Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Ubuntu 21.04: 4943-1 Severe: libxstream-java Remote Code Risks

ubuntu
Calendar Grey May 11, 2021
Dist Ubuntu Esm H88
Numerous security issues within the libxstream-java library for Ubuntu have been addressed, significantly reducing critical threats.
Several security issues were fixed in XStream library.

Summary

Several security issues were fixed in XStream library.

Software Description:

- libxstream-java: Java library to serialize objects to XML and back again

Details:

Zhihong Tian and Hui Lu found that XStream was vulnerable to remote code

execution. A remote attacker could run arbitrary shell commands by

manipulating the processed input stream. This issue affected only affected

Ubuntu 20.10. (CVE-2020-26217)

It was discovered that XStream was vulnerable to server-side forgery attacks.

A remote attacker could request data from internal resources that are not

publicly available only by manipulating the processed input stream. This

issue only affected Ubuntu 20.10. (CVE-2020-26258)

It was discovered that XStream was vulnerable to arbitrary file deletion on

the local host. A remote attacker could use this to delete arbitrary known

files on the host as long as the executing process had sufficient rights only

by manipulating the processed input stream. This issue only affected

Ubuntu 20....

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 21.04:
  libxstream-java                 1.4.15-1ubuntu0.1

Ubuntu 20.10:
  libxstream-java                 1.4.11.1-2ubuntu0.1

Ubuntu 20.04 LTS:
  libxstream-java                 1.4.11.1-1ubuntu0.2

Ubuntu 18.04 LTS:
  libxstream-java                 1.4.11.1-1~18.04.2

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4943-1

CVE-2020-26217, CVE-2020-26258, CVE-2020-26259, CVE-2021-21341,

CVE-2021-21342, CVE-2021-21343, CVE-2021-21344, CVE-2021-21345,

CVE-2021-21346, CVE-2021-21347, CVE-2021-21348, CVE-2021-21349,

CVE-2021-21350, CVE-2021-21351

Severity
critical
Lowest
Low
Medium
High
Critical

May 11, 2021

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here