Описание
ELSA-2021-1354: xstream security update (IMPORTANT)
[1.3.1-13]
- Fix remote code execution vulnerability
- Resolves: CVE-2021-21344
- Resolves: CVE-2021-21345
- Resolves: CVE-2021-21346
- Resolves: CVE-2021-21347
- Resolves: CVE-2021-21350
Обновленные пакеты
Oracle Linux 7
Oracle Linux aarch64
xstream
1.3.1-13.el7_9
xstream-javadoc
1.3.1-13.el7_9
Oracle Linux x86_64
xstream
1.3.1-13.el7_9
xstream-javadoc
1.3.1-13.el7_9
Ссылки на источники
Связанные уязвимости
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.