Mageia 7: MGASA-2020-0077 Moderate: XMLRPC Code Execution Risk
mageia
February 9, 2020
A flaw was discovered where the XMLRPC client implementation in Apache XMLRPC, performed deserialization of the server-side exception serialized in the faultCause attribute of XMLR...
Summary
A flaw was discovered where the XMLRPC client implementation in Apache
XMLRPC, performed deserialization of the server-side exception serialized
in the faultCause attribute of XMLRPC error response messages. A malicious
or compromised XMLRPC server could possibly use this flaw to execute
arbitrary code with the privileges of an application using the Apache XMLRPC
client library (CVE-2019-17570).
References
- https://bugs.mageia.org/show_bug.cgi?id=26090
- https://access.redhat.com/errata/RHSA-2020:0310
- https://www.cve.org/CVERecord?id=CVE-2019-17570
Topics Covered
Resolution
SRPMS
- 7/core/xmlrpc-3.1.3-73.1.mga7
PREVIOUS
NEXT
Publication date: 09 Feb 2020
URL: https://advisories.mageia.org/MGASA-2020-0077.html
Type: security
CVE: CVE-2019-17570
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!