[SECURITY] [DSA 5004-1] libxstream-java security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5004-1 [email protected] https://www.debian.org/security/ Markus Koschany November 10, 2021 https://www.debian.org/security/faq -...

Fedora: Security Advisory for xstream (FEDORA-2021-fbad11014a)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for xstream (FEDORA-2021-d894ca87dc)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE: Security Advisory for xstream (openSUSE-SU-2021:1840-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Moderate: Red Hat Security Advisory: Red Hat Decision Manager 7.11.0 security update

An update is now available for Red Hat Decision Manager. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in...

Moderate: Red Hat Security Advisory: Red Hat Process Automation Manager 7.11.0 security update

An update is now available for Red Hat Process Automation Manager. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

openSUSE: Security Advisory for xstream (openSUSE-SU-2021:0832-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Critical: Red Hat Security Advisory: Red Hat Data Grid 8.2.0 security update

A security update for Red Hat Data Grid is now available. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links i...

Ubuntu: Security Advisory (USN-4943-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-21349

XStream (Java) before 1.4.16 is vulnerable to an input-stream manipulation flaw (CVE-2021-21349) that may allow a remote attacker to access data from internal resources not publicly available. The issue arises from processing the input stream during deserialization. A fix is available in XStream ...

A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host

Impact The vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the...