[SECURITY] Fedora 23 Update: struts-1.3.10-18.fc23

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2016-21bd6a33af 2016-06-30 14:54:20.832965 -------------------------------------------------------------------------------- Name : struts Product : Fedora 23 Version : 1.3.10 Release : 18.fc23 URL : http://struts.apache.org/ Summary : Web application framework Description : Welcome to the Struts Framework! The goal of this project is to provide an open source framework useful in building web applications with Java Servlet and JavaServer Pages (JSP) technology. Struts encourages application architectures based on the Model-View-Controller (MVC) design paradigm, colloquially known as Model 2 in discussions on various servlet and JSP related mailing lists. Struts includes the following primary areas of functionality: A controller servlet that dispatches requests to appropriate Action classes provided by the application developer. JSP custom tag libraries, and associated support in the controller servlet, that assists developers in creating interactive form-based applications. Utility classes to support XML parsing, automatic population of JavaBeans properties based on the Java reflection APIs, and internationalization of prompts and messages. -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2016-1181, CVE-2016-1182 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1343538 - CVE-2016-1181 struts: Vulnerability in ActionForm allows unintended remote operations against components on server memory https://bugzilla.redhat.com/show_bug.cgi?id=1343538 [ 2 ] Bug #1343540 - CVE-2016-1182 struts: Improper input validation in Validator https://bugzilla.redhat.com/show_bug.cgi?id=1343540 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update struts' at the command line. For more information, refer to "Managing Software with yum", available at https://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------