| Revision Date: | 2021-01-20 | Version: | 1 |
| Title: | (Important) |
| Description: |
This update for xstream fixes the following issues:
xstream was updated to version 1.4.15.
- CVE-2020-26217: Fixed a remote code execution due to insecure XML deserialization when relying on blocklists (bsc#1180994). - CVE-2020-26258: Fixed a server-side request forgery vulnerability (bsc#1180146). - CVE-2020-26259: Fixed an arbitrary file deletion vulnerability (bsc#1180145).
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | 1162766
1162775
1162776
1162781
1162782
1162784
1180145
1180146
1180994
CVE-2019-15613
CVE-2019-15621
CVE-2019-15623
CVE-2019-15624
CVE-2020-26217
CVE-2020-26258
CVE-2020-26259
CVE-2020-8118
CVE-2020-8119
openSUSE-SU-2020:0229-1
|
| Platform(s): | Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM
SUSE Linux Enterprise High Performance Computing 15 SP1
SUSE Linux Enterprise Server 15 SP1
SUSE Linux Enterprise Server for SAP Applications 15 SP1
SUSE Linux Enterprise Storage 6
SUSE Manager Proxy 4.0
SUSE Manager Server 4.0
SUSE Package Hub for SUSE Linux Enterprise 15 SP1
| Product(s): | |
| Definition Synopsis |
| SUSE Package Hub for SUSE Linux Enterprise 15 SP1 is installed AND nextcloud-15.0.14-bp151.3.6.1 is installed
|
| Definition Synopsis |
| Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM is installed
AND xstream-1.4.15-3.3.2 is installed
|