Adsons

    Debian LTS: DLA-888-1: logback security update

    Date07 Apr 2017
    CategoryDebian LTS
    58
    Posted ByLinuxSecurity Advisories
    It was discovered that logback, a flexible logging library for Java, would deserialize data from untrusted sockets which may lead to the execution of arbitrary code. This issue has been resolved by adding a whitelist to use only trusted classes.
    Hash: SHA512
    
    Package        : logback
    Version        : 1:1.0.4-1+deb7u1
    CVE ID         : CVE-2017-5929
    Debian Bug     : 857343
    
    It was discovered that logback, a flexible logging library for Java,
    would deserialize data from untrusted sockets which may lead to the
    execution of arbitrary code. This issue has been resolved by adding a
    whitelist to use only trusted classes.
    
    For Debian 7 "Wheezy", these problems have been fixed in version
    1:1.0.4-1+deb7u1.
    
    We recommend that you upgrade your logback packages.
    
    Further information about Debian LTS security advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://wiki.debian.org/LTS
    

    Comments powered by CComment

    Sidebar Ad

    LinuxSecurity Poll

    Does your company/organization utilize open-source software?

    Message!

    Poll results are hidden from public viewing.

    You are not authorized to vote on this poll.

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /component/communitypolls/?task=poll.vote
    5
    radio
    bottom200

    Advisories