RHSA-2021:1354: Red Hat Security Advisory: xstream security update

An update for xstream is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.XStream is a Java XML serialization library to serialize objects to and deserialize object from XML. Security Fix(es):

• XStream: Unsafe deserizaliation of javax.sql.rowset.BaseRowSet (CVE-2021-21344)
• XStream: Unsafe deserizaliation of com.sun.corba.se.impl.activation.ServerTableEntry (CVE-2021-21345)
• XStream: Unsafe deserizaliation of sun.swing.SwingLazyValue (CVE-2021-21346)
• XStream: Unsafe deserizaliation of com.sun.tools.javac.processing.JavacProcessingEnvironment NameProcessIterator (CVE-2021-21347)
• XStream: Unsafe deserizaliation of com.sun.org.apache.bcel.internal.util.ClassLoader (CVE-2021-21350) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Related CVEs:
• CVE-2021-21344: XStream: Unsafe deserizaliation of javax.sql.rowset.BaseRowSet
• CVE-2021-21345: XStream: Unsafe deserizaliation of com.sun.corba.se.impl.activation.ServerTableEntry
• CVE-2021-21346: XStream: Unsafe deserizaliation of sun.swing.SwingLazyValue
• CVE-2021-21347: XStream: Unsafe deserizaliation of com.sun.tools.javac.processing.JavacProcessingEnvironment NameProcessIterator
• CVE-2021-21350: XStream: Unsafe deserizaliation of com.sun.org.apache.bcel.internal.util.ClassLoader