openSUSE: 2021:1401-1 important: xstream
Description
This update for xstream fixes the following issues: - Upgrade to 1.4.18 - CVE-2021-39139: Fixed an issue that allowed an attacker to execute arbitrary code execution by manipulating the processed input stream with type information. (bsc#1189798) - CVE-2021-39140: Fixed an issue that allowed an attacker to execute a DoS attack by manipulating the processed input stream. (bsc#1189798) - CVE-2021-39141: Fixed an issue that allowed an attacker to achieve arbitrary code execution. (bsc#1189798) - CVE-2021-39144: Fixed an issue that allowed an attacker to achieve arbitrary code execution. (bsc#1189798) - CVE-2021-39145: Fixed an issue that allowed an attacker to achieve arbitrary code execution. (bsc#1189798) - CVE-2021-39146: Fixed an issue that allowed an attacker to achieve arbitrary code execution. (bsc#1189798) - CVE-2021-39147: Fixed an issue that allowed an attacker to achieve arbitrary code execution. (bsc#1189798) - CVE-2021-39148: Fixed an issue that allowed an attacker to achieve arbitrary code execution. (bsc#1189798) - CVE-2021-39149: Fixed an issue that allowed an attacker to achieve arbitrary code execution. (bsc#1189798) - CVE-2021-39150: Fixed an issue that allowed an attacker to access protected resources hosted within the intranet or in the host itself. (bsc#1189798) - CVE-2021-39151: Fixed an issue that allowed an attacker to achieve arbitrary code execution. (bsc#1189798) - CVE-2021-39152: Fixed an issue that allowed an attacker to access protected resources hosted within the intranet or in the host itself. (bsc#1189798) - CVE-2021-39153: Fixed an issue that allowed an attacker to achieve arbitrary code execution. (bsc#1189798) - CVE-2021-39154: Fixed an issue that allowed an attacker to achieve arbitrary code execution. (bsc#1189798) This update was imported from the SUSE:SLE-15-SP2:Update update project.
Patch
Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2021-1401=1
Package List
- openSUSE Leap 15.2 (noarch): xstream-1.4.18-lp152.2.12.1 xstream-benchmark-1.4.18-lp152.2.12.1 xstream-javadoc-1.4.18-lp152.2.12.1 xstream-parent-1.4.18-lp152.2.12.1
References
https://www.suse.com/security/cve/CVE-2021-39139.html https://www.suse.com/security/cve/CVE-2021-39140.html https://www.suse.com/security/cve/CVE-2021-39141.html https://www.suse.com/security/cve/CVE-2021-39144.html https://www.suse.com/security/cve/CVE-2021-39145.html https://www.suse.com/security/cve/CVE-2021-39146.html https://www.suse.com/security/cve/CVE-2021-39147.html https://www.suse.com/security/cve/CVE-2021-39148.html https://www.suse.com/security/cve/CVE-2021-39149.html https://www.suse.com/security/cve/CVE-2021-39150.html https://www.suse.com/security/cve/CVE-2021-39151.html https://www.suse.com/security/cve/CVE-2021-39152.html https://www.suse.com/security/cve/CVE-2021-39153.html https://www.suse.com/security/cve/CVE-2021-39154.html https://bugzilla.suse.com/1189798