23690 2010-06-29 07:42:37 +0400 CVE-2010-1622: Spring Framework execution of arbitrary code 2010-09-28 14:14:07 +0400 1 1 4 Development Sisyphus spring2 unstable all Linux CLOSED FIXED security P3 major --- 1 php-coder viy qa-sisyphus oldest_to_newest 110194 0 php-coder 2010-06-29 07:42:37 +0400 The Spring Framework provides a mechanism to use client provided data to update the properties of an object. This mechanism allows an attacker to modify the properties of the class loader used to load the object (via 'class.classloader'). This can lead to arbitrary command execution since, for example, an attacker can modify the URLs used by the class loader to point to locations controlled by the attacker. http://www.springsource.com/security/cve-2010-1622 112798 1 repository-robot 2010-09-28 14:14:07 +0400 spring2-0:2.5.6-alt2_6.SEC02jpp6 -> sisyphus: * Tue Sep 28 2010 Igor Vlasenko <viy@altlinux> 0:2.5.6-alt2_6.SEC02jpp6 - new bugfix release SEC02 (closes: #23690) * Tue Sep 28 2010 Igor Vlasenko <viy@altlinux> 0:2.5.6-alt2_6.SEC01jpp6 - new bugfix release SEC01