Overview

File _patchinfo of Package patchinfo.16427

<patchinfo incident="16427">
  <issue tracker="bnc" id="1184380">VUL-0: CVE-2021-21350: xstream: arbitrary code execution</issue>
  <issue tracker="bnc" id="1184372">VUL-0: CVE-2021-21345: xstream:  remote attacker with sufficient rights could execute commands</issue>
  <issue tracker="bnc" id="1184375">VUL-0: CVE-2021-21344: xstream: remote attacker could load and execute arbitrary code from a remote host</issue>
  <issue tracker="bnc" id="1184378">VUL-0: CVE-2021-21347: xstream: remote attacker to load and execute arbitrary code from a remote host</issue>
  <issue tracker="bnc" id="1184376">VUL-0: CVE-2021-21343: xstream: replace or inject objects, that result in the deletion of files on the local host</issue>
  <issue tracker="bnc" id="1184373">VUL-0: CVE-2021-21346: xstream: remote attacker could load and execute arbitrary code</issue>
  <issue tracker="bnc" id="1184379">VUL-0: CVE-2021-21342: xstream: server-side forgery</issue>
  <issue tracker="bnc" id="1184377">VUL-0: CVE-2021-21341: xstream: remote attacker could cause a denial of service by allocating 100% CPU time</issue>
  <issue tracker="bnc" id="1184797">VUL-0: CVE-2021-21349: xstream: SSRF can lead to a remote attacker to request data from internal resources</issue>
  <issue tracker="bnc" id="1184374">VUL-0: CVE-2021-21348: xstream: remote attacker could cause denial of service by consuming maximum CPU time</issue>
  <issue tracker="bnc" id="1184796">VUL-0: CVE-2021-21351: xstream: remote attacker to load and execute arbitrary code</issue>
  <issue tracker="cve" id="2021-21344"/>
  <issue tracker="cve" id="2021-21348"/>
  <issue tracker="cve" id="2021-21341"/>
  <issue tracker="cve" id="2021-21343"/>
  <issue tracker="cve" id="2021-21342"/>
  <issue tracker="cve" id="2021-21351"/>
  <issue tracker="cve" id="2021-21350"/>
  <issue tracker="cve" id="2021-21347"/>
  <issue tracker="cve" id="2021-21349"/>
  <issue tracker="cve" id="2021-21346"/>
  <issue tracker="cve" id="2021-21345"/>
  <packager>fstrba</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for xstream</summary>
  <description>This update for xstream fixes the following issues:

- Upgrade to 1.4.16
- CVE-2021-21351: remote attacker to load and execute arbitrary code (bsc#1184796)
- CVE-2021-21349: SSRF can lead to a remote attacker to request data from internal resources (bsc#1184797)
- CVE-2021-21350: arbitrary code execution (bsc#1184380)
- CVE-2021-21348: remote attacker could cause denial of service by consuming maximum CPU time (bsc#1184374)
- CVE-2021-21347: remote attacker to load and execute arbitrary code from a remote host (bsc#1184378)
- CVE-2021-21344: remote attacker could load and execute arbitrary code from a remote host (bsc#1184375)
- CVE-2021-21342: server-side forgery (bsc#1184379)
- CVE-2021-21341: remote attacker could cause a denial of service by allocating 100% CPU time (bsc#1184377)
- CVE-2021-21346: remote attacker could load and execute arbitrary code (bsc#1184373)
- CVE-2021-21345: remote attacker with sufficient rights could execute commands (bsc#1184372)
- CVE-2021-21343: replace or inject objects, that result in the deletion of files on the local host (bsc#1184376)

This update was imported from the SUSE:SLE-15-SP2:Update update project.</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places