Several security issues were fixed in XStream.
Software Description:
- libxstream-java: Java library to serialize objects to XML and back again
Details:
It was discovered that XStream incorrectly handled parsing of certain
crafted XML documents. A remote attacker could possibly use this issue to
read arbitrary files. (CVE-2016-3674)
Zhihong Tian and Hui Lu found that XStream was vulnerable to remote code
execution. A remote attacker could run arbitrary shell commands by
manipulating the processed input stream. (CVE-2020-26217)
It was discovered that XStream was vulnerable to server-side forgery
attacks. A remote attacker could request data from internal resources
that are not publicly available only by manipulating the processed input
stream. (CVE-2020-26258)
It was discovered that XStream was vulnerable to arbitrary file deletion
on the local host. A remote attacker could use this to delete arbitrary
known files on the host as long as the executing pro...
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS
libxstream-java 1.4.8-1ubuntu0.1+esm3
Available with Ubuntu Pro
Ubuntu 14.04 LTS
libxstream-java 1.4.7-1ubuntu0.1+esm2
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.https://ubuntu.com/security/notices/USN-6978-1
CVE-2016-3674, CVE-2020-26217, CVE-2020-26258, CVE-2020-26259,
CVE-2021-21341, CVE-2021-21342, CVE-2021-21343, CVE-2021-21344,
CVE-2021-21345, CVE-2021-21346, CVE-2021-21347, CVE-2021-21348,
CVE-2021-21349, CVE-2021-21350, CVE-2021-21351
Get the latest Linux and open source security news straight to your inbox.