Hi, The CVE is applicable to struts2, while the version from JPackage is struts-1.3.10-12.el7.noarch. I’m assuming (hoping) that it’s actually too old to be vulnerable.
Cheers, Avi > On 9 Mar 2017, at 5:49 am, Eric <[email protected]> wrote: > > CVE-2017-5638 > > Struts. Our struts package is from the Generic Jpackage repository. The > struts rpm there has not been maintained for years. The current build > directions point at that repository, so I believe that makes ALL current > versions of Spacewalk, including 2.6, vulnerable. > > Thoughts? I believe it's applicable, but I may be mistaken, please correct > me > if I'm wrong!!! > > If it is vulnerable, is there an alternative package that is known to work > with Spacewalk? I am facing the very real possibility of being required to > take my Spacewalk server offline today, a huge impact to my environment. > > Thanks! > > _______________________________________________ > Spacewalk-list mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/spacewalk-list -- Oracle <http://www.oracle.com> Avi Miller | Product Management Director | +61 (3) 8616 3496 Oracle Linux and Virtualization 417 St Kilda Road, Melbourne, Victoria 3004 Australia _______________________________________________ Spacewalk-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/spacewalk-list
