Oval Definition:oval:com.redhat.rhsa:def:20213956
Revision Date:2021-10-25Version:635
Title:RHSA-2021:3956: xstream security update (Important)
Description:XStream is a Java XML serialization library to serialize objects to and deserialize object from XML.

Security Fix(es):

  • xstream: Arbitrary code execution via unsafe deserialization of Xalan xsltc.trax.TemplatesImpl (CVE-2021-39139)

  • xstream: Arbitrary code execution via unsafe deserialization of com.sun.xml.internal.ws.client.sei.
  • (CVE-2021-39141)

  • xstream: Arbitrary code execution via unsafe deserialization of sun.tracing.
  • (CVE-2021-39144)

  • xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapBindingEnumeration (CVE-2021-39145)

  • xstream: Arbitrary code execution via unsafe deserialization of javax.swing.UIDefaults$ProxyLazyValue (CVE-2021-39146)

  • xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapSearchEnumeration (CVE-2021-39147)

  • xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.toolkit.dir.ContextEnumerator (CVE-2021-39148)

  • xstream: Arbitrary code execution via unsafe deserialization of com.sun.corba.
  • (CVE-2021-39149)

  • xstream: Server-side request forgery (SSRF) via unsafe deserialization of com.sun.xml.internal.ws.client.sei.
  • (CVE-2021-39150)

  • xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapBindingEnumeration (CVE-2021-39151)

  • xstream: Server-side request forgery (SSRF) via unsafe deserialization of jdk.nashorn.internal.runtime.Source$URLData (CVE-2021-39152)

  • xstream: Arbitrary code execution via unsafe deserialization of Xalan xsltc.trax.TemplatesImpl (CVE-2021-39153)

  • xstream: Arbitrary code execution via unsafe deserialization of javax.swing.UIDefaults$ProxyLazyValue (CVE-2021-39154)

  • xstream: Infinite loop DoS via unsafe deserialization of sun.reflect.annotation.AnnotationInvocationHandler (CVE-2021-39140)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2021-39139
    CVE-2021-39140
    CVE-2021-39141
    CVE-2021-39144
    CVE-2021-39145
    CVE-2021-39146
    CVE-2021-39147
    CVE-2021-39148
    CVE-2021-39149
    CVE-2021-39150
    CVE-2021-39151
    CVE-2021-39152
    CVE-2021-39153
    CVE-2021-39154
    RHSA-2021:3956
    Platform(s):Red Hat Enterprise Linux 7
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 7 is installed
  • AND
  • xstream is earlier than 0:1.3.1-16.el7_9
  • AND xstream is signed with Red Hat redhatrelease2 key
  • xstream-javadoc is earlier than 0:1.3.1-16.el7_9
  • AND xstream-javadoc is signed with Red Hat redhatrelease2 key
    • BACK