Updated logback packages fix security vulnerability
Publication date: 14 Feb 2019Modification date: 14 Feb 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2017-5929
Description
It was found that logback is vulnerable to a deserialization issue. Logback can be configured to allow remote logging through SocketServer/ServerSocketReceiver interfaces that can accept untrusted serialized data. Authenticated attackers on the adjacent network can leverage this vulnerability to execute arbitrary code through deserialization of custom gadget chains (CVE-2017-5929).
References
SRPMS
6/core
- logback-1.1.3-2.1.mga6