|
|
Log in / Subscribe / Register

Mageia alert MGASA-2013-0292 (openjpa)



From:
    	      Mageia Updates <buildsystem-daemon@mageia.org> 


To:
    	      updates-announce@ml.mageia.org 


Subject:
    	      [updates-announce] MGASA-2013-0292: Updated openjpa packages fix CVE-2013-1768 


Date:
    	      Sat, 5 Oct 2013 19:45:03 +0200


Message-ID:
    	      <20131005174504.1751F5B274@valstar.mageia.org>



MGASA-2013-0292 - Updated openjpa packages fix CVE-2013-1768

Publication date: 05 Oct 2013
URL: http://advisories.mageia.org/MGASA-2013-0292.html
Type: security
Affected Mageia releases: 2, 3
CVE: CVE-2013-1768

Description:
Updated openjpa packages fix security vulnerability:

The BrokerFactory functionality in Apache OpenJPA before 2.2.2 creates
local executable JSP files containing logging trace data produced during
deserialization of certain crafted OpenJPA objects, which makes it easier
for remote attackers to execute arbitrary code by creating a serialized
object and leveraging improperly secured server programs (CVE-2013-1768).

References:
- https://lists.fedoraproject.org/pipermail/package-announc...
- https://bugs.mageia.org/show_bug.cgi?id=10817
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1768

SRPMS:
- 3/core/openjpa-2.2.0-3.1.mga3
- 2/core/openjpa-2.0.0-1.1.mga2
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds