Home / vulnerabilitiesPDF  

Debian Security Advisory 3536-1

Posted on 31 March 2016
Source : packetstormsecurity.org Link

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3536-1 security@debian.org
https://www.debian.org/security/ Sebastien Delafond
March 31, 2016 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : libstruts1.2-java
CVE ID : CVE-2015-0899

It was discovered that libstruts1.2-java, a Java framework for MVC
applications, contains a bug in its multi-page validation code. This
allows input validation to be bypassed, even if MPV is not used
directly.

For the oldstable distribution (wheezy), this problem has been fixed
in version 1.2.9-5+deb7u2.

We recommend that you upgrade your libstruts1.2-java packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCgAGBQJW/O4DAAoJEBC+iYPz1Z1kB2UIAKMa1/9Udlab/7QeTxDdBuW2
tYu4RphjaRc7P7tto+Sznz2rIGT/kEvkRwQvuhsi1lqPfvXLQABjq/hcDlNpWFjB
aqJjEwalipEdOfcwMkyfiWYfPzwyazipgPYsA/h4OpGOoioUcx151RgR8UfEnZDl
eApRg3RP5TsyYevGDbmUjBkCmhcbx8lci9LN7onuQpFY6/AD5C6Od2qwaSuPWwis
KrgfjuzQlvvFrM+2ZY/b8KPAOoPml+k4I4dqQ1aFu0Yu7702Mgwkb6wMP3MfSaRc
8qRxoBR6a+BO/R2fOtdDkI5PcM+B0qQAc3yQol8WF8ouUsN1KHn4DVKjGq8BK2I=
=8rRO
-----END PGP SIGNATURE-----

 

TOP