You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa XML-RPC

Sigurnosni nedostatak programskog paketa XML-RPC

by - 0
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-4496-1
September 15, 2020

Apache XML-RPC vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

Apache XML-RPC could be made to execute arbitrary code if it received
specially crafted data by a malicious XML-RPC server.

Software Description:
– libxmlrpc3-java: XML-RPC implementation in Java

Details:

It was discovered that Apache XML-RPC (aka ws-xmlrpc) does not properly
deserialize untrusted data. An attacker could possibly use this issue to
execute arbitrary code. (CVE-2019-17570)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
libxmlrpc3-client-java 3.1.3-9+deb10u1build0.18.04.1
libxmlrpc3-common-java 3.1.3-9+deb10u1build0.18.04.1
libxmlrpc3-server-java 3.1.3-9+deb10u1build0.18.04.1

Ubuntu 16.04 LTS:
libxmlrpc3-client-java 3.1.3-7+deb8u1build0.16.04.1
libxmlrpc3-common-java 3.1.3-7+deb8u1build0.16.04.1
libxmlrpc3-server-java 3.1.3-7+deb8u1build0.16.04.1

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4496-1
CVE-2019-17570

Package Information:

https://launchpad.net/ubuntu/+source/libxmlrpc3-java/3.1.3-9+deb10u1build0.18.04.1

https://launchpad.net/ubuntu/+source/libxmlrpc3-java/3.1.3-7+deb8u1build0.16.04.1

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEE7MowLJorxPNkyBZZW+PTAFZKyRgFAl9g/vkACgkQW+PTAFZK
yRjujA/+K465XFyGm5OJDcRCPP0geMULpfQ+RfkJNiA7uuDI19IYLMx2aUxZjmE3
isJutOYX921Aj0Ss8LdwtZeOuz8NrTSPoO7xeNGSc8z6emr8CTtq2qqER2znenik
e0/TiLM76MZJ+YF3N+YxZx66EdZZgyT0m185rcnWXUvpVC5rbc8RdNwmVuSeCz9I
0xMPbSzoQ+qICnC0wifbhzjUezRrpZ02hGMrWRXOL0wJ2csY16KxISUdZ8ShvNUS
v90UnOpZp6Et2B0aVaf6bS0Rrc5466N9q0LUdC4PNK6ZfWHY4hLk6F7911zL00sV
UrJEre/ORy2iUs/yYGtigebCP8pHHBh3rB47r51eGBMPgcpB+8Q0b7jNJckhVbdz
VXTstD6M5J+UzNPJ5kzjv0ZEO1iQUex5X2/KkrWKOmNGj6F8Vs6ikGsZvGAXWaMA
3BMYolP3HQJS5fP1dW7PEGPN9gKOG6wkT9wkRYZKf1J0YQjKaK/ewTUmWOCVAfOs
zMUYiwWl/lyT+TdQUVjbtYlbzooRYiDDuklZn62Qwj1j5z2AGHCfWNkZ6UC8FNIa
wLrEb7Qs3Gz1VTt/5ir/ZaLeU1JoxzjGUJhAR7tjnbvWqvQ5wBKoHD0nyhhm2Ylx
T389Oi/ua8h0rpZ5cxMLU5hbaZF/ehuJOmXUL48HJQ4T6MK8QQw=
=jc3w
—–END PGP SIGNATURE—–

AutorBruno Varga
Cert idNCERT-REF-2020-09-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostatak programske biblioteke librepo

Otkriven je sigurnosni nedostatak programske biblioteke librepo za operacijski sustav RHEL. Otkriveni nedostatak potencijalnim napadačima omogućuje izvođenje 'directory traversal' napada....

Close