An update that fixes 14 vulnerabilities is now available.
Description:
This update for xstream fixes the following issues:
- Upgrade to 1.4.18
- CVE-2021-39139: Fixed an issue that allowed an attacker to execute
arbitrary code execution by manipulating the processed input stream with
type information. (bsc#1189798)
- CVE-2021-39140: Fixed an issue that allowed an attacker to execute a DoS
attack by manipulating the processed input stream. (bsc#1189798)
- CVE-2021-39141: Fixed an issue that allowed an attacker to achieve
arbitrary code execution. (bsc#1189798)
- CVE-2021-39144: Fixed an issue that allowed an attacker to achieve
arbitrary code execution. (bsc#1189798)
- CVE-2021-39145: Fixed an issue that allowed an attacker to achieve
arbitrary code execution. (bsc#1189798)
- CVE-2021-39146: Fixed an issue that allowed an attacker to achieve
arbitrary code execution. (bsc#1189798)
- CVE-2021-39147: Fixed an issue that allowed an attacker to achieve
arbitrary code execution. (bsc#1189798)
- CVE-2021-39148: Fixed an issue that allowed an attacker to achieve
arbitrary code execution. (bsc#1189798)
- CVE-2021-39149: Fixed an issue that allowed an attacker to achieve
arbitrary code execution. (bsc#1189798)
- CVE-2021-39150: Fixed an issue that allowed an attacker to access
protected resources hosted within the intranet or in the host itself.
(bsc#1189798)
- CVE-2021-39151: Fixed an issue that allowed an attacker to achieve
arbitrary code execution. (bsc#1189798)
- CVE-2021-39152: Fixed an issue that allowed an attacker to access
protected resources hosted within the intranet or in the host itself.
(bsc#1189798)
- CVE-2021-39153: Fixed an issue that allowed an attacker to achieve
arbitrary code execution. (bsc#1189798)
- CVE-2021-39154: Fixed an issue that allowed an attacker to achieve
arbitrary code execution. (bsc#1189798)
This update was imported from the SUSE:SLE-15-SP2:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product: