Ubuntu - Apache XML-RPC vulnerability (2020-09-15)

USN-4496-1: Apache XML-RPC vulnerability

Apache XML-RPC vulnerability<br/>A security issue affects these releases of Ubuntu and its derivatives:<br/>Ubuntu 18.04 LTS<br/>Ubuntu 16.04 LTS<br/>Summary<br/>Apache XML-RPC could be made to execute arbitrary code if it received specially crafted data by a malicious XML-RPC server.<br/>Software Description<br/>libxmlrpc3-java - XML-RPC implementation in Java<br/>Details<br/>It was discovered that Apache XML-RPC (aka ws-xmlrpc) does not properly deserialize untrusted data. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-17570)<br/>Update instructions<br/>The problem can be corrected by updating your system to the following package versions:<br/>Ubuntu 18.04 LTS<br/>libxmlrpc3-client-java - 3.1.3-9+deb10u1build0.18.04.1<br/>libxmlrpc3-common-java - 3.1.3-9+deb10u1build0.18.04.1<br/>libxmlrpc3-server-java - 3.1.3-9+deb10u1build0.18.04.1<br/>Ubuntu 16.04 LTS<br/>libxmlrpc3-client-java - 3.1.3-7+deb8u1build0.16.04.1<br/>libxmlrpc3-common-java - 3.1.3-7+deb8u1build0.16.04.1<br/>libxmlrpc3-server-java - 3.1.3-7+deb8u1build0.16.04.1<br/>To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.<br/>In general, a standard system update will make all the necessary changes.<br/>References<br/>CVE-2019-17570<br/>]]&gt;

Ubuntu是一个以桌面应用为主的Linux操作系统

<p><a target="_blank" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17570">CVE-2019-17570</a></p>

暂无

暂无

https://usn.ubuntu.com/4496-1/