Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Mageia 8: 2021-0370 Critical: XStream Remote Code Execution Risks

mageia
Calendar Grey July 25, 2021
Dist Mageia Esm H88
XStream components refreshed to tackle significant security vulnerabilities for Mageia 8. Essential corrections applied for multiple defects.
In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execut...

Summary

In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream (CVE-2021-21341).
In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on these type information. An attacker can manipulate the processed input stream and replace or inject objects, that result in a server-side forgery request (CVE-2021-21342).
In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on these type information. An attacker can manipulate the processed input str...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=28844

- https://access.redhat.com/errata/RHSA-2021:1354

- https://lists.debian.org/debian-lts-announce/2021/04/msg00002.html

- https://ubuntu.com/security/notices/USN-4943-1

-

- https://www.cve.org/CVERecord?id=CVE-2021-21341

- https://www.cve.org/CVERecord?id=CVE-2021-21342

- https://www.cve.org/CVERecord?id=CVE-2021-21343

- https://www.cve.org/CVERecord?id=CVE-2021-21344

- https://www.cve.org/CVERecord?id=CVE-2021-21345

- https://www.cve.org/CVERecord?id=CVE-2021-21346

- https://www.cve.org/CVERecord?id=CVE-2021-21347

- https://www.cve.org/CVERecord?id=CVE-2021-21348

- https://www.cve.org/CVERecord?id=CVE-2021-21349

- https://www.cve.org/CVERecord?id=CVE-2021-21350

- https://www.cve.org/CVERecord?id=CVE-2021-21351

- https://www.cve.org/CVERecord?id=CVE-2021-29505

Topics%20covered

Topics Covered

security advisory denial of service critical remote code execution risk Mageia XStream

Resolution

SRPMS

- 8/core/xstream-1.4.15-1.1.mga8

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 25 Jul 2021
URL: https://advisories.mageia.org/MGASA-2021-0370.html
Type: security
CVE: CVE-2021-21341, CVE-2021-21342, CVE-2021-21343, CVE-2021-21344, CVE-2021-21345, CVE-2021-21346, CVE-2021-21347, CVE-2021-21348, CVE-2021-21349, CVE-2021-21350, CVE-2021-21351, CVE-2021-29505

Topics%20covered

Topics Covered

security advisory denial of service critical remote code execution risk Mageia XStream

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here