| Revision Date: | 2021-01-20 | Version: | 1 |
| Title: | Security update for xstream (Important) |
| Description: |
This update for xstream fixes the following issues:
xstream was updated to version 1.4.15.
- CVE-2020-26217: Fixed a remote code execution due to insecure XML deserialization when relying on blocklists (bsc#1180994). - CVE-2020-26258: Fixed a server-side request forgery vulnerability (bsc#1180146). - CVE-2020-26259: Fixed an arbitrary file deletion vulnerability (bsc#1180145).
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | 1159342
1177408
1180145
1180146
1180994
CVE-2019-16779
CVE-2020-15967
CVE-2020-15968
CVE-2020-15969
CVE-2020-15970
CVE-2020-15971
CVE-2020-15972
CVE-2020-15973
CVE-2020-15974
CVE-2020-15975
CVE-2020-15976
CVE-2020-15977
CVE-2020-15978
CVE-2020-15979
CVE-2020-15980
CVE-2020-15981
CVE-2020-15982
CVE-2020-15983
CVE-2020-15984
CVE-2020-15985
CVE-2020-15986
CVE-2020-15987
CVE-2020-15988
CVE-2020-15989
CVE-2020-15990
CVE-2020-15991
CVE-2020-15992
CVE-2020-26217
CVE-2020-26258
CVE-2020-26259
CVE-2020-6557
openSUSE-SU-2020:0036-1
openSUSE-SU-2020:1705-1
SUSE-SU-2021:0176-1
|
| Platform(s): | openSUSE Leap 15.1
SUSE Linux Enterprise Desktop 15 SP2
SUSE Linux Enterprise High Performance Computing 15 SP2
SUSE Linux Enterprise Module for Development Tools 15 SP2
SUSE Linux Enterprise Server 15 SP2
SUSE Linux Enterprise Server for SAP Applications 15 SP2
SUSE Linux Enterprise Storage 7
SUSE Manager Proxy 4.1
SUSE Manager Server 4.1
| Product(s): | |
| Definition Synopsis |
| openSUSE Leap 15.1 is installed AND Package Information
chromedriver-86.0.4240.75-lp152.2.39 is installed
OR chromium-86.0.4240.75-lp152.2.39 is installed
OR gn-0.1807-lp152.2.3 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Module for Development Tools 15 SP2 is installed
AND xstream-1.4.15-3.3.2 is installed
|