openSUSE Leap 15.2: Security Update for xstream - Important Issues Resolved
opensuse
January 22, 2021
An update that fixes three vulnerabilities is now available
Description
This update for xstream fixes the following issues:
xstream was updated to version 1.4.15.
- CVE-2020-26217: Fixed a remote code execution due to insecure XML
deserialization when relying on blocklists (bsc#1180994).
- CVE-2020-26258: Fixed a server-side request forgery vulnerability
(bsc#1180146).
- CVE-2020-26259: Fixed an arbitrary file deletion vulnerability
(bsc#1180145).
This update was imported from the SUSE:SLE-15-SP2:Update update project.
Patch
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.2:
zypper in -t patch openSUSE-2021-140=1
Package List
- openSUSE Leap 15.2 (noarch):
xstream-1.4.15-lp152.2.3.1
xstream-benchmark-1.4.15-lp152.2.3.1
xstream-javadoc-1.4.15-lp152.2.3.1
xstream-parent-1.4.15-lp152.2.3.1
References
https://www.suse.com/security/cve/CVE-2020-26217.html
https://www.suse.com/security/cve/CVE-2020-26258.html
https://www.suse.com/security/cve/CVE-2020-26259.html
https://bugzilla.suse.com/1180145
https://bugzilla.suse.com/1180146
https://bugzilla.suse.com/1180994
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: openSUSE-SU-2021:0140-1
Rating: important
Affected Products:
openSUSE Leap 15.2
.
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!