Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 591
Alerts This Week
Warning Icon 1 591

Ubuntu 20.04 & 18.04 LTS USN-4714-1 Moderate: XStream Security Issues

ubuntu
Calendar Grey January 28, 2021
Dist Ubuntu Esm H88
Multiple security weaknesses in libxstream-java have been addressed through recent Ubuntu updates. Make certain your system is safeguarded and current.
Several security issues were fixed in libxstream-java.

Summary

Several security issues were fixed in libxstream-java.

Software Description:

- libxstream-java: Java library to serialize objects to XML and back again

Details:

Zhihong Tian and Hui Lu found that XStream was vulnerable to remote code

execution. A remote attacker could run arbitrary shell commands by

manipulating the processed input stream. (CVE-2020-26217)

It was discovered that XStream was vulnerable to server-side forgery attacks.

A remote attacker could request data from internal resources that are not

publicly available only by manipulating the processed input stream.

(CVE-2020-26258)

It was discovered that XStream was vulnerable to arbitrary file deletion on

the local host. A remote attacker could use this to delete arbitrary known

files on the host as long as the executing process had sufficient rights only

by manipulating the processed input stream. (CVE-2020-26259)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
  libxstream-java                 1.4.11.1-1ubuntu0.1

Ubuntu 18.04 LTS:
  libxstream-java                 1.4.11.1-1~18.04.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4714-1

CVE-2020-26217, CVE-2020-26258, CVE-2020-26259

Severity
important
Lowest
Low
Medium
High
Critical

January 28, 2021

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.