groovy-1.8.9-8.el7

エラータID: AXSA:2017-2200:01

Release date: 
Thursday, September 14, 2017 - 10:59
Subject: 
groovy-1.8.9-8.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

Groovy is an agile and dynamic language for the Java Virtual Machine,
built upon Java with features inspired by languages like Python, Ruby and
Smalltalk. It seamlessly integrates with all existing Java objects and
libraries and compiles straight to Java bytecode so you can use it anywhere
you can use Java.

CVE-2016-6814
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.

Solution: 

Update packages.

CVEs: 
CVE-2016-6814
When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java serialization mechanisms, e.g. to communicate between servers or to store local data, it was possible for an attacker to bake a special serialized object that will execute code directly when deserialized. All applications which rely on serialization and do not isolate the code which deserializes objects were subject to this vulnerability.
Additional Info: 

N/A

Download: 

SRPMS
  1. groovy-1.8.9-8.el7.src.rpm
    MD5: 71911ee6823dc133d98c20be1cf3175c
    SHA-256: 24daef86be5dd91fdf50e85ea69225b8d6c5ea644fcd3fb8ed4d358a923bbce8
    Size: 12.16 MB

Asianux Server 7 for x86_64
  1. groovy-1.8.9-8.el7.noarch.rpm
    MD5: 944d18e8c269707666fe519fde381b2b
    SHA-256: 39d99fae6240f13e1ea4e0a08d0b5f5d52c6bc358ec26003ae98ffd56fe3e6bd
    Size: 4.68 MB
  2. groovy-javadoc-1.8.9-8.el7.noarch.rpm
    MD5: 33e43959a9d9301d069eca0e6d33418d
    SHA-256: 2787792da6577c7c0ac71447fd03d09c6f308821fc0bedeb831a588a5a4582b5
    Size: 1.61 MB