-----BEGIN PGP SIGNATURE-----
wsF5BAABCAAjFiEELOLXZEFYQHcSWEHiyfW2m9Ldu6sFAmdR4JYFAwAAAAAACgkQyfW2m9Ldu6vX
bQ//dbxdXAqgCCwCm3C44prQf/MK958Q6D8bqO66oyVaPylXVqKzkJ45tPfKho8WvIsnpG7o2Loa
H1OOgHI/ksd+AiBuKmWyGKAMvsflKCSglU8zNtjojnuHAQTNL12wt4xePS436owqVoNleOXpE+wk
16/SwfXOyeJ2P9Ne0kWKDRgpW/QKAV4izeBD/9sgKgmvcwedzmHLOM1tAMwwodRhLiOuyTuVZLZt
/0pttFHTBcau9XH7ibOULQJyVGcciURXlTgJuPK9CSEqrcyOhuTs3L5+bjrHmB/VNuzmsON10HRn
cB1fH2jobFxWziQLj0Yqrsh+QdajqeJxa4uq+ACvsOJpkRrzST/aYXzlfbPKVyCYCWeGfu7tTSjO
uqcREvlZKkxsx3LBGBAzvNVY/GNIo6y2DtfFaw4nMl9Pwaer6wyTbfJ4dmibsd1aYKL2iEpn+vZ/
JuPk1xi+N1lOnAzn5MR98Jm9Ss88E4Nq1DWRB38OlukgGEnhr/UJRmvNOb1FDyChZL46KScO0rHS
gIAR219FQUKz2gpYgXZRpQIpG+bcD0ODGFziwnR/B9OxI6lywM5W6dgNIBMe5EMjK/G8u/Kk05f2
D1yHXnVdo+j0zYiFD/1BZJVmvnnBll8Kw0oM4w0FkRCKzGBIwIeaJACOygqQfMnuZ2k+UmzG3nPK
EoY=
=6V1p
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7139-1
December 05, 2024
shiro vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
Summary:
Apache Shiro could be made to run programs or expose sensitive information
over the network.
Software Description:
- shiro: Powerful and easy-to-use Java security framework
Details:
It was discovered that Apache Shiro used a static cipher within the
"Remember Me" feature inside authentication by default. An attacker could
possibly use this issue to achieve remote code execution or obtain
sensitive information.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS
libshiro-java 1.2.4-1ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7139-1
CVE-2016-4437
No comments:
Post a Comment