Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 7 articles for you...
89
security advisorycriticalFedoraFedora 32: FEDORA-2020-1a0c7a3b53 Important: Xmlrpc Library Update
Update to latest release of PyDev and fix dependency errors. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-1d0635bd71 2020-04-06 00:15:14.746061 --------------------------------------------------------------------------------Name : xmlrpc Product : Fedora 32 Version : 3.1.3 Release : 24.fc32 URL : https://ws.apache.org/xmlrpc/ Summary : Java XML-RPC implementation Description : Apache XML-RPC is a Java implementation of XML-RPC, a popular protocol that uses XML over HTTP to implement remote procedure calls. --------------------------------------------------------------------------------Update Information: Update to latest release of PyDev and fix dependency errors --------------------------------------------------------------------------------ChangeLog: --------------------------------------------------------------------------------References: [ 1 ] Bug #1736737 - swt-chart: FTBFS in Fedora rawhide/f31 https://bugzilla.redhat.com/show_bug.cgi?id=1736737 [ 2 ] Bug #1791766 - CVE-2019-17570 xmlrpc: Deserialization of server-side exception from faultCause in XMLRPC error response [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1791766 [ 3 ] Bug #1793870 - Broken dependency on xmlrpc package from eclipse-pydev https://bugzilla.redhat.com/show_bug.cgi?id=1793870 [ 4 ] Bug #1799307 - eclipse-pydev: FTBFS in Fedora rawhide/f32 https://bugzilla.redhat.com/show_bug.cgi?id=1799307 [ 5 ] Bug #1807580 - eclipse-pydev requires Python 2 to build https://bugzilla.redhat.com/show_bug.cgi?id=1807580 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-1d0635bd71' at the command line. For more information, refer to the dnf documentation availableat https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Apr 05, 2020
•Important
Fedora
203
security advisoryupdatecode executionMageia 7: MGASA-2020-0077 Moderate: XMLRPC Code Execution Risk
A flaw was discovered where the XMLRPC client implementation in Apache XMLRPC, performed deserialization of the server-side exception serialized in the faultCause attribute of XMLRPC error response messages. A malicious or compromised XMLRPC server could possibly use this flaw to execute arbitrary code with the privileges of an application using the Apache XMLRPC . MGASA-2020-0077 - Updated xmlrpc packages fix security vulnerability Publication date: 09 Feb 2020 URL: https://advisories.mageia.org/MGASA-2020-0077.html Type: security Affected Mageia releases: 7 CVE: CVE-2019-17570 A flaw was discovered where the XMLRPC client implementation in Apache XMLRPC, performed deserialization of the server-side exception serialized in the faultCause attribute of XMLRPC error response messages. A malicious or compromised XMLRPC server could possibly use this flaw to execute arbitrary code with the privileges of an application using the Apache XMLRPC client library (CVE-2019-17570). References: - https://bugs.mageia.org/show_bug.cgi?id=26090 - https://access.redhat.com/errata/RHSA-2020:0310 - https://www.cve.org/CVERecord?id=CVE-2019-17570 SRPMS: - 7/core/xmlrpc-3.1.3-73.1.mga7 . The release of Mageia 2020-0078 tackles critical security flaws in the TLS protocol that could lead to potential data breaches.. xmlrpc update, apache client security, Mageia advisory, code execution risk. . LinuxSecurity.com Team
Feb 09, 2020
Mageia
98
security advisoryred hatsoftware updateRedHat: RHSA-2020:0310-01 Important: rh-java-common-xmlrpc Security Update
An update for rh-java-common-xmlrpc is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: rh-java-common-xmlrpc security update Advisory ID: RHSA-2020:0310-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2020:0310 Issue date: 2020-01-30 CVE Names: CVE-2019-17570 ==================================================================== 1. Summary: An update for rh-java-common-xmlrpc is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch 3. Description: Apache XML-RPC is a Java implementation of XML-RPC, a popular protocol that uses XML over HTTP to implement remote procedure calls. Security Fix(es): * xmlrpc: Deserialization of server-side exception from faultCause in XMLRPC error response (CVE-2019-17570) For moredetails about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1775193 - CVE-2019-17570 xmlrpc: Deserialization of server-side exception from faultCause in XMLRPC error response 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: rh-java-common-xmlrpc-3.1.3-8.17.el6.src.rpm noarch: rh-java-common-xmlrpc-client-3.1.3-8.17.el6.noarch.rpm rh-java-common-xmlrpc-common-3.1.3-8.17.el6.noarch.rpm rh-java-common-xmlrpc-javadoc-3.1.3-8.17.el6.noarch.rpm rh-java-common-xmlrpc-server-3.1.3-8.17.el6.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: rh-java-common-xmlrpc-3.1.3-8.17.el6.src.rpm noarch: rh-java-common-xmlrpc-client-3.1.3-8.17.el6.noarch.rpm rh-java-common-xmlrpc-common-3.1.3-8.17.el6.noarch.rpm rh-java-common-xmlrpc-javadoc-3.1.3-8.17.el6.noarch.rpm rh-java-common-xmlrpc-server-3.1.3-8.17.el6.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-java-common-xmlrpc-3.1.3-8.17.el7.src.rpm noarch: rh-java-common-xmlrpc-client-3.1.3-8.17.el7.noarch.rpm rh-java-common-xmlrpc-common-3.1.3-8.17.el7.noarch.rpm rh-java-common-xmlrpc-javadoc-3.1.3-8.17.el7.noarch.rpm rh-java-common-xmlrpc-server-3.1.3-8.17.el7.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5): Source: rh-java-common-xmlrpc-3.1.3-8.17.el7.src.rpm noarch: rh-java-common-xmlrpc-client-3.1.3-8.17.el7.noarch.rpm rh-java-common-xmlrpc-common-3.1.3-8.17.el7.noarch.rpm rh-java-common-xmlrpc-javadoc-3.1.3-8.17.el7.noarch.rpm rh-java-common-xmlrpc-server-3.1.3-8.17.el7.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v.7.6): Source: rh-java-common-xmlrpc-3.1.3-8.17.el7.src.rpm noarch: rh-java-common-xmlrpc-client-3.1.3-8.17.el7.noarch.rpm rh-java-common-xmlrpc-common-3.1.3-8.17.el7.noarch.rpm rh-java-common-xmlrpc-javadoc-3.1.3-8.17.el7.noarch.rpm rh-java-common-xmlrpc-server-3.1.3-8.17.el7.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7): Source: rh-java-common-xmlrpc-3.1.3-8.17.el7.src.rpm noarch: rh-java-common-xmlrpc-client-3.1.3-8.17.el7.noarch.rpm rh-java-common-xmlrpc-common-3.1.3-8.17.el7.noarch.rpm rh-java-common-xmlrpc-javadoc-3.1.3-8.17.el7.noarch.rpm rh-java-common-xmlrpc-server-3.1.3-8.17.el7.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-java-common-xmlrpc-3.1.3-8.17.el7.src.rpm noarch: rh-java-common-xmlrpc-client-3.1.3-8.17.el7.noarch.rpm rh-java-common-xmlrpc-common-3.1.3-8.17.el7.noarch.rpm rh-java-common-xmlrpc-javadoc-3.1.3-8.17.el7.noarch.rpm rh-java-common-xmlrpc-server-3.1.3-8.17.el7.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2019-17570 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBXjMuRtzjgjWX9erEAQgB3w//ZrvWBYyVYb/itwaZQp45sBYgjKWtYT4R pevnY46dVCEoLRvLcXajvPGGclmuaHz1oVEI8go+nC/TxweyL4XXh8tsRaN7ffqt 7vpRWTPFRMksBmkNyUhdQJ3D7Oo3vHFidxnHZJ+3dCZDnaP2nNybN+gM21jusA62 UV/JB9GmH4nyRDlwJEJ3Psx+EFmVunBYLdx2r5NTlCouuuCGyARQsmHopmILh3EC gP1JUenHD4x/ABuCWIjEpORZes5tw9slor+bIOFJlmUpktbh01nPzneH1TSw2QfK ir8At85Bjm9km4pIG4kFjUnICLZh1O7O9ADn7WiYT7q24EGjbBWnTgBwmq3/E6Xt PjeoCsm0XvdXOKbdk+uOSKe4cH1Kr/Df9f08C87W1LICVW2dJTrGHyQL+saVvbro v2B5qm5SY5ocVNU2iosc7FAFVsVH4yikrIXDQNumDwu9it6CDW4PsJ3BsFsYglAS H02/KZgmZHB5oaymllQ0hE0wQ3NKYrwaGXlfoXxz3R1dN5m+QVV77h/f/12USoWP AMpujynzqCh76t/W00fbRjF7SqKLngIEkxlp2Rb3/a7Equnev6iKqdXUCJGLU+zQ Wh6x2PTZ9XykqdxczccBQA7aD/C8GLfeBFeMH3ZSq2XN7bfLRuerr2or0HhWC2v+ 3o+TqeaG1ms=Ve8U -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jan 30, 2020
•Important
Red Hat
203
security advisoryremote code executionxmlrpcMageia 6: MGASA-2019-0002 Moderate: xmlrpc SSRF and Code Execution
XML external entity (XXE) vulnerability in the Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted DTD (CVE-2016-5002). . MGASA-2019-0002 - Updated xmlrpc packages fix security vulnerabilities Publication date: 05 Jan 2019 URL: https://advisories.mageia.org/MGASA-2019-0002.html Type: security Affected Mageia releases: 6 CVE: CVE-2016-5002, CVE-2016-5003 XML external entity (XXE) vulnerability in the Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted DTD (CVE-2016-5002). A flaw was discovered in the Apache XML-RPC (ws-xmlrpc) library that deserializes untrusted data when enabledForExtensions setting is enabled. A remote attacker could use this vulnerability to execute arbitrary code via a crafted serialized Java object in a element (CVE-2016-5003). References: - https://bugs.mageia.org/show_bug.cgi?id=23105 - https://lists.fedoraproject.org/archives/list/
Jan 05, 2019
•Important
Mageia
98
security advisorymoderateupdateRed Hat Enterprise Linux 7: RHSA-2018-2317-01 Moderate XML-RPC Security
An update for xmlrpc is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: xmlrpc security update Advisory ID: RHSA-2018:2317-01 Product: Red Hat Virtualization Advisory URL: https://access.redhat.com/errata/RHSA-2018:2317 Issue date: 2018-07-31 CVE Names: CVE-2016-5003 ==================================================================== 1. Summary: An update for xmlrpc is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Tools for RHV Engine - noarch 3. Description: XML-RPC is a way to make remote procedure calls over the Internet. It converts procedure calls into XML documents, sends them to a remote server using the HTTP protocol, and gets back the response as XML. The following packages have been upgraded to a later upstream version: xmlrpc (3.1.3). (BZ#1594618) Security Fix(es): * xmlrpc: Deserialization of untrusted Java object through tag (CVE-2016-5003) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1508123 - CVE-2016-5003 xmlrpc:Deserialization of untrusted Java object through tag 6. Package List: Tools for RHV Engine: Source: xmlrpc-3.1.3-9.el7_5.src.rpm noarch: xmlrpc-client-3.1.3-9.el7_5.noarch.rpm xmlrpc-common-3.1.3-9.el7_5.noarch.rpm xmlrpc-javadoc-3.1.3-9.el7_5.noarch.rpm xmlrpc-server-3.1.3-9.el7_5.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-5003 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBW2CiAtzjgjWX9erEAQhJUBAApzj4SRzqd9j+Rfhm9IwOoG1X5/60nxOk t7yt09g+IbmJHNSwCToqDaz8prWWv60vvnl9paoW2LGfb76etoDWpJE02YaLuqUX LQRj5Lm67fU5bsFdRJWzjih5WqskXgME5kGqkzMH8htlIdcsCs3KN915hrEOorcg 6saWzmuV4FKHsHx7U5eHR6YTmYGCzZ1z2glWQu3pjCRPlvPl8rriyfcEVJkU7utw fv4GI8O3TBlFqYnTSYa54Tg23h0v5lsBfS1y4rZGUnvWKX54A60QQZbaHBrOaQWB NFqx9UbY+M8s//8XmUaqZs0WIxh/6hxQ843+US5hXtYnU2K1HfUCBBro+6w0lrmp ivr1lv328/SssWWIu8VNjihfgTH9a2I59WEsBW5FfUfsuSctpAy/mxbeRnyenOCL btnRNB9v7CVzKSy0sVjutN+DsoxgENgqxZ6RKQoUs9g0LB6hbIwcOsEwlfCke6mU S/GKPUQqxk6jpoTEHIMRKafOnuu5cLZ4okYA++x3eNLVEjChnPc/2JUoY95IN3cl XH+/INet4p6nD/7POv2J9l6EGPvGfM/b9OgUVdNdpj0Mg7hD/QkY07QMSwHk0g8F ebdZHqddHRjCfxUzCQ1l0SpLCHQXd/gdPFNAxfo6ntVsGPFHYfaIimqB4DtmdcXh J4NQ/YfCNLg=uh89 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jul 31, 2018
Red Hat
98
security advisoryred hatimportantRed Hat RHSA-2018:1784-01 Important: rh-java-common-xmlrpc Security Issue
An update for rh-java-common-xmlrpc is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: rh-java-common-xmlrpc security update Advisory ID: RHSA-2018:1784-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2018:1784 Issue date: 2018-06-04 CVE Names: CVE-2016-5003 ==================================================================== 1. Summary: An update for rh-java-common-xmlrpc is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch 3. Description: Apache XML-RPC is a Java implementation of XML-RPC, a popular protocol that uses XML over HTTP to implement remote procedure calls. Security Fix(es): * xmlrpc: Deserialization ofuntrusted Java object through tag (CVE-2016-5003) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1508123 - CVE-2016-5003 xmlrpc: Deserialization of untrusted Java object through tag 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: rh-java-common-xmlrpc-3.1.3-8.16.el6.src.rpm noarch: rh-java-common-xmlrpc-client-3.1.3-8.16.el6.noarch.rpm rh-java-common-xmlrpc-common-3.1.3-8.16.el6.noarch.rpm rh-java-common-xmlrpc-javadoc-3.1.3-8.16.el6.noarch.rpm rh-java-common-xmlrpc-server-3.1.3-8.16.el6.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7): Source: rh-java-common-xmlrpc-3.1.3-8.16.el6.src.rpm noarch: rh-java-common-xmlrpc-client-3.1.3-8.16.el6.noarch.rpm rh-java-common-xmlrpc-common-3.1.3-8.16.el6.noarch.rpm rh-java-common-xmlrpc-javadoc-3.1.3-8.16.el6.noarch.rpm rh-java-common-xmlrpc-server-3.1.3-8.16.el6.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: rh-java-common-xmlrpc-3.1.3-8.16.el6.src.rpm noarch: rh-java-common-xmlrpc-client-3.1.3-8.16.el6.noarch.rpm rh-java-common-xmlrpc-common-3.1.3-8.16.el6.noarch.rpm rh-java-common-xmlrpc-javadoc-3.1.3-8.16.el6.noarch.rpm rh-java-common-xmlrpc-server-3.1.3-8.16.el6.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-java-common-xmlrpc-3.1.3-8.16.el7.src.rpm noarch: rh-java-common-xmlrpc-client-3.1.3-8.16.el7.noarch.rpm rh-java-common-xmlrpc-common-3.1.3-8.16.el7.noarch.rpm rh-java-common-xmlrpc-javadoc-3.1.3-8.16.el7.noarch.rpm rh-java-common-xmlrpc-server-3.1.3-8.16.el7.noarch.rpm Red Hat Software Collections for Red Hat Enterprise LinuxServer EUS (v. 7.3): Source: rh-java-common-xmlrpc-3.1.3-8.16.el7.src.rpm noarch: rh-java-common-xmlrpc-client-3.1.3-8.16.el7.noarch.rpm rh-java-common-xmlrpc-common-3.1.3-8.16.el7.noarch.rpm rh-java-common-xmlrpc-javadoc-3.1.3-8.16.el7.noarch.rpm rh-java-common-xmlrpc-server-3.1.3-8.16.el7.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4): Source: rh-java-common-xmlrpc-3.1.3-8.16.el7.src.rpm noarch: rh-java-common-xmlrpc-client-3.1.3-8.16.el7.noarch.rpm rh-java-common-xmlrpc-common-3.1.3-8.16.el7.noarch.rpm rh-java-common-xmlrpc-javadoc-3.1.3-8.16.el7.noarch.rpm rh-java-common-xmlrpc-server-3.1.3-8.16.el7.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5): Source: rh-java-common-xmlrpc-3.1.3-8.16.el7.src.rpm noarch: rh-java-common-xmlrpc-client-3.1.3-8.16.el7.noarch.rpm rh-java-common-xmlrpc-common-3.1.3-8.16.el7.noarch.rpm rh-java-common-xmlrpc-javadoc-3.1.3-8.16.el7.noarch.rpm rh-java-common-xmlrpc-server-3.1.3-8.16.el7.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-java-common-xmlrpc-3.1.3-8.16.el7.src.rpm noarch: rh-java-common-xmlrpc-client-3.1.3-8.16.el7.noarch.rpm rh-java-common-xmlrpc-common-3.1.3-8.16.el7.noarch.rpm rh-java-common-xmlrpc-javadoc-3.1.3-8.16.el7.noarch.rpm rh-java-common-xmlrpc-server-3.1.3-8.16.el7.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2016-5003 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBWxUZI9zjgjWX9erEAQicRxAAgLnOAHSDBO+HctNVhk6P+efBnudqhSwh Ufb1T+g6A19Q56rU2qLWfLZmOmaeAElhOxsxZZdeBZ6Zb4snUbb4ZKdRbcA9sQgS HI8Y/9Y40QXlyZr4FqEY5PEjOhVfRBR7tVe5tgEqeZh2Yyx0Cck2C/7G4RyVhvMd FqWnkyWIm6mRZvmgXtCHHGsyB/fSpIkj775kyOEsMDoMlleiYUalpoT6jOwfXva2 hm+aOY/NnGOKsrZ9qAMDGr80POTLjNP4V/+KVcaXcDseR9lC1cBb4XbfcHowgaJT AP5gYZCTClLJfsLo9pSIwOu5aCTCFII4owAKPLJvBYcZftFqPn8qs0q0sLuynVRP jZF/TT8WXE5ZrG+2zYuKgCgra9gywJ1tS9yaqjhDbJpmwPjKTgbjdGeZ2jcmwjsj EnObwnp3T5l88u4tsa05KkikPz0dsruYO9Ale6uNMY4YhzUFoUSHtn+tunOwECwt SyxdTaBDFpcsKMgwaxvMaexhHfDT1zMBs8euJebi2CPuEoU69tDrnQF4i7ILn8BL 2aqtkOEXh388Yn14+JA3ZTKUwkNfrrBFTCHY2btgfoHvGxQ0SYqqFXfcgNo+7zZK yI9ryZ89tbb0YqL3lBoUe5rqTJhXNoOzo8NcayVhEG0cmTkUZj0gQl7mkh12S0ob zYLri6fYMAE=Knwy -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jun 04, 2018
•Important
Red Hat
89
security advisoryfedoracritical updateFedora 27 FEDORA-2018-6e6f1003d6 Critical: XML-RPC Deserialization Issue
Security fix for CVE-2016-5003, CVE-2016-5002. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2018-6e6f1003d6 2018-06-02 21:04:47.030032 --------------------------------------------------------------------------------Name : xmlrpc Product : Fedora 27 Version : 3.1.3 Release : 20.fc27 URL : https://ws.apache.org/xmlrpc/ Summary : Java XML-RPC implementation Description : Apache XML-RPC is a Java implementation of XML-RPC, a popular protocol that uses XML over HTTP to implement remote procedure calls. Apache XML-RPC was previously known as Helma XML-RPC. If you have code using the Helma library, all you should have to do is change the import statements in your code from helma.xmlrpc.* to org.apache.xmlrpc.*. --------------------------------------------------------------------------------Update Information: Security fix for CVE-2016-5003, CVE-2016-5002 --------------------------------------------------------------------------------ChangeLog: * Fri May 18 2018 Michael Simacek - 1:3.1.3-20 - Disallow deserialization of tags by default - Resolves CVE-2016-5003 - Disallow loading of external DTD - Resolves CVE-2016-5002 * Fri Feb 9 2018 Fedora Release Engineering - 1:3.1.3-19 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild --------------------------------------------------------------------------------References: [ 1 ] Bug #1508123 - CVE-2016-5003 xmlrpc: Deserialization of untrusted Java object through tag https://bugzilla.redhat.com/show_bug.cgi?id=1508123 [ 2 ] Bug #1508110 - CVE-2016-5002 xmlrpc: XML external entity vulnerability SSRF via a crafted DTD https://bugzilla.redhat.com/show_bug.cgi?id=1508110 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2018-6e6f1003d6' at the command line. For moreinformation, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Jun 02, 2018
•Critical
Fedora
199
security advisorysecurity fixsecurity issuesCentOS: CESA-2018-1780 Important Update for Security Issues
Upstream details at : https://access.redhat.com/errata/RHSA-2018:1780. CentOS Errata and Security Advisory 2018:1780 Important Upstream details at : https://access.redhat.com/errata/RHSA-2018:1780 The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 2bad0902c6d8582ef5bb5758c6860951f34cb646b69eda066162ed5cb83aa500 xmlrpc-client-3.1.3-9.el7_5.noarch.rpm a47c496fc4e85d23172c9fb69e236caecfd9aa8e813ff15eeab908309b203a4f xmlrpc-common-3.1.3-9.el7_5.noarch.rpm 4b0992a8b0e3c18327635bfe9a1a6f4e946eeb8c9db62aacaf16e728ae061390 xmlrpc-javadoc-3.1.3-9.el7_5.noarch.rpm ac336edfd9e783d9a98e89d517a049e98e6bacfbc4a6564d44c1778aa6b27b69 xmlrpc-server-3.1.3-9.el7_5.noarch.rpm Source: 6e330c0f41b9a2eb2b51a7de6242c122be29713ee6e9356fe739dbc52225ea84 xmlrpc-3.1.3-9.el7_5.src.rpm -- Johnny Hughes CentOS Project { https://www.centos.org/ } irc: hughesjr, #
Jun 01, 2018
•Important
CentOS
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!