Advisories ยป MGASA-2016-0406

Updated jenkins-remoting packages fix security vulnerability

Publication date: 30 Nov 2016
Modification date: 30 Nov 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-9299

Description

An unauthenticated remote code execution vulnerability allowed attackers
to transfer a serialized Java object to the Jenkins CLI, making Jenkins
connect to an attacker-controlled LDAP server, which in turn can send a
serialized payload leading to code execution, bypassing existing
protection mechanisms. (CVE-2016-9299)

References

SRPMS

5/core