Security update for bsh2 SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:0788-1 Final 1 1 2016-03-16T15:05:06Z current 2016-03-16T15:05:06Z 2016-03-16T15:05:06Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for bsh2 This update for bsh2 fixes the following issues: - CVE-2016-2510: An application that includes BeanShell on the classpath may be vulnerable if another part of the application uses Java serialization or XStream to deserialize data from an untrusted source. Please see https://github.com/beanshell/beanshell/releases/tag/2.0b6 for more information. This update was imported from the SUSE:SLE-12:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00056.html E-Mail link for openSUSE-SU-2016:0788-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.1 bsh2-2.0.0.b5-30.1 bsh2-bsf-2.0.0.b5-30.1 bsh2-classgen-2.0.0.b5-30.1 bsh2-demo-2.0.0.b5-30.1 bsh2-javadoc-2.0.0.b5-30.1 bsh2-manual-2.0.0.b5-30.1 bsh2-src-2.0.0.b5-30.1 bsh2-2.0.0.b5-30.1 as a component of openSUSE Leap 42.1 bsh2-bsf-2.0.0.b5-30.1 as a component of openSUSE Leap 42.1 bsh2-classgen-2.0.0.b5-30.1 as a component of openSUSE Leap 42.1 bsh2-demo-2.0.0.b5-30.1 as a component of openSUSE Leap 42.1 bsh2-javadoc-2.0.0.b5-30.1 as a component of openSUSE Leap 42.1 bsh2-manual-2.0.0.b5-30.1 as a component of openSUSE Leap 42.1 bsh2-src-2.0.0.b5-30.1 as a component of openSUSE Leap 42.1 BeanShell (bsh) before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler. CVE-2016-2510 openSUSE Leap 42.1:bsh2-2.0.0.b5-30.1 openSUSE Leap 42.1:bsh2-bsf-2.0.0.b5-30.1 openSUSE Leap 42.1:bsh2-classgen-2.0.0.b5-30.1 openSUSE Leap 42.1:bsh2-demo-2.0.0.b5-30.1 openSUSE Leap 42.1:bsh2-javadoc-2.0.0.b5-30.1 openSUSE Leap 42.1:bsh2-manual-2.0.0.b5-30.1 openSUSE Leap 42.1:bsh2-src-2.0.0.b5-30.1 critical 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00056.html https://www.suse.com/security/cve/CVE-2016-2510.html CVE-2016-2510 https://bugzilla.suse.com/967593 SUSE Bug 967593