openSUSE: 2021:3476-1 important: xstream
Description
This update for xstream fixes the following issues: - Upgrade to 1.4.18 - CVE-2021-39139: Fixed an issue that allowed an attacker to execute arbitrary code execution by manipulating the processed input stream with type information. (bsc#1189798) - CVE-2021-39140: Fixed an issue that allowed an attacker to execute a DoS attack by manipulating the processed input stream. (bsc#1189798) - CVE-2021-39141: Fixed an issue that allowed an attacker to achieve arbitrary code execution. (bsc#1189798) - CVE-2021-39144: Fixed an issue that allowed an attacker to achieve arbitrary code execution. (bsc#1189798) - CVE-2021-39145: Fixed an issue that allowed an attacker to achieve arbitrary code execution. (bsc#1189798) - CVE-2021-39146: Fixed an issue that allowed an attacker to achieve arbitrary code execution. (bsc#1189798) - CVE-2021-39147: Fixed an issue that allowed an attacker to achieve arbitrary code execution. (bsc#1189798) - CVE-2021-39148: Fixed an issue that allowed an attacker to achieve arbitrary code execution. (bsc#1189798) - CVE-2021-39149: Fixed an issue that allowed an attacker to achieve arbitrary code execution. (bsc#1189798) - CVE-2021-39150: Fixed an issue that allowed an attacker to access protected resources hosted within the intranet or in the host itself. (bsc#1189798) - CVE-2021-39151: Fixed an issue that allowed an attacker to achieve arbitrary code execution. (bsc#1189798) - CVE-2021-39152: Fixed an issue that allowed an attacker to access protected resources hosted within the intranet or in the host itself. (bsc#1189798) - CVE-2021-39153: Fixed an issue that allowed an attacker to achieve arbitrary code execution. (bsc#1189798) - CVE-2021-39154: Fixed an issue that allowed an attacker to achieve arbitrary code execution. (bsc#1189798)
Patch
Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2021-3476=1
Package List
- openSUSE Leap 15.3 (noarch): xstream-1.4.18-3.14.1 xstream-benchmark-1.4.18-3.14.1 xstream-javadoc-1.4.18-3.14.1 xstream-parent-1.4.18-3.14.1
References
https://www.suse.com/security/cve/CVE-2021-39139.html https://www.suse.com/security/cve/CVE-2021-39140.html https://www.suse.com/security/cve/CVE-2021-39141.html https://www.suse.com/security/cve/CVE-2021-39144.html https://www.suse.com/security/cve/CVE-2021-39145.html https://www.suse.com/security/cve/CVE-2021-39146.html https://www.suse.com/security/cve/CVE-2021-39147.html https://www.suse.com/security/cve/CVE-2021-39148.html https://www.suse.com/security/cve/CVE-2021-39149.html https://www.suse.com/security/cve/CVE-2021-39150.html https://www.suse.com/security/cve/CVE-2021-39151.html https://www.suse.com/security/cve/CVE-2021-39152.html https://www.suse.com/security/cve/CVE-2021-39153.html https://www.suse.com/security/cve/CVE-2021-39154.html https://bugzilla.suse.com/1189798