|
|
Subscribe / Log in / New account

Mageia alert MGASA-2016-0162 (jenkins-remoting)



From:
    	      Mageia Updates <buildsystem-daemon@mageia.org> 


To:
    	      updates-announce@ml.mageia.org 


Subject:
    	      [updates-announce] MGASA-2016-0162: Updated jenkins-remoting packages fix CVE-2016-0792 


Date:
    	      Thu, 5 May 2016 18:27:09 +0200


Message-ID:
    	      <20160505162709.81F259F643@duvel.mageia.org>


MGASA-2016-0162 - Updated jenkins-remoting packages fix CVE-2016-0792

Publication date: 05 May 2016
URL: http://advisories.mageia.org/MGASA-2016-0162.html

Type: security
Affected Mageia releases: 5
CVE: CVE-2016-0792

Description:
Updated jenkins-remoting packages fix security vulnerability:

Jenkins has several API endpoints that allow low-privilege users to POST 
XML files that then get deserialized by Jenkins. Maliciously crafted XML 
files sent to these API endpoints could result in arbitrary code execution.
(SECURITY-247 / CVE-2016-0792)

References:
- https://bugs.mageia.org/show_bug.cgi?id=18033

- https://lists.fedoraproject.org/pipermail/package-announc...
- https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Secu...
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0792


SRPMS:
- 5/core/jenkins-remoting-2.53.3-1.mga5
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds