Mandriva Linux Security Advisory : openjpa (MDVSA-2013:246)
High Nessus Plugin ID 70325
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionUpdated openjpa packages fix security vulnerability :
The BrokerFactory functionality in Apache OpenJPA before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs (CVE-2013-1768).
SolutionUpdate the affected openjpa, openjpa-javadoc and / or openjpa-tools packages.