Amazon Linux 2 Security Advisory: ALAS-2021-1698
Advisory Release Date: 2021-08-04 20:32 Pacific
Advisory Updated Date: 2021-08-05 21:24 Pacific
Severity:
Important
Issue Overview:
A flaw was found in XStream. By manipulating the processed input stream, a remote attacker may be able to obtain sufficient rights to execute commands. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-29505)
Affected Packages:
xstream
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update xstream to update your system.
New Packages:
noarch:
xstream-1.3.1-14.amzn2.noarch
xstream-javadoc-1.3.1-14.amzn2.noarch
src:
xstream-1.3.1-14.amzn2.src