MGASA-2019-0399

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2019-0399.html

Import Source

https://advisories.mageia.org/MGASA-2019-0399.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2019-0399

Related

CVE-2019-10086

Published

2019-12-19T13:44:26Z

Modified

2019-12-19T13:25:37Z

Summary

Updated apache-commons-beanutils packages fix security vulnerability

Details

Updated apache-commons-beanutils packages fix security vulnerability:

In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean (CVE-2019-10086).

Also, the apache-commons-collections package has been rebuilt to regenerate the OSGi metadata, to allow the apache-commons-beanutils package to build.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:7 / apache-commons-beanutils

Package

Name: apache-commons-beanutils
Purl: pkg:rpm/mageia/apache-commons-beanutils?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.9.4-1.mga7

Ecosystem specific

{
    "section": "core"
}

Mageia:7 / apache-commons-collections

Package

Name: apache-commons-collections
Purl: pkg:rpm/mageia/apache-commons-collections?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.2.2-7.1.mga7

Ecosystem specific

{
    "section": "core"
}