- Vulnerability/
- RHSA-2017:2596
RHSA-2017:2596: Important: rh-maven33-groovy security update
First published: Tue Sep 05 2017(Updated: )
Groovy is an agile and dynamic language for the Java Virtual Machine, built upon Java with features inspired by languages like Python, Ruby, and Smalltalk. It seamlessly integrates with all existing Java objects and libraries and compiles straight to Java bytecode so you can use it anywhere you can use Java.<br>Security Fix(es):<br><li> Multiple object deserialization flaws were discovered in the MethodClosure class in Groovy. A specially crafted serialized object deserialized by an application using the Groovy library could cause the application to execute arbitrary code. (CVE-2015-3253, CVE-2016-6814)</li>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/rh-maven33-groovy | <1.8.9-7.19.el7 | 1.8.9-7.19.el7 |
| redhat/rh-maven33-groovy | <1.8.9-7.19.el7 | 1.8.9-7.19.el7 |
| redhat/rh-maven33-groovy-javadoc | <1.8.9-7.19.el7 | 1.8.9-7.19.el7 |
| redhat/rh-maven33-groovy | <1.8.9-7.19.el6 | 1.8.9-7.19.el6 |
| redhat/rh-maven33-groovy | <1.8.9-7.19.el6 | 1.8.9-7.19.el6 |
| redhat/rh-maven33-groovy-javadoc | <1.8.9-7.19.el6 | 1.8.9-7.19.el6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2017:2596
- agent/software-canonical-lookup
- package-manager/redhat