Debian Security Advisory 4828-1

Debian Security Advisory 4828-1: Posted Jan 28, 2021; Authored by Debian | Site debian.org; Debian Linux Security Advisory 4828-1 - Liaogui Zhong discovered two security issues in XStream, a Java library to serialise objects to XML and back again, which could result in the deletion of files or server-side request forgery when unmarshalling.; tags | advisory, java; systems | linux, debian; advisories | CVE-2020-26258, CVE-2020-26259; SHA-256 | 23076c5eeea51b7e0850ffd341eb9d56280a3057689e9fd411b78f5822b86f73; Download | Favorite | View

Debian Security Advisory 4828-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4828-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
January 07, 2021                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : libxstream-java
CVE ID         : CVE-2020-26258 CVE-2020-26259

Liaogui Zhong discovered two security issues in XStream, a Java library
to serialise objects to XML and back again, which could result in the
deletion of files or server-side request forgery when unmarshalling.

For the stable distribution (buster), these problems have been fixed in
version 1.4.11.1-1+deb10u2.

We recommend that you upgrade your libxstream-java packages.

For the detailed security status of libxstream-java please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libxstream-java

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl/3jg8ACgkQEMKTtsN8
TjZN1hAAoPTdyb5k7BMDfnFR3wIbVTmZcf5kRfugqHP6zUJn03U8kV5tDdqPTdxr
wORJP/MMAldelD57PVfmrSjV/x8Q1znGVZEvAr9VO6B7Kuo4s9J+A+ecK0/rjxoK
tNnFIaxb69ToznGzjGPNHzE6VLjkwS7pRFqxktrk7P+WIz7OBYdJNkSNiF5uLPJM
wmqJVr99DWZAQ0dlYDAvXe8+fYmOP0qfD+bpuW+OyNjTU2CfCL2I+hzc+TzpSZXp
j6CMvh6+EfmiGg4AYf0eZXrJN9HX4FTEfj7lshglCdChpjNOWhutU/9DuUS8qPWa
QmIEeg0sa3ecx4mMaGN7oiVdnSkxDyv0pg84NoBhoysR0X2LFu4oPg2U5ViGrnLp
lIJWcTcHOl5rJBOCskJMqwn6ubip5K6NXsb/czfDSY2F0R3N8mwpGo+QU0PVji57
qXCJpLjBipTYXLKH/Vg0QXraUhCE9bUP2He1JfAa3PBLB8nMpa07KATk+uBF0/3m
AMUlLGTNlAlY9l3yr5PDWz/ehllruYvGwwkdl9WM/Q+dWEs8/tB76JaQDeYNOAlL
neoexJuk6rsGIkPxPVPjYtTEQ86wWrYKPtLTP+RhsAh3wwoTmZtXpTyfNleEm66G
tHAXITEL9DpVVA35Lqcix+FTQ/n1oqmROWRDYxH6Jj7vs2p3ixw=
=iebc
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 237 files
indoushka 172 files
Jay Turla 150 files
Ubuntu 78 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Karn Ganeshen 23 files
Pedro Ribeiro 22 files

File Archives

Systems

AIX (430)
Apple (2,114)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,124)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (881)
iOS (389)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,237)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (16,845)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,852)
UNIX (9,456)
UnixWare (188)
Windows (6,772)
Other

Debian Security Advisory 4828-1

Debian Security Advisory 4828-1

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 4828-1

Share This

Debian Security Advisory 4828-1

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems