Alerts This Week
Warning Icon 1 646
Alerts This Week
Warning Icon 1 646

openSUSE Leap 15.3: 2021:1840-1 Important: xstream Remote Code Execution

opensuse
Calendar Grey July 11, 2021
Dist Opensuse Esm H88
The recent patch for xstream tackles a number of significant vulnerabilities in Fedora, enhancing security and reliability to protect against possible attacks.
An update that fixes 11 vulnerabilities is now available

Description

This update for xstream fixes the following issues:

- Upgrade to 1.4.16

- CVE-2021-21351: remote attacker to load and execute arbitrary code

(bsc#1184796)

- CVE-2021-21349: SSRF can lead to a remote attacker to request data from

internal resources (bsc#1184797)

- CVE-2021-21350: arbitrary code execution (bsc#1184380)

- CVE-2021-21348: remote attacker could cause denial of service by

consuming maximum CPU time (bsc#1184374)

- CVE-2021-21347: remote attacker to load and execute arbitrary code from

a remote host (bsc#1184378)

- CVE-2021-21344: remote attacker could load and execute arbitrary code

from a remote host (bsc#1184375)

- CVE-2021-21342: server-side forgery (bsc#1184379)

- CVE-2021-21341: remote attacker could cause a denial of service by

allocating 100% CPU time (bsc#1184377)

- CVE-2021-21346: remote attacker could load and execute arbitrary code

(bsc#1184373)

- CVE-2021-21345: remote attacker with...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory denial of service remote code execution patch important xstream openSUSE Leap

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.3:

zypper in -t patch openSUSE-SLE-15.3-2021-1840=1

Package List

- openSUSE Leap 15.3 (noarch):

xstream-1.4.16-3.8.1

xstream-benchmark-1.4.16-3.8.1

xstream-javadoc-1.4.16-3.8.1

xstream-parent-1.4.16-3.8.1

References

https://www.suse.com/security/cve/CVE-2021-21341.html

https://www.suse.com/security/cve/CVE-2021-21342.html

https://www.suse.com/security/cve/CVE-2021-21343.html

https://www.suse.com/security/cve/CVE-2021-21344.html

https://www.suse.com/security/cve/CVE-2021-21345.html

https://www.suse.com/security/cve/CVE-2021-21346.html

https://www.suse.com/security/cve/CVE-2021-21347.html

https://www.suse.com/security/cve/CVE-2021-21348.html

https://www.suse.com/security/cve/CVE-2021-21349.html

https://www.suse.com/security/cve/CVE-2021-21350.html

https://www.suse.com/security/cve/CVE-2021-21351.html

https://bugzilla.suse.com/1184372

https://bugzilla.suse.com/1184373

https://bugzilla.suse.com/1184374

https://bugzilla.suse.com/1184375

https://bugzilla.suse.com/1184376

https://bugzilla.suse.com/1184377

https://bugzilla.suse.com/1184378

https://bugzilla.suse.com/1184379

https://bugzilla.suse.com/1184380

https://bugzilla.suse.com/1184796

https://bugzilla.suse.com/1184797

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2021:1840-1
Rating: important
Affected Products: openSUSE Leap 15.3 .

Topics%20covered

Topics Covered

security advisory denial of service remote code execution patch important xstream openSUSE Leap

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here