Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2017-0333)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2017.0333

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2017-0333)

Resumen: The remote host is missing an update for the 'groovy18' package(s) announced via the MGASA-2017-0333 advisory.

Descripción: Summary:
The remote host is missing an update for the 'groovy18' package(s) announced via the MGASA-2017-0333 advisory.

Vulnerability Insight:
When an application has Groovy on the classpath and that it uses
standard Java serialization mechanism to communicate between servers, or
to store local data, it is possible for an attacker to bake a special
serialized object that will execute code directly when deserialized. All
applications which rely on serialization and do not isolate the code
which deserializes objects are subject to this vulnerability
(CVE-2015-3253).

Affected Software/OS:
'groovy18' package(s) on Mageia 6.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2015-3253
BugTraq ID: 75919
http://www.securityfocus.com/bid/75919
BugTraq ID: 91787
http://www.securityfocus.com/bid/91787
Bugtraq: 20150716 [CVE-2015-3253] Apache Groovy Zero-Day Vulnerability Disclosure (Google Search)
http://www.securityfocus.com/archive/1/536012/100/0/threaded
https://security.gentoo.org/glsa/201610-01
http://packetstormsecurity.com/files/132714/Apache-Groovy-2.4.3-Code-Execution.html
http://www.zerodayinitiative.com/advisories/ZDI-15-365/
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://lists.apache.org/thread.html/rbb8e16cc5acab183124572b655bdf5fe1d5b5f477dc267352426c7ed@%3Cnotifications.shardingsphere.apache.org%3E
RedHat Security Advisories: RHSA-2016:0066
http://rhn.redhat.com/errata/RHSA-2016-0066.html
RedHat Security Advisories: RHSA-2016:1376
https://access.redhat.com/errata/RHSA-2016:1376
RedHat Security Advisories: RHSA-2017:2486
https://access.redhat.com/errata/RHSA-2017:2486
RedHat Security Advisories: RHSA-2017:2596
https://access.redhat.com/errata/RHSA-2017:2596
http://www.securitytracker.com/id/1034815

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2017.0333
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2017-0333)
Resumen:	The remote host is missing an update for the 'groovy18' package(s) announced via the MGASA-2017-0333 advisory.
Descripción:	Summary: The remote host is missing an update for the 'groovy18' package(s) announced via the MGASA-2017-0333 advisory. Vulnerability Insight: When an application has Groovy on the classpath and that it uses standard Java serialization mechanism to communicate between servers, or to store local data, it is possible for an attacker to bake a special serialized object that will execute code directly when deserialized. All applications which rely on serialization and do not isolate the code which deserializes objects are subject to this vulnerability (CVE-2015-3253). Affected Software/OS: 'groovy18' package(s) on Mageia 6. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-3253 BugTraq ID: 75919 http://www.securityfocus.com/bid/75919 BugTraq ID: 91787 http://www.securityfocus.com/bid/91787 Bugtraq: 20150716 [CVE-2015-3253] Apache Groovy Zero-Day Vulnerability Disclosure (Google Search) http://www.securityfocus.com/archive/1/536012/100/0/threaded https://security.gentoo.org/glsa/201610-01 http://packetstormsecurity.com/files/132714/Apache-Groovy-2.4.3-Code-Execution.html http://www.zerodayinitiative.com/advisories/ZDI-15-365/ https://www.oracle.com/security-alerts/cpuapr2020.html https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://lists.apache.org/thread.html/rbb8e16cc5acab183124572b655bdf5fe1d5b5f477dc267352426c7ed@%3Cnotifications.shardingsphere.apache.org%3E RedHat Security Advisories: RHSA-2016:0066 http://rhn.redhat.com/errata/RHSA-2016-0066.html RedHat Security Advisories: RHSA-2016:1376 https://access.redhat.com/errata/RHSA-2016:1376 RedHat Security Advisories: RHSA-2017:2486 https://access.redhat.com/errata/RHSA-2017:2486 RedHat Security Advisories: RHSA-2017:2596 https://access.redhat.com/errata/RHSA-2017:2596 http://www.securitytracker.com/id/1034815
Copyright	Copyright (C) 2022 Greenbone AG