Advisories ยป MGASA-2015-0296

Updated groovy package fixes security vulnerability

Publication date: 30 Jul 2015
Type: security
Affected Mageia releases : 4 , 5
CVE: CVE-2015-3253

Description

When an application has Groovy on the classpath and that it uses standard
Java serialization mechanim to communicate between servers, or to store
local data, it is possible for an attacker to bake a special serialized
object that will execute code directly when deserialized. All applications
which rely on serialization and do not isolate the code which deserializes
objects are subject to this vulnerability (CVE-2015-3253).
                

References

SRPMS

4/core

5/core