Advisories » MGASA-2016-0382

Updated resteasy packages fix security vulnerability

Publication date: 17 Nov 2016
Modification date: 17 Nov 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-7050

Description

It was discovered that under certain conditions RESTEasy could be forced
to parse a request with SerializableProvider, resulting in
deserialization of potentially untrusted data. An attacker could
possibly use this flaw to execute arbitrary code with the permissions of
the application using RESTEasy (CVE-2016-7050).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=19718
• https://rhn.redhat.com/errata/RHSA-2016-2604.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7050

SRPMS

5/core

• resteasy-3.0.6-3.1.mga5