Oval Definition:oval:org.opensuse.security:def:74708
Revision Date:2021-06-02Version:1
Title:Security update for xstream (Important)
Description:

This update for xstream fixes the following issues:

- Upgrade to 1.4.16 - CVE-2021-21351: remote attacker to load and execute arbitrary code (bsc#1184796) - CVE-2021-21349: SSRF can lead to a remote attacker to request data from internal resources (bsc#1184797) - CVE-2021-21350: arbitrary code execution (bsc#1184380) - CVE-2021-21348: remote attacker could cause denial of service by consuming maximum CPU time (bsc#1184374) - CVE-2021-21347: remote attacker to load and execute arbitrary code from a remote host (bsc#1184378) - CVE-2021-21344: remote attacker could load and execute arbitrary code from a remote host (bsc#1184375) - CVE-2021-21342: server-side forgery (bsc#1184379) - CVE-2021-21341: remote attacker could cause a denial of service by allocating 100% CPU time (bsc#1184377) - CVE-2021-21346: remote attacker could load and execute arbitrary code (bsc#1184373) - CVE-2021-21345: remote attacker with sufficient rights could execute commands (bsc#1184372) - CVE-2021-21343: replace or inject objects, that result in the deletion of files on the local host (bsc#1184376)
Family:unixClass:patch
Status:Reference(s):1027519
1134506
1155200
1157490
1160932
1165206
1167007
1167152
1168140
1168142
1168143
1169392
1174157
1177943
1184372
1184373
1184374
1184375
1184376
1184377
1184378
1184379
1184380
1184796
1184797
CVE-2020-11739
CVE-2020-11740
CVE-2020-11741
CVE-2020-11742
CVE-2020-11743
CVE-2020-14556
CVE-2020-14577
CVE-2020-14578
CVE-2020-14579
CVE-2020-14581
CVE-2020-14583
CVE-2020-14593
CVE-2020-14621
CVE-2020-14779
CVE-2020-14781
CVE-2020-14782
CVE-2020-14792
CVE-2020-14796
CVE-2020-14797
CVE-2020-14798
CVE-2020-14803
CVE-2021-21341
CVE-2021-21342
CVE-2021-21343
CVE-2021-21344
CVE-2021-21345
CVE-2021-21346
CVE-2021-21347
CVE-2021-21348
CVE-2021-21349
CVE-2021-21350
CVE-2021-21351
openSUSE-SU-2020:0599-1
SUSE-SU-2021:1840-1
Platform(s):openSUSE Leap 15.1
SUSE Linux Enterprise Desktop 15 SP3
SUSE Linux Enterprise High Performance Computing 15 SP3
SUSE Linux Enterprise Module for Development Tools 15 SP3
SUSE Linux Enterprise Server 15 SP3
SUSE Linux Enterprise Server for SAP Applications 15 SP3
SUSE Manager Proxy 4.2
SUSE Manager Server 4.2
Product(s):
Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • java-1_8_0-openjdk-1.8.0.272-lp151.2.15 is installed
  • OR java-1_8_0-openjdk-accessibility-1.8.0.272-lp151.2.15 is installed
  • OR java-1_8_0-openjdk-demo-1.8.0.272-lp151.2.15 is installed
  • OR java-1_8_0-openjdk-devel-1.8.0.272-lp151.2.15 is installed
  • OR java-1_8_0-openjdk-headless-1.8.0.272-lp151.2.15 is installed
  • OR java-1_8_0-openjdk-javadoc-1.8.0.272-lp151.2.15 is installed
  • OR java-1_8_0-openjdk-src-1.8.0.272-lp151.2.15 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Development Tools 15 SP3 is installed
  • AND xstream-1.4.16-3.8.1 is installed
    • BACK