Linux Security
Linux Security
Linux Security

Mageia 2021-0183: velocity security update

Date 12 Apr 2021
320
Posted By LinuxSecurity Advisories
An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2 (CVE-2020-13936).
MGASA-2021-0183 - Updated velocity packages fix security vulnerability

Publication date: 12 Apr 2021
URL: https://advisories.mageia.org/MGASA-2021-0183.html
Type: security
Affected Mageia releases: 7, 8
CVE: CVE-2020-13936

An attacker that is able to modify Velocity templates may execute arbitrary
Java code or run arbitrary system commands with the same privileges as the
account running the Servlet container.  This applies to applications that allow
untrusted users to upload/modify velocity templates running Apache Velocity
Engine versions up to 2.2 (CVE-2020-13936).

References:
- https://bugs.mageia.org/show_bug.cgi?id=28681
- https://www.openwall.com/lists/oss-security/2021/03/10/1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13936

SRPMS:
- 8/core/velocity-1.7-33.1.mga8
- 7/core/velocity-1.7-22.1.mga7

Advisories

LinuxSecurity Poll

How frequently do you patch/update your system?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum 0 answer(s) and maximum 3 answer(s).
/main-polls/52-how-frequently-do-you-patch-update-your-system?task=poll.vote&format=json
52
radio
[{"id":"179","title":"As soon as patches\/updates are released - I track advisories for my distro(s) diligently","votes":"67","type":"x","order":"1","pct":75.28,"resources":[]},{"id":"180","title":"Every so often, when I think of it","votes":"14","type":"x","order":"2","pct":15.73,"resources":[]},{"id":"181","title":"Hardly ever","votes":"8","type":"x","order":"3","pct":8.99,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

Please vote first in order to view vote results.

VOTE ON THE POLL PAGE


VIEW MORE POLLS

bottom 200

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.