Mageia Advisory: MGASA-2019-0399 - Updated apache-commons-beanutils packages fix security vulnerability

Updated apache-commons-beanutils packages fix security vulnerability

Publication date: 19 Dec 2019
Modification date: 19 Dec 2019
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-10086

Description

Updated apache-commons-beanutils packages fix security vulnerability:

In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was
added which allows suppressing the ability for an attacker to access the
classloader via the class property available on all Java objects. We,
however were not using this by default characteristic of the
PropertyUtilsBean (CVE-2019-10086).

Also, the apache-commons-collections package has been rebuilt to regenerate
the OSGi metadata, to allow the apache-commons-beanutils package to build.

References

https://bugs.mageia.org/show_bug.cgi?id=25765
https://lists.opensuse.org/opensuse-updates/2019-09/msg00017.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10086

SRPMS

7/core

apache-commons-beanutils-1.9.4-1.mga7
apache-commons-collections-3.2.2-7.1.mga7

Advisories » MGASA-2019-0399

Updated apache-commons-beanutils packages fix security vulnerability

Description

References

SRPMS

7/core