lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20140821063948.GA14953@pisco.westfalen.local>
Date: Thu, 21 Aug 2014 08:39:48 +0200
From: Moritz Muehlenhoff <jmm@...ian.org>
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 2940-1] libstruts1.2-java security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2940-1                   security@...ian.org
http://www.debian.org/security/                        Moritz Muehlenhoff
Aug 21, 2014                           http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : libstruts1.2-java
CVE ID         : CVE-2014-0114

It was discovered that missing access checks in the Struts ActionForm 
object could result in the execution of arbitrary code.

For the stable distribution (wheezy), this problem has been fixed in
version 1.2.9-5+deb7u1.

For the unstable distribution (sid), this problem has been fixed in
version 1.2.9-9.

We recommend that you upgrade your libstruts1.2-java packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@...ts.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJT9ZP+AAoJEBDCk7bDfE42iiUP/0pltqgMucIuY3qSLISTBNTH
PMQIFK1DZpbTb2nGbsww0m6C8pe4ckqKDgezpm58+QVzQszNCK+BVWPsrz8EiXsO
RTuMiQ005MwDgbQvvqDNw8T5zXj3+kBMzF/ZN8jS3pcHGuyn8EtL6JKBzrVhiAM/
YLTgt5wGt2HK7DnmtXroNVuWREk42jD+6cV0E2f16LPpwUWIZnPBpv3CFv+jv9ot
RnJheBm76K9rgnatD54N7rV+JvuRtkidP/cZcMBEZRZTP2enFczcl43VCWYPKbFT
OVS1tKzqf1+hIye8jwcg/W/Gyt5nZPeflzJoYYhaifdojb2H690Dmmm+Bves5Ie8
mJlI74F2pb/vjOmJMDn4Psgk077scYqArpA84edFNU8UJ8IJF1Ue7sas1MITxVDI
MYl/2+HVt6QnxxUMMOJNIqIbzuogN5KUExHJgBpx6nJM/t1jZw4I2GQ4ilB7eUGk
V/sLBBL8NVoJDw8W7R0xxcjwhZ9skJt9ab4vLVreAr1dRPYYUHa2ttIpSgBQ5gmD
okw6okATTeo8EKjhfOn1PIbpEF6nRk/lbDu4uXJsuvp+2woNch2lUPLo64OgwJcQ
I2jH4+sliClgMqw4VBk3bJ7M89y/N3vI39qO7wWtGRG68Cu8S2fa8J635tIWX4Vx
u5Zped3uPxyEKk+90K8/
=yEUi
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ