openSUSE: 2021:0832-1 important: xstream
Description
This update for xstream fixes the following issues: - Upgrade to 1.4.16 - CVE-2021-21351: remote attacker to load and execute arbitrary code (bsc#1184796) - CVE-2021-21349: SSRF can lead to a remote attacker to request data from internal resources (bsc#1184797) - CVE-2021-21350: arbitrary code execution (bsc#1184380) - CVE-2021-21348: remote attacker could cause denial of service by consuming maximum CPU time (bsc#1184374) - CVE-2021-21347: remote attacker to load and execute arbitrary code from a remote host (bsc#1184378) - CVE-2021-21344: remote attacker could load and execute arbitrary code from a remote host (bsc#1184375) - CVE-2021-21342: server-side forgery (bsc#1184379) - CVE-2021-21341: remote attacker could cause a denial of service by allocating 100% CPU time (bsc#1184377) - CVE-2021-21346: remote attacker could load and execute arbitrary code (bsc#1184373) - CVE-2021-21345: remote attacker with sufficient rights could execute commands (bsc#1184372) - CVE-2021-21343: replace or inject objects, that result in the deletion of files on the local host (bsc#1184376) This update was imported from the SUSE:SLE-15-SP2:Update update project.
Patch
Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2021-832=1
Package List
- openSUSE Leap 15.2 (noarch): xstream-1.4.16-lp152.2.6.1 xstream-benchmark-1.4.16-lp152.2.6.1 xstream-javadoc-1.4.16-lp152.2.6.1 xstream-parent-1.4.16-lp152.2.6.1
References
https://www.suse.com/security/cve/CVE-2021-21341.html https://www.suse.com/security/cve/CVE-2021-21342.html https://www.suse.com/security/cve/CVE-2021-21343.html https://www.suse.com/security/cve/CVE-2021-21344.html https://www.suse.com/security/cve/CVE-2021-21345.html https://www.suse.com/security/cve/CVE-2021-21346.html https://www.suse.com/security/cve/CVE-2021-21347.html https://www.suse.com/security/cve/CVE-2021-21348.html https://www.suse.com/security/cve/CVE-2021-21349.html https://www.suse.com/security/cve/CVE-2021-21350.html https://www.suse.com/security/cve/CVE-2021-21351.html https://bugzilla.suse.com/1184372 https://bugzilla.suse.com/1184373 https://bugzilla.suse.com/1184374 https://bugzilla.suse.com/1184375 https://bugzilla.suse.com/1184376 https://bugzilla.suse.com/1184377 https://bugzilla.suse.com/1184378 https://bugzilla.suse.com/1184379 https://bugzilla.suse.com/1184380 https://bugzilla.suse.com/1184796 https://bugzilla.suse.com/1184797