Ubuntu 16.04 LTS: USN-7139-1 critical: Apache Shiro remote access risk
ubuntu
December 5, 2024
Apache Shiro could be made to run programs or expose sensitive information over the network.
Summary
A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS Summary: Apache Shiro could be made to run programs or expose sensitive information over the network. Software Description: - shiro: Powerful and easy-to-use Java security framework Details: It was discovered that Apache Shiro used a static cipher within the "Remember Me" feature inside authentication by default. An attacker could possibly use this issue to achieve remote code execution or obtain sensitive information.
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS libshiro-java 1.2.4-1ubuntu0.1~esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-7139-1
CVE-2016-4437
PREVIOUS 
NEXT Severity
critical
Lowest
Low
Medium
High
Critical
Ubuntu Security Notice USN-7139-1
Package Information
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!