Boletines de Vulnerabilidades

DSA-3403 libcommons-collections3-java - security update

Información sobre el sistema
   
Software afectado Debian

Descripción
This update backports changes from the commons-collections 3.2.2 releasewhich disable the deserialisation of the functors classes unless thesystem property org.apache.commons.collections.enableUnsafeSerializationis set to true. This fixes a vulnerability in unsafe applicationsdeserialising objects from untrusted sources without sanitising theinput data. Classes considered unsafe are: CloneTransformer, ForClosure,InstantiateFactory, InstantiateTransformer,

More info:

https://www.debian.org/security/2015/dsa-3403

Identificadores estándar
Propiedad Valor
CVE DSA-3403.

Histórico de versiones
Versión Comentario Fecha
1.0 Advisory issued 2015-11-27

Miembros de

CERT
FIRST
TF-CSIRT
EGC Group
UE
Red Nacional de SOC
Foro Nacional de Ciberseguridad
CSIRT.es
Ministerio de Defensa
CNI
CCN
CCN-CERT