ALAS2-2018-1041


Amazon Linux 2 Security Advisory: ALAS-2018-1041
Advisory Release Date: 2018-07-24 21:13 Pacific
Severity: Important
References: CVE-2016-5003 

Issue Overview:

A flaw was discovered in the Apache XML-RPC (ws-xmlrpc) library that deserializes untrusted data when enabledForExtensions setting is enabled. A remote attacker could use this vulnerability to execute arbitrary code via a crafted serialized Java object in a element.(CVE-2016-5003 )


Affected Packages:

xmlrpc


Issue Correction:
Run yum update xmlrpc to update your system.

New Packages:
noarch:
    xmlrpc-javadoc-3.1.3-9.amzn2.noarch
    xmlrpc-common-3.1.3-9.amzn2.noarch
    xmlrpc-client-3.1.3-9.amzn2.noarch
    xmlrpc-server-3.1.3-9.amzn2.noarch

src:
    xmlrpc-3.1.3-9.amzn2.src