Mageia: 2019-0399 Moderate: Apache Commons Beanutils Classloader Risk
mageia
December 19, 2019
Updated apache-commons-beanutils packages fix security vulnerability: In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ab...
Summary
Updated apache-commons-beanutils packages fix security vulnerability:
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was
added which allows suppressing the ability for an attacker to access the
classloader via the class property available on all Java objects. We,
however were not using this by default characteristic of the
PropertyUtilsBean (CVE-2019-10086).
Also, the apache-commons-collections package has been rebuilt to regenerate
the OSGi metadata, to allow the apache-commons-beanutils package to build.
References
- https://bugs.mageia.org/show_bug.cgi?id=25765
- - https://www.cve.org/CVERecord?id=CVE-2019-10086
Resolution
SRPMS
- 7/core/apache-commons-beanutils-1.9.4-1.mga7
- 7/core/apache-commons-collections-3.2.2-7.1.mga7
PREVIOUS
NEXT
Publication date: 19 Dec 2019
URL: https://advisories.mageia.org/MGASA-2019-0399.html
Type: security
CVE: CVE-2019-10086
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!