18872 – struts new security issues CVE-2016-1181 and CVE-2016-1182

Bug 18872 - struts new security issues CVE-2016-1181 and CVE-2016-1182

Summary: struts new security issues CVE-2016-1181 and CVE-2016-1182

Status:	RESOLVED DUPLICATE of bug 18763

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	Cauldron
Hardware:	All Linux

Priority:	Normal Severity: critical
Target Milestone:	---
Assignee:	Nicolas Lécureuil
QA Contact:	Sec team

URL:	http://lwn.net/Vulnerabilities/693179/
Whiteboard:	MGA5TOO
Keywords:

Depends on:
Blocks:

Reported:	2016-07-05 20:21 CEST by David Walser
Modified:	2016-07-05 21:20 CEST (History)
CC List:	1 user (show)

See Also:
Source RPM:	struts-1.3.10-18.mga6.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2016-07-05 20:21:21 CEST

Fedora has issued an advisory on June 30:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/UQI2PYM3R4FWEOVHIFT7KUPTILG2DFMZ/

They added this patch to fix the issues:
http://pkgs.fedoraproject.org/cgit/rpms/struts.git/tree/struts-1.3.10-CVE-2016-1181-CVE-2016-1182.patch?id=b87aa7b6738e72bed685560b726f7c3874ae553f

Mageia 5 is also affected.

David Walser 2016-07-05 20:21:31 CEST

CC: (none) => geiger.david68210
Whiteboard: (none) => MGA5TOO

Comment 1 David GEIGER 2016-07-05 21:13:23 CEST

Already reported https://bugs.mageia.org/show_bug.cgi?id=18763

Comment 2 David Walser 2016-07-05 21:20:03 CEST

Whoops, thanks David.

*** This bug has been marked as a duplicate of bug 18763 ***

Status: NEW => RESOLVED
Resolution: (none) => DUPLICATE

Note You need to log in before you can comment on or make changes to this bug.