You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openmeetings.apache.org by so...@apache.org on 2016/11/08 01:41:56 UTC

svn commit: r1768618 - in /openmeetings: application/branches/3.1.x/openmeetings-server/src/site/xdoc/ application/branches/3.2.x/openmeetings-server/src/site/xdoc/ application/trunk/openmeetings-server/src/site/xdoc/ site/trunk/

Author: solomax
Date: Tue Nov  8 01:41:56 2016
New Revision: 1768618

URL: http://svn.apache.org/viewvc?rev=1768618&view=rev
Log:
no jira: CVE-2016-8736 is announced

Modified:
    openmeetings/application/branches/3.1.x/openmeetings-server/src/site/xdoc/security.xml
    openmeetings/application/branches/3.2.x/openmeetings-server/src/site/xdoc/security.xml
    openmeetings/application/trunk/openmeetings-server/src/site/xdoc/security.xml
    openmeetings/site/trunk/security.html

Modified: openmeetings/application/branches/3.1.x/openmeetings-server/src/site/xdoc/security.xml
URL: http://svn.apache.org/viewvc/openmeetings/application/branches/3.1.x/openmeetings-server/src/site/xdoc/security.xml?rev=1768618&r1=1768617&r2=1768618&view=diff
==============================================================================
--- openmeetings/application/branches/3.1.x/openmeetings-server/src/site/xdoc/security.xml (original)
+++ openmeetings/application/branches/3.1.x/openmeetings-server/src/site/xdoc/security.xml Tue Nov  8 01:41:56 2016
@@ -39,6 +39,17 @@
 				Please NOTE: only security issues should be reported to this list.
 			</p>
 		</section>
+		<section name="CVE-2016-8736 - Apache Openmeetings RMI Registry Java Deserialization RCE">
+			<p>Severity: Moderate</p>
+			<p>Vendor: The Apache Software Foundation</p>
+			<p>Versions Affected: Apache OpenMeetings 3.1.0</p>
+			<p>Description: Apache Openmeetings is vulnerable to Remote Code Execution via RMI deserialization attack<br/>
+				<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3089">CVE-2016-3089</a>
+			</p>
+			<p>The issue was fixed in 3.1.2<br/>
+				All users are recommended to upgrade to Apache OpenMeetings 3.1.3</p>
+			<p>Credit: This issue was identified by Jacob Baines, Tenable Network Security</p>
+		</section>
 		<section name="CVE-2016-3089 - Apache OpenMeetings XSS in SWF panel">
 			<p>Severity: Moderate</p>
 			<p>Vendor: The Apache Software Foundation</p>

Modified: openmeetings/application/branches/3.2.x/openmeetings-server/src/site/xdoc/security.xml
URL: http://svn.apache.org/viewvc/openmeetings/application/branches/3.2.x/openmeetings-server/src/site/xdoc/security.xml?rev=1768618&r1=1768617&r2=1768618&view=diff
==============================================================================
--- openmeetings/application/branches/3.2.x/openmeetings-server/src/site/xdoc/security.xml (original)
+++ openmeetings/application/branches/3.2.x/openmeetings-server/src/site/xdoc/security.xml Tue Nov  8 01:41:56 2016
@@ -39,6 +39,17 @@
 				Please NOTE: only security issues should be reported to this list.
 			</p>
 		</section>
+		<section name="CVE-2016-8736 - Apache Openmeetings RMI Registry Java Deserialization RCE">
+			<p>Severity: Moderate</p>
+			<p>Vendor: The Apache Software Foundation</p>
+			<p>Versions Affected: Apache OpenMeetings 3.1.0</p>
+			<p>Description: Apache Openmeetings is vulnerable to Remote Code Execution via RMI deserialization attack<br/>
+				<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3089">CVE-2016-3089</a>
+			</p>
+			<p>The issue was fixed in 3.1.2<br/>
+				All users are recommended to upgrade to Apache OpenMeetings 3.1.3</p>
+			<p>Credit: This issue was identified by Jacob Baines, Tenable Network Security</p>
+		</section>
 		<section name="CVE-2016-3089 - Apache OpenMeetings XSS in SWF panel">
 			<p>Severity: Moderate</p>
 			<p>Vendor: The Apache Software Foundation</p>

Modified: openmeetings/application/trunk/openmeetings-server/src/site/xdoc/security.xml
URL: http://svn.apache.org/viewvc/openmeetings/application/trunk/openmeetings-server/src/site/xdoc/security.xml?rev=1768618&r1=1768617&r2=1768618&view=diff
==============================================================================
--- openmeetings/application/trunk/openmeetings-server/src/site/xdoc/security.xml (original)
+++ openmeetings/application/trunk/openmeetings-server/src/site/xdoc/security.xml Tue Nov  8 01:41:56 2016
@@ -39,6 +39,17 @@
 				Please NOTE: only security issues should be reported to this list.
 			</p>
 		</section>
+		<section name="CVE-2016-8736 - Apache Openmeetings RMI Registry Java Deserialization RCE">
+			<p>Severity: Moderate</p>
+			<p>Vendor: The Apache Software Foundation</p>
+			<p>Versions Affected: Apache OpenMeetings 3.1.0</p>
+			<p>Description: Apache Openmeetings is vulnerable to Remote Code Execution via RMI deserialization attack<br/>
+				<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3089">CVE-2016-3089</a>
+			</p>
+			<p>The issue was fixed in 3.1.2<br/>
+				All users are recommended to upgrade to Apache OpenMeetings 3.1.3</p>
+			<p>Credit: This issue was identified by Jacob Baines, Tenable Network Security</p>
+		</section>
 		<section name="CVE-2016-3089 - Apache OpenMeetings XSS in SWF panel">
 			<p>Severity: Moderate</p>
 			<p>Vendor: The Apache Software Foundation</p>

Modified: openmeetings/site/trunk/security.html
URL: http://svn.apache.org/viewvc/openmeetings/site/trunk/security.html?rev=1768618&r1=1768617&r2=1768618&view=diff
==============================================================================
--- openmeetings/site/trunk/security.html (original)
+++ openmeetings/site/trunk/security.html Tue Nov  8 01:41:56 2016
@@ -1,6 +1,6 @@
 <!DOCTYPE html>
 <!--
- | Generated by Apache Maven Doxia Site Renderer 1.7.1 at 2016-09-23 
+ | Generated by Apache Maven Doxia Site Renderer 1.7.1 at 2016-11-08 
  | Rendered using Apache Maven Fluido Skin 1.5
 -->
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
@@ -8,7 +8,7 @@
     <meta charset="UTF-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
     <meta name="author" content="Apache OpenMeetings Team" />
-    <meta name="Date-Revision-yyyymmdd" content="20160923" />
+    <meta name="Date-Revision-yyyymmdd" content="20161108" />
     <meta http-equiv="Content-Language" content="en" />
     <title>Apache OpenMeetings Project &#x2013; Security Vulnerabilities</title>
     <link rel="stylesheet" href="./css/apache-maven-fluido-1.5.min.css" />
@@ -42,7 +42,7 @@
       <div id="breadcrumbs">
         <ul class="breadcrumb">
               
-                  <li id="publishDate">Last Published: 2016-09-23
+                  <li id="publishDate">Last Published: 2016-11-08
                    </li>
                       
               
@@ -785,6 +785,25 @@
 		</div>
 		
 <div class="section">
+<h2><a name="CVE-2016-8736_-_Apache_Openmeetings_RMI_Registry_Java_Deserialization_RCE"></a>CVE-2016-8736 - Apache Openmeetings RMI Registry Java Deserialization RCE</h2>
+			
+<p>Severity: Moderate</p>
+			
+<p>Vendor: The Apache Software Foundation</p>
+			
+<p>Versions Affected: Apache OpenMeetings 3.1.0</p>
+			
+<p>Description: Apache Openmeetings is vulnerable to Remote Code Execution via RMI deserialization attack<br />
+				<a class="externalLink" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3089">CVE-2016-3089</a>
+			</p>
+			
+<p>The issue was fixed in 3.1.2<br />
+				All users are recommended to upgrade to Apache OpenMeetings 3.1.3</p>
+			
+<p>Credit: This issue was identified by Jacob Baines, Tenable Network Security</p>
+		</div>
+		
+<div class="section">
 <h2><a name="CVE-2016-3089_-_Apache_OpenMeetings_XSS_in_SWF_panel"></a>CVE-2016-3089 - Apache OpenMeetings XSS in SWF panel</h2>
 			
 <p>Severity: Moderate</p>