Alerts This Week
Warning Icon 1 664
Alerts This Week
Warning Icon 1 664

openSUSE Leap 15.2: xstream Important Multiple Threats 2021:0832-1

opensuse
Calendar Grey September 26, 2025
Dist Opensuse Esm H88
crucial notice for openSUSE addressing various security flaws in xstream. Vital patch instructions included.
An update that fixes 11 vulnerabilities is now available.

Description

This update for xstream fixes the following issues:

- Upgrade to 1.4.16

- CVE-2021-21351: remote attacker to load and execute arbitrary code

(bsc#1184796)

- CVE-2021-21349: SSRF can lead to a remote attacker to request data fro=

m

internal resources (bsc#1184797)

- CVE-2021-21350: arbitrary code execution (bsc#1184380)

- CVE-2021-21348: remote attacker could cause denial of service by

consuming maximum CPU time (bsc#1184374)

- CVE-2021-21347: remote attacker to load and execute arbitrary code fro=

m

a remote host (bsc#1184378)

- CVE-2021-21344: remote attacker could load and execute arbitrary code

from a remote host (bsc#1184375)

- CVE-2021-21342: server-side forgery (bsc#1184379)

- CVE-2021-21341: remote attacker could cause a denial of service by

allocating 100% CPU time (bsc#1184377)

- CVE-2021-21346: remote attacker could load and execute arbitrary code

(bsc#1184373)

- CVE-2021-21345: remote attacker with...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory denial of service remote access important arbitrary code OpenSUSE

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended instal=

lation methods

like YaST online=5Fupdate or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.2:

zypper in -t patch openSUSE-2021-832=3D1

Package List

- openSUSE Leap 15.2 (noarch):

xstream-1.4.16-lp152.2.6.1

xstream-benchmark-1.4.16-lp152.2.6.1

xstream-javadoc-1.4.16-lp152.2.6.1

xstream-parent-1.4.16-lp152.2.6.1

References

https://www.suse.com/security/cve/CVE-2021-21341.html

https://www.suse.com/security/cve/CVE-2021-21342.html

https://www.suse.com/security/cve/CVE-2021-21343.html

https://www.suse.com/security/cve/CVE-2021-21344.html

https://www.suse.com/security/cve/CVE-2021-21345.html

https://www.suse.com/security/cve/CVE-2021-21346.html

https://www.suse.com/security/cve/CVE-2021-21347.html

https://www.suse.com/security/cve/CVE-2021-21348.html

https://www.suse.com/security/cve/CVE-2021-21349.html

https://www.suse.com/security/cve/CVE-2021-21350.html

https://www.suse.com/security/cve/CVE-2021-21351.html

https://bugzilla.suse.com/1184372

https://bugzilla.suse.com/1184373

https://bugzilla.suse.com/1184374

https://bugzilla.suse.com/1184375

https://bugzilla.suse.com/1184376

https://bugzilla.suse.com/1184377

https://bugzilla.suse.com/1184378

https://bugzilla.suse.com/1184379

https://bugzilla.suse.com/1184380

https://bugzilla.suse.com/1184796

https://bugzilla.suse.com/1184797

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2021:0832-1
Rating: important
Affected Products: openSUSE Leap 15.2 =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F= =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F= =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F= =5F=5F=5F

Topics%20covered

Topics Covered

security advisory denial of service remote access important arbitrary code OpenSUSE

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here