RedHat has fixed a security issue in logback in Satellite 6.4:
The issue is fixed upstream in 1.2.0.
Mageia 6 is also affected.
Fixed upstream in 1.2.0
Fixed both Cauldron and mga6!
Updated logback packages fix security vulnerability:
It was found that logback is vulnerable to a deserialization issue. Logback can
be configured to allow remote logging through SocketServer/ServerSocketReceiver
interfaces that can accept untrusted serialized data. Authenticated attackers
on the adjacent network can leverage this vulnerability to execute arbitrary
code through deserialization of custom gadget chains (CVE-2017-5929).
Updated packages in core/updates_testing:
Fixed upstream in 1.2.0 =>
MGA6-32 MATE on IBM Thinkpad R50e
No installation issues.
Installed cleanly, chased around to find some easy example, but this seems to be a java library which requires some additional code and configuration file to get anything working.
I propose to OK on clean install unless someone has a better idea.
Advisory committed to svn. Validating based on comment 3.
An update for this issue has been pushed to the Mageia Updates repository.