==========================================================================
Ubuntu Security Notice USN-7139-1
December 05, 2024

shiro vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS

Summary:

Apache Shiro could be made to run programs or expose sensitive information
over the network.

Software Description:
- shiro: Powerful and easy-to-use Java security framework

Details:

It was discovered that Apache Shiro used a static cipher within the
"Remember Me" feature inside authentication by default. An attacker could
possibly use this issue to achieve remote code execution or obtain
sensitive information.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS
  libshiro-java                   1.2.4-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7139-1
  CVE-2016-4437