Joined: 12 May 2004
|Posted: Sat Jul 30, 2016 1:26 am Post subject: [ GLSA 201607-17 ] BeanShell
|Gentoo Linux Security Advisory
Title: BeanShell: Arbitrary code execution (GLSA 201607-17)
Date: July 30, 2016
BeanShell is vulnerable to the remote execution of arbitrary code
via Java serialization or XStream from an untrusted source.
BeanShell is a small, free, embeddable Java source interpreter with
object scripting language features, written in Java.
Vulnerable: < 2.0_beta6
Unaffected: >= 2.0_beta6
Architectures: All supported architectures
An application that includes BeanShell on the classpath may be
vulnerable if another part of the application uses Java serialization or
XStream to deserialize data from an untrusted source.
Remote attackers could execute arbitrary code including shell commands.
There is no known workaround at this time.
All BeanShell users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --verbose --oneshot ">=dev-java/bsh-2.0_beta6"
BeanShell 2.0b6 Release Information