SUSE-SU-2014:0902-1: important: Security update for struts

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Tue Jul 15 17:10:18 MDT 2014


   SUSE Security Update: Security update for struts
______________________________________________________________________________

Announcement ID:    SUSE-SU-2014:0902-1
Rating:             important
References:         #875455 
Cross-References:   CVE-2014-0114
Affected Products:
                    SUSE Manager Server
                    SUSE Manager 1.7 for SLE 11 SP2
                    SUSE Linux Enterprise Software Development Kit 11 SP3
______________________________________________________________________________

   An update that fixes one vulnerability is now available.

Description:


   Apache Struts was updated to fix a security issue:

       * CVE-2014-0114: The ActionForm object in Apache Struts 1.x through
         1.3.10 allows remote attackers to "manipulate" the ClassLoader and
         execute arbitrary code via the class parameter, which is passed to
         the getClass method.

   Security Issue reference:

       * CVE-2014-0114
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0114>


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Manager Server:

      zypper in -t patch sleman21-struts-9423

   - SUSE Manager 1.7 for SLE 11 SP2:

      zypper in -t patch sleman17sp2-struts-9422

   - SUSE Linux Enterprise Software Development Kit 11 SP3:

      zypper in -t patch sdksp3-struts-9423

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Manager Server (noarch):

      struts-1.2.9-162.33.1

   - SUSE Manager 1.7 for SLE 11 SP2 (noarch):

      struts-1.2.9-162.33.1

   - SUSE Linux Enterprise Software Development Kit 11 SP3 (noarch):

      struts-1.2.9-162.33.1
      struts-javadoc-1.2.9-162.33.1
      struts-manual-1.2.9-162.33.1


References:

   http://support.novell.com/security/cve/CVE-2014-0114.html
   https://bugzilla.novell.com/875455
   http://download.suse.com/patch/finder/?keywords=11dc6b57770cce35af080f561b5ae3f7
   http://download.suse.com/patch/finder/?keywords=fae66e428a1fc1171cb8d6304d55ab38



More information about the sle-security-updates mailing list