xstream-1.3.1-12.el7
エラータID: AXSA:2021-1252:01
リリース日:
2021/01/18 Monday - 20:49
題名:
xstream-1.3.1-12.el7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- XStream には、リモートの攻撃者が処理された入力ストリームを操作して
任意のシェルコマンドを実行することが可能な脆弱性があります。(CVE-2020-26217)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2020-26217
XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist is not affected. The linked advisory provides code workarounds for users who cannot upgrade. The issue is fixed in version 1.4.14.
XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist is not affected. The linked advisory provides code workarounds for users who cannot upgrade. The issue is fixed in version 1.4.14.
追加情報:
N/A
ダウンロード:
SRPMS
- xstream-1.3.1-12.el7.src.rpm
MD5: 914088bf5eb10d7e232ff61e82875b23
SHA-256: a428e30e169c2134523d6748421858d70a2e9a0603d49baafaf734ba2ec128a5
Size: 7.04 MB
Asianux Server 7 for x86_64
- xstream-1.3.1-12.el7.noarch.rpm
MD5: 07842217579325b090076120fd541395
SHA-256: e21865cfdd7002240b3f0bacbef1f9f7bf37cd74251cc2249c8a75042c5a615e
Size: 374.11 kB
English