1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 4908-1] libhibernate3-java security update

    From Salvatore Bonaccorso@21:1/5 to All on Thu Apr 29 21:50:01 2021
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-4908-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso
    April 29, 2021 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : libhibernate3-java
    CVE ID : CVE-2020-25638

    It was discovered that libhibernate3-java, a powerful, high performance object/relational persistence and query service, is prone to an SQL
    injection vulnerability allowing an attacker to access unauthorized
    information or possibly conduct further attacks.

    For the stable distribution (buster), this problem has been fixed in
    version 3.6.10.Final-9+deb10u1.

    We recommend that you upgrade your libhibernate3-java packages.

    For the detailed security status of libhibernate3-java please refer to
    its security tracker page at: https://security-tracker.debian.org/tracker/libhibernate3-java

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org
    -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmCLC6pfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Q/tw/9ETeQM4ZhQL3Oiap4aHMmFV64o1zds6WlP6KzAQ7AtAbIzvrrof62S5uZ 4uOZnqM/douZMb6+e5Mr9THmnqNRzRf8jrSszGJ3DUQkEscnXjTJ8oYYg1rffpi5 NjWwSFHXPvHUy75yti7u4bNk8BIz0dDDfU2hg8mg5ndmGzSbQTC5LHBmOihQ2XAD A+lXtomdFOT5ndMZpF7A5tKCL7dynFLzmz+avfyg2cFaTSmN2HeJPN8Yd98oZpWy GV3Nt+i8AeJ9JEQfNvp0GfRKE2pV/qQgxiLor0q3wm57T76Vdwoc4vRo3DGOhFq0 qDRFyK3BdxnhaoQaPa5dHCp/jsut283SCLlO86rmk5gJLsVtANwnemHO8tn2a8Q0 n22z2okGbi9huGjq+EqM8hKBve4gZT5H0ilDMW+nVJeS4Qxn0zerm/st5Nc3+kEX eWze7FrwmHZQg8Qe3inQQ3vLBgfsmqB8DdL6jsHfzxw+RBfo7rDpPwe2XctVjwDU egeGU3YUnzHMNNp7IIYy+pRHJINJrJz/KwhzSqLoIpyGbJH8po5mREYcpdVmt8xT uhwfN+HzvaRCledhEqll3Tfl+Rkac2FWzDb924f6NjsDVWMnwLwYOVurCxoz+j3m QsHNBHAWQ2eznvuyb00KzvgIdsSxK/BkGodM0NjgOe5Vgg4fQ4s=
    =bAnS
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)