18763
- https://jvn.jp/en/jp/JVN65044642/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/UQI2PYM3R4FWEOVHIFT7KUPTILG2DFMZ/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1181
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1182
SRPMS
5/core
- struts-1.3.10-8.2.mga5