xmlrpc-3.1.3-9.el7

エラータID: AXSA:2018-3132:01

Release date: 
Tuesday, June 5, 2018 - 12:19
Subject: 
xmlrpc-3.1.3-9.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

Apache XML-RPC is a Java implementation of XML-RPC, a popular protocol that uses XML over HTTP to implement remote procedure calls.

Security Fix(es):

* xmlrpc: Deserialization of untrusted Java object through tag (CVE-2016-5003)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2016-5003
The Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to execute arbitrary code via a crafted serialized Java object in an element.

Solution: 

Update packages.

CVEs: 
CVE-2016-5003
The Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to execute arbitrary code via a crafted serialized Java object in an element.
Additional Info: 

N/A

Download: 

SRPMS
  1. xmlrpc-3.1.3-9.el7.src.rpm
    MD5: 464cef92849beea480c49a24d2c8a8a0
    SHA-256: 8dbab4dafb7f5f749482f4b6f720c564130d6f7bb3217569ad7f469114b6e138
    Size: 140.60 kB

Asianux Server 7 for x86_64
  1. xmlrpc-client-3.1.3-9.el7.noarch.rpm
    MD5: 8ea61ff24f965ea3d1af79954734673e
    SHA-256: 1bc737c193a1b7ceb297bece739f5116b005e5fdbe8471181ccea8a298782023
    Size: 55.73 kB
  2. xmlrpc-common-3.1.3-9.el7.noarch.rpm
    MD5: b28351bab69c2691fc63293571be216d
    SHA-256: 0415ef4d25f7b6eacd199d6ed39ce4a4c2342e435bc2d0e33b931bb0d36372ee
    Size: 104.49 kB
  3. xmlrpc-javadoc-3.1.3-9.el7.noarch.rpm
    MD5: ade6fae50edbedd4f6b379d84784fc25
    SHA-256: 9cbce2366550a3aebca1625f874a4b19d4963c92864bdffcf98e41df7ecb422b
    Size: 266.50 kB
  4. xmlrpc-server-3.1.3-9.el7.noarch.rpm
    MD5: 5c8f353267b163cb0665d94649970bd5
    SHA-256: b1dab366c7fc82a7eab310e8654e5810cb2ef72352af488c77a72b0b49cd3212
    Size: 76.26 kB