Debian Local Security Checks : Debian LTS: Security Advisory for jython (DLA-989-1)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.890989

Categoría: Debian Local Security Checks

Título: Debian LTS: Security Advisory for jython (DLA-989-1)

Resumen: lvaro Munoz and Christian Schneider discovered that Jython, an;implementation of the Python language seamlessly integrated with Java,;would execute arbitrary code when deserializing objects.

Descripción: Summary:
lvaro Munoz and Christian Schneider discovered that Jython, an
implementation of the Python language seamlessly integrated with Java,
would execute arbitrary code when deserializing objects.

Affected Software/OS:
jython on Debian Linux

Solution:
For Debian 7 'Wheezy', these problems have been fixed in version
2.5.2-1+deb7u1.

We recommend that you upgrade your jython packages.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2016-4000
BugTraq ID: 105647
http://www.securityfocus.com/bid/105647
http://bugs.jython.org/issue2454
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864859
https://hg.python.org/jython/file/v2.7.1rc1/NEWS
https://hg.python.org/jython/rev/d06e29d100c0
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
Debian Security Information: DSA-3893 (Google Search)
http://www.debian.org/security/2017/dsa-3893
https://security.gentoo.org/glsa/201710-28
https://security-tracker.debian.org/tracker/CVE-2016-4000
https://snyk.io/vuln/SNYK-JAVA-ORGPYTHON-31451
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
https://lists.apache.org/thread.html/0919ec1db20b1022f22b8e78f355667df74d6142b463ff17d03ad533@%3Cdevnull.infra.apache.org%3E

Copyright Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.890989
Categoría:	Debian Local Security Checks
Título:	Debian LTS: Security Advisory for jython (DLA-989-1)
Resumen:	lvaro Munoz and Christian Schneider discovered that Jython, an;implementation of the Python language seamlessly integrated with Java,;would execute arbitrary code when deserializing objects.
Descripción:	Summary: lvaro Munoz and Christian Schneider discovered that Jython, an implementation of the Python language seamlessly integrated with Java, would execute arbitrary code when deserializing objects. Affected Software/OS: jython on Debian Linux Solution: For Debian 7 'Wheezy', these problems have been fixed in version 2.5.2-1+deb7u1. We recommend that you upgrade your jython packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-4000 BugTraq ID: 105647 http://www.securityfocus.com/bid/105647 http://bugs.jython.org/issue2454 http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864859 https://hg.python.org/jython/file/v2.7.1rc1/NEWS https://hg.python.org/jython/rev/d06e29d100c0 https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html Debian Security Information: DSA-3893 (Google Search) http://www.debian.org/security/2017/dsa-3893 https://security.gentoo.org/glsa/201710-28 https://security-tracker.debian.org/tracker/CVE-2016-4000 https://snyk.io/vuln/SNYK-JAVA-ORGPYTHON-31451 https://www.oracle.com/security-alerts/cpuapr2020.html https://www.oracle.com/security-alerts/cpujan2020.html https://www.oracle.com/security-alerts/cpujul2020.html https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html https://lists.apache.org/thread.html/0919ec1db20b1022f22b8e78f355667df74d6142b463ff17d03ad533@%3Cdevnull.infra.apache.org%3E
Copyright	Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net