SUSE-SU-2021:1840-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2021:1840-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2021:1840-1
- Related
- Published
- 2021-06-02T14:29:41Z
- Modified
- 2021-06-02T14:29:41Z
- Summary
- Security update for xstream
- Details
-
This update for xstream fixes the following issues:
- Upgrade to 1.4.16
- CVE-2021-21351: remote attacker to load and execute arbitrary code (bsc#1184796)
- CVE-2021-21349: SSRF can lead to a remote attacker to request data from internal resources (bsc#1184797)
- CVE-2021-21350: arbitrary code execution (bsc#1184380)
- CVE-2021-21348: remote attacker could cause denial of service by consuming maximum CPU time (bsc#1184374)
- CVE-2021-21347: remote attacker to load and execute arbitrary code from a remote host (bsc#1184378)
- CVE-2021-21344: remote attacker could load and execute arbitrary code from a remote host (bsc#1184375)
- CVE-2021-21342: server-side forgery (bsc#1184379)
- CVE-2021-21341: remote attacker could cause a denial of service by allocating 100% CPU time (bsc#1184377)
- CVE-2021-21346: remote attacker could load and execute arbitrary code (bsc#1184373)
- CVE-2021-21345: remote attacker with sufficient rights could execute commands (bsc#1184372)
- CVE-2021-21343: replace or inject objects, that result in the deletion of files on the local host (bsc#1184376)
- References
-
- https://www.suse.com/support/update/announcement/2021/suse-su-20211840-1/
- https://bugzilla.suse.com/1184372
- https://bugzilla.suse.com/1184373
- https://bugzilla.suse.com/1184374
- https://bugzilla.suse.com/1184375
- https://bugzilla.suse.com/1184376
- https://bugzilla.suse.com/1184377
- https://bugzilla.suse.com/1184378
- https://bugzilla.suse.com/1184379
- https://bugzilla.suse.com/1184380
- https://bugzilla.suse.com/1184796
- https://bugzilla.suse.com/1184797
- https://www.suse.com/security/cve/CVE-2021-21341
- https://www.suse.com/security/cve/CVE-2021-21342
- https://www.suse.com/security/cve/CVE-2021-21343
- https://www.suse.com/security/cve/CVE-2021-21344
- https://www.suse.com/security/cve/CVE-2021-21345
- https://www.suse.com/security/cve/CVE-2021-21346
- https://www.suse.com/security/cve/CVE-2021-21347
- https://www.suse.com/security/cve/CVE-2021-21348
- https://www.suse.com/security/cve/CVE-2021-21349
- https://www.suse.com/security/cve/CVE-2021-21350
- https://www.suse.com/security/cve/CVE-2021-21351
Affected packages
SUSE:Linux Enterprise Module for Development Tools 15 SP2 / xstream
Package
- Name
- xstream
- Purl
- purl:rpm/suse/xstream&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP2
SUSE:Linux Enterprise Module for Development Tools 15 SP3 / xstream
Package
- Name
- xstream
- Purl
- purl:rpm/suse/xstream&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP3