bsh2-2.0.0.b6-2.7 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10420-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z bsh2-2.0.0.b6-2.7 on GA media These are all security issues fixed in the bsh2-2.0.0.b6-2.7 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10420 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2016-2510/ SUSE CVE CVE-2016-2510 page openSUSE Tumbleweed bsh2-2.0.0.b6-2.7 bsh2-bsf-2.0.0.b6-2.7 bsh2-classgen-2.0.0.b6-2.7 bsh2-demo-2.0.0.b6-2.7 bsh2-javadoc-2.0.0.b6-2.7 bsh2-manual-2.0.0.b6-2.7 bsh2-2.0.0.b6-2.7 as a component of openSUSE Tumbleweed bsh2-bsf-2.0.0.b6-2.7 as a component of openSUSE Tumbleweed bsh2-classgen-2.0.0.b6-2.7 as a component of openSUSE Tumbleweed bsh2-demo-2.0.0.b6-2.7 as a component of openSUSE Tumbleweed bsh2-javadoc-2.0.0.b6-2.7 as a component of openSUSE Tumbleweed bsh2-manual-2.0.0.b6-2.7 as a component of openSUSE Tumbleweed BeanShell (bsh) before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler. CVE-2016-2510 openSUSE Tumbleweed:bsh2-2.0.0.b6-2.7 openSUSE Tumbleweed:bsh2-bsf-2.0.0.b6-2.7 openSUSE Tumbleweed:bsh2-classgen-2.0.0.b6-2.7 openSUSE Tumbleweed:bsh2-demo-2.0.0.b6-2.7 openSUSE Tumbleweed:bsh2-javadoc-2.0.0.b6-2.7 openSUSE Tumbleweed:bsh2-manual-2.0.0.b6-2.7 critical 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-2510.html CVE-2016-2510 https://bugzilla.suse.com/967593 SUSE Bug 967593