drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in xstream
Name: |
Mehrere Probleme in xstream |
|
ID: |
RHSA-2021:1354-01 |
|
Distribution: |
Red Hat |
|
Plattformen: |
Red Hat Enterprise Linux |
|
Datum: |
Mo, 26. April 2021, 20:09 |
|
Referenzen: |
https://access.redhat.com/security/cve/CVE-2021-21350
https://access.redhat.com/security/cve/CVE-2021-21344
https://access.redhat.com/security/cve/CVE-2021-21346
https://access.redhat.com/security/cve/CVE-2021-21345
https://access.redhat.com/security/cve/CVE-2021-21347 |
|
Applikationen: |
XStream |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: xstream security update Advisory ID: RHSA-2021:1354-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:1354 Issue date: 2021-04-26 CVE Names: CVE-2021-21344 CVE-2021-21345 CVE-2021-21346 CVE-2021-21347 CVE-2021-21350 =====================================================================
1. Summary:
An update for xstream is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Client Optional (v. 7) - noarch Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch Red Hat Enterprise Linux Server Optional (v. 7) - noarch Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch
3. Description:
XStream is a Java XML serialization library to serialize objects to and deserialize object from XML.
Security Fix(es):
* XStream: Unsafe deserizaliation of javax.sql.rowset.BaseRowSet (CVE-2021-21344)
* XStream: Unsafe deserizaliation of com.sun.corba.se.impl.activation.ServerTableEntry (CVE-2021-21345)
* XStream: Unsafe deserizaliation of sun.swing.SwingLazyValue (CVE-2021-21346)
* XStream: Unsafe deserizaliation of com.sun.tools.javac.processing.JavacProcessingEnvironment NameProcessIterator (CVE-2021-21347)
* XStream: Unsafe deserizaliation of com.sun.org.apache.bcel.internal.util.ClassLoader (CVE-2021-21350)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1942554 - CVE-2021-21344 XStream: Unsafe deserizaliation of javax.sql.rowset.BaseRowSet 1942558 - CVE-2021-21345 XStream: Unsafe deserizaliation of com.sun.corba.se.impl.activation.ServerTableEntry 1942578 - CVE-2021-21346 XStream: Unsafe deserizaliation of sun.swing.SwingLazyValue 1942629 - CVE-2021-21347 XStream: Unsafe deserizaliation of com.sun.tools.javac.processing.JavacProcessingEnvironment NameProcessIterator 1942637 - CVE-2021-21350 XStream: Unsafe deserizaliation of com.sun.org.apache.bcel.internal.util.ClassLoader
6. Package List:
Red Hat Enterprise Linux Client Optional (v. 7):
Source: xstream-1.3.1-13.el7_9.src.rpm
noarch: xstream-1.3.1-13.el7_9.noarch.rpm xstream-javadoc-1.3.1-13.el7_9.noarch.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
Source: xstream-1.3.1-13.el7_9.src.rpm
noarch: xstream-1.3.1-13.el7_9.noarch.rpm xstream-javadoc-1.3.1-13.el7_9.noarch.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
Source: xstream-1.3.1-13.el7_9.src.rpm
noarch: xstream-1.3.1-13.el7_9.noarch.rpm xstream-javadoc-1.3.1-13.el7_9.noarch.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
Source: xstream-1.3.1-13.el7_9.src.rpm
noarch: xstream-1.3.1-13.el7_9.noarch.rpm xstream-javadoc-1.3.1-13.el7_9.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2021-21344 https://access.redhat.com/security/cve/CVE-2021-21345 https://access.redhat.com/security/cve/CVE-2021-21346 https://access.redhat.com/security/cve/CVE-2021-21347 https://access.redhat.com/security/cve/CVE-2021-21350 https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYIZUmtzjgjWX9erEAQinhg/+NACsFebALwjwqDakWHLCE9vxmDm+cfGM jwVFv04id2onWd+6xLm3jZycbTTz1r59WMjvZ0GPOw1sHrPDzojOpx45ihcmBlNi JQDgxvFbyJfNByPVBqKYa+yUcYzIYZ2e5OSmK+o59+e0k2jWJVa/5HkFdQ/vflDE 4h25iR6GBJyhFCZfLVrzGtUu+2SZS4h3ow7uywzyT1SjjlBrocUtsihMc2OnIOlZ 58P+TJGS9CmFdRdcdqS8n+xZDbZapl3fnrBe46sDomA233khmYHBRNeA5oICOj0k lyGKEHdqqboZNi7xCejVYNqACGut0jB1CUczUkyh+qhJ3uRWb2fhownF2Ywcwrvh m/fL8GGLEmqL6Ovclk1IWFXpP6bw7iB6KV/H0SWoRNFMCiTDjttY2BAZWvsafAtt SlzBigZ8JsLmbmSxrF9IUiiCuYwLmW/PB5K16KJwVw0o2GQ0S35eBlY1Mjwr4UBp lW6zdpdgJmLiuLn4/ogKR/DgK95+PXea/bN/2K2zwo+FLfUF6o9E5oNpYx6hJxwz TdcCLRYDKjMAE6+NH29Xbr0kHRBxPg3JZuEwSGkSigsoUG+J8U84e4Av0j2QAqeN IpzHif1i0OQ+q084hF36/x8xzY/8BIPEYHA5YazU79WNSw+0eMqcTv/WQpvpuk5U 0hdbrfx3P3c= =Uige -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce
|
|
|
|