UbuntuUpdates.org

Package "libxstream-java"

Name: libxstream-java

Description:

Java library to serialize objects to XML and back again

Latest version: 1.4.15-1ubuntu0.1
Release: hirsute (21.04)
Level: security
Repository: universe
Homepage: https://x-stream.github.io

Links


Download "libxstream-java"


Other versions of "libxstream-java" in Hirsute

Repository Area Version
base universe 1.4.15-1
updates universe 1.4.15-1ubuntu0.1

Changelog

Version: 1.4.15-1ubuntu0.1 2021-05-11 11:08:53 UTC

  libxstream-java (1.4.15-1ubuntu0.1) hirsute-security; urgency=medium

  * Merge from Debian
  * SECURITY UPDATE: Arbitrary code execution.
    - debian/patches/CVE-2021-21341-to-CVE-2021-21351.patch: The type
    hierarchies for java.io.InputStream, java.nio.channels.Channel,
    javax.activation.DataSource and javax.sql.rowsel.BaseRowSet are now
    blacklisted as well as the individual types
    com.sun.corba.se.impl.activation.ServerTableEntry,
    com.sun.tools.javac.processing.JavacProcessingEnvironment$NameProcessIterator,
    sun.awt.datatransfer.DataTransferer$IndexOrderComparator, and
    sun.swing.SwingLazyValue. Additionally the internal type
    Accessor$GetterSetterReflection of JAXB, the internal types
    MethodGetter$PrivilegedGetter and ServiceFinder$ServiceNameIterator of
    JAX-WS, all inner classes of javafx.collections.ObservableList and an
    internal ClassLoader used in a private BCEL copy are now part of the
    default blacklist and the deserialization of XML containing one of the two
    types will fail. You will have to enable these types by explicit
    configuration, if you need them.
    - CVE-2021-21341
    - CVE-2021-21342
    - CVE-2021-21343
    - CVE-2021-21344
    - CVE-2021-21345
    - CVE-2021-21346
    - CVE-2021-21347
    - CVE-2021-21348
    - CVE-2021-21349
    - CVE-2021-21350
    - CVE-2021-21351

 -- Eduardo Barretto <email address hidden> Mon, 10 May 2021 15:43:39 +0200

CVE-2021-21341 XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is vulnerability which may allow a remo
CVE-2021-21351 XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote a
CVE-2021-21342 XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed
CVE-2021-21343 XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed
CVE-2021-21344 XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a re
CVE-2021-21345 XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a re
CVE-2021-21346 XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a re
CVE-2021-21347 XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a re
CVE-2021-21348 XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a re
CVE-2021-21349 XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a re
CVE-2021-21350 XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a re



About   -   Send Feedback to @ubuntu_updates