Updated groovy and groovy18 packages fix security vulnerability
Publication date: 26 Aug 2017Modification date: 26 Aug 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2016-6814
Description
It was found that a flaw in Apache groovy library allows remote code execution wherever deserialization occurs in the application. It is possible for an attacker to craft a special serialized object that will execute code directly when deserialized. All applications which rely on serialization and do not isolate the code which deserializes objects are subject to this vulnerability (CVE-2016-6814).
References
- https://bugs.mageia.org/show_bug.cgi?id=20121
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/GLUK73YU2ETK7USTPIIC4YQT3BYKGEOB/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/A5FSJEOEIYPZDGJRMEPJPMUMDN4MQQJI/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6814
SRPMS
6/core
- groovy18-1.8.9-26.1.mga6
5/core
- groovy-1.8.9-5.2.mga5