Updated logback packages fix security vulnerabilityPublication date: 14 Feb 2019
Affected Mageia releases : 6
It was found that logback is vulnerable to a deserialization issue. Logback can be configured to allow remote logging through SocketServer/ServerSocketReceiver interfaces that can accept untrusted serialized data. Authenticated attackers on the adjacent network can leverage this vulnerability to execute arbitrary code through deserialization of custom gadget chains (CVE-2017-5929).