Fedora Update for xstream FEDORA-2014-2372. XStream is a simple library to serialize objects to XML and back again. Supports circular references. Speed and low memory footprint are crucial. Detailed diagnostics are provided to help isolate and fix the problem
Reporter | Title | Published | Views | Family All 77 |
---|---|---|---|---|
Packet Storm | OpenMRS Reporting Module 0.9.7 Remote Code Execution | 6 Jan 201600:00 | – | packetstorm |
OpenVAS | Mageia: Security Advisory (MGASA-2014-0100) | 28 Jan 202200:00 | – | openvas |
OpenVAS | Fedora Update for xstream FEDORA-2014-2340 | 25 Feb 201400:00 | – | openvas |
OpenVAS | Fedora Update for xstream FEDORA-2014-2372 | 25 Feb 201400:00 | – | openvas |
OpenVAS | JFrog Artifactory < 3.1.1.1 XStream RCE Vulnerability | 13 Mar 201400:00 | – | openvas |
OpenVAS | Fedora Update for xstream FEDORA-2014-2340 | 25 Feb 201400:00 | – | openvas |
OpenVAS | Jenkins Multiple Vulnerabilities (Feb 2014) - Linux | 5 Aug 201600:00 | – | openvas |
OpenVAS | Jenkins Multiple Vulnerabilities (Feb 2014) - Windows | 21 Dec 201500:00 | – | openvas |
Tenable Nessus | Fedora 19 : xstream-1.3.1-5.1.fc19 (2014-2340) | 23 Feb 201400:00 | – | nessus |
Tenable Nessus | RHEL 6 : jasperreports-server-pro (RHSA-2014:0389) | 8 Nov 201400:00 | – | nessus |
###############################################################################
# OpenVAS Vulnerability Test
#
# Fedora Update for xstream FEDORA-2014-2372
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
include("revisions-lib.inc");
if(description)
{
script_id(867544);
script_version("$Revision: 6629 $");
script_tag(name:"last_modification", value:"$Date: 2017-07-10 08:33:41 +0200 (Mon, 10 Jul 2017) $");
script_tag(name:"creation_date", value:"2014-02-25 16:33:30 +0530 (Tue, 25 Feb 2014)");
script_cve_id("CVE-2013-7285");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_name("Fedora Update for xstream FEDORA-2014-2372");
tag_insight = "XStream is a simple library to serialize objects to XML
and back again. A high level facade is supplied that
simplifies common use cases. Custom objects can be serialized
without need for specifying mappings. Speed and low memory
footprint are a crucial part of the design, making it suitable
for large object graphs or systems with high message throughput.
No information is duplicated that can be obtained via reflection.
This results in XML that is easier to read for humans and more
compact than native Java serialization. XStream serializes internal
fields, including private and final. Supports non-public and inner
classes. Classes are not required to have default constructor.
Duplicate references encountered in the object-model will be
maintained. Supports circular references. By implementing an
interface, XStream can serialize directly to/from any tree
structure (not just XML). Strategies can be registered allowing
customization of how particular types are represented as XML.
When an exception occurs due to malformed XML, detailed diagnostics
are provided to help isolate and fix the problem.
";
tag_affected = "xstream on Fedora 20";
tag_solution = "Please Install the Updated Packages.";
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "insight" , value : tag_insight);
script_tag(name : "solution" , value : tag_solution);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
script_xref(name: "FEDORA", value: "2014-2372");
script_xref(name: "URL" , value: "https://lists.fedoraproject.org/pipermail/package-announce/2014-February/128807.html");
script_summary("Check for the Version of xstream");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2014 Greenbone Networks GmbH");
script_family("Fedora Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/fedora", "ssh/login/rpms");
exit(0);
}
include("pkg-lib-rpm.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "FC20")
{
if ((res = isrpmvuln(pkg:"xstream", rpm:"xstream~1.3.1~9.fc20", rls:"FC20")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo