[SECURITY] [DLA 794-1] groovy security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 794-1] groovy security update
From: Markus Koschany <apo@debian.org>
Date: Sun, 22 Jan 2017 23:36:22 +0100
Message-id: <[🔎] f5146a3e-22ce-ffe3-af53-89c269573232@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : groovy
Version        : 1.8.6-1+deb7u2
CVE ID         : CVE-2016-6814
Debian Bug     : 851408

It was found that a flaw in Apache Groovy, a dynamic language for the
Java Virtual Machine, allows remote code execution wherever
deserialization occurs in the application. It is possible for an
attacker to craft a special serialized object that will execute code
directly when deserialized. All applications which rely on
serialization and do not isolate the code which deserializes objects
are subject to this vulnerability.

For Debian 7 "Wheezy", these problems have been fixed in version
1.8.6-1+deb7u2.

We recommend that you upgrade your groovy packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAliFM+VfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeRDdw//VHrF7eh75fZFqdTzEooqSYk1vtmDHpMZhEXNZiJQsUKMd/x4re2zbYws
CQ4+8hPRBzbk5j7DiRUEsYBoUrpTSoqcL4Guy3K7J7CD4Hj4C183lRoNOyEEWbR0
ApGqreYkm1jPjOzCJ8024BYnF+IbeyeuuzTuwFm2LbJmTFhG6XnSJLAYlN5+Dft5
8OTwZ0JqH7cQu6lJz4XJL20yCwTr7fhLHhgoYv7k5deP9mS6LD1f3xjPF4gOckEa
Jq1LAIPTOMI7MIwtcZeko7krENq3no1R5rVBitfC+w5aegi25+DHG1MJfvx4Uj0o
mK2SWfhJCFJka6KOWltPm5XQvSuHAtsW9xEIfyTpP+KJ3XnBW9TuBdL8y8UFTgs5
PTtgobeUQEOXDFA8cTuRZIfWtUb96vAsjcHO7JVK5lCMjK+N0jpVI0qNQJ/Fksc9
KK4Zi+zuyZq3SqyPhBCOlKs0CpA4yvqSooj8VS1HsDaa5CjzM+vHniRGuIfLmqTS
FVUmd9i1IjN9XFT5vG1zGqaRB5TGr4/iYwYvO183KWDv3fVmjdbR1ZiojP8om+hV
cFky6wlfYpxnxKDF8UOhAPrK2Kgoz4N7ZQIa0+XTHH3a3fI4LTY6PUTTSyCKX5fw
TTCe36twHNVd8oq6jRJa/g+qO1R4INfUroEuxdWrEnqPUY+I0CE=
=TaXB
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 793-1] opus security update
Next by Date: [SECURITY] [DLA 795-1] hesiod security update
Previous by thread: [SECURITY] [DLA 793-1] opus security update
Next by thread: [SECURITY] [DLA 795-1] hesiod security update
Index(es):
- Date
- Thread