========================================================================== Ubuntu Security Notice USN-7139-1 December 05, 2024
shiro vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS Summary: Apache Shiro could be made to run programs or expose sensitive information over the network. Software Description: - shiro: Powerful and easy-to-use Java security framework Details: It was discovered that Apache Shiro used a static cipher within the "Remember Me" feature inside authentication by default. An attacker could possibly use this issue to achieve remote code execution or obtain sensitive information. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS libshiro-java 1.2.4-1ubuntu0.1~esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7139-1 CVE-2016-4437
OpenPGP_signature.asc
Description: OpenPGP digital signature
