Security update for struts
SUSE Security Update: Security update for struts
Apache Struts was updated to fix a security issue:
* CVE-2014-0114: The ActionForm object in Apache Struts 1.x through
1.3.10 allows remote attackers to "manipulate" the ClassLoader and
execute arbitrary code via the class parameter, which is passed to
the getClass method.
Security Issue reference:
* CVE-2014-0114
| Announcement ID: | SUSE-SU-2014:0902-1 |
| Rating: | important |
| References: | #875455 |
| Affected Products: |
An update that fixes one vulnerability is now available.
Description:
Apache Struts was updated to fix a security issue:
* CVE-2014-0114: The ActionForm object in Apache Struts 1.x through
1.3.10 allows remote attackers to "manipulate" the ClassLoader and
execute arbitrary code via the class parameter, which is passed to
the getClass method.
Security Issue reference:
* CVE-2014-0114
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Manager Server:
zypper in -t patch sleman21-struts-9423 - SUSE Manager 1.7 for SLE 11 SP2:
zypper in -t patch sleman17sp2-struts-9422 - SUSE Linux Enterprise Software Development Kit 11 SP3:
zypper in -t patch sdksp3-struts-9423
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Manager Server (noarch):
- struts-1.2.9-162.33.1
- SUSE Manager 1.7 for SLE 11 SP2 (noarch):
- struts-1.2.9-162.33.1
- SUSE Linux Enterprise Software Development Kit 11 SP3 (noarch):
- struts-1.2.9-162.33.1
- struts-javadoc-1.2.9-162.33.1
- struts-manual-1.2.9-162.33.1
References:
- http://support.novell.com/security/cve/CVE-2014-0114.html
- https://bugzilla.novell.com/875455
- http://download.suse.com/patch/finder/?keywords=11dc6b57770cce35af080f561b5ae3f7
- http://download.suse.com/patch/finder/?keywords=fae66e428a1fc1171cb8d6304d55ab38