|
|
Log in / Subscribe / Register

Mageia alert MGASA-2017-0311 (groovy, groovy18)



From:
    	      Mageia Updates <buildsystem-daemon@mageia.org> 


To:
    	      updates-announce@ml.mageia.org 


Subject:
    	      [updates-announce] MGASA-2017-0311: Updated groovy and groovy18 packages fix security vulnerability 


Date:
    	      Sat, 26 Aug 2017 22:36:06 +0200


Message-ID:
    	      <20170826203606.843809F872@duvel.mageia.org>


MGASA-2017-0311 - Updated groovy and groovy18 packages fix security vulnerability

Publication date: 26 Aug 2017
URL: http://advisories.mageia.org/MGASA-2017-0311.html
Type: security
Affected Mageia releases: 5, 6
CVE: CVE-2016-6814

Description:
It was found that a flaw in Apache groovy library allows remote code
execution wherever deserialization occurs in the application. It is
possible for an attacker to craft a special serialized object that will
execute code directly when deserialized. All applications which rely on
serialization and do not isolate the code which deserializes objects are
subject to this vulnerability (CVE-2016-6814).

References:
- https://bugs.mageia.org/show_bug.cgi?id=20121
-
https://lists.fedoraproject.org/archives/list/package-ann...
-
https://lists.fedoraproject.org/archives/list/package-ann...
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6814

SRPMS:
- 5/core/groovy-1.8.9-5.2.mga5
- 6/core/groovy18-1.8.9-26.1.mga6
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds