FEDORA-2018-1ec08a2143

security update in Fedora 26 for xmlrpc

Status: testing 10 months ago

Security fix for CVE-2016-5003, CVE-2016-5002

How to install

sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2018-1ec08a2143

Comments 3

This update has been submitted for testing by msimacek.

This update has been pushed to testing.

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes


Add Comment & Feedback
Toggle Preview

Comment fields support Fedora-Flavored Markdown. Comments are governed under this privacy policy.

-1 0 +1 Feedback Guidelines

Is the update generally functional? (karma)

You need to be logged in to add karma!

#1508110 CVE-2016-5002 xmlrpc: XML external entity vulnerability SSRF via a crafted DTD
#1508111 CVE-2016-5002 xmlrpc: XML external entity vulnerability SSRF via a crafted DTD [fedora-all]
#1508123 CVE-2016-5003 xmlrpc: Deserialization of untrusted Java object through <ex:serializable> tag</ex:serializable>
#1508124 CVE-2016-5003 xmlrpc: Deserialization of untrusted Java object through <ex:serializable> tag [fedora-all]</ex:serializable>
Content Type
RPM
Status
testing
Test Gating
Submitted by
Update Type
security
Update Severity
unspecified
Karma
0
stable threshold: 3
unstable threshold: -3
Autopush
Enabled
Dates
submitted 10 months ago
in testing 10 months ago

Related Bugs 4

00 #1508110 CVE-2016-5002 xmlrpc: XML external entity vulnerability SSRF via a crafted DTD
00 #1508111 CVE-2016-5002 xmlrpc: XML external entity vulnerability SSRF via a crafted DTD [fedora-all]
00 #1508123 CVE-2016-5003 xmlrpc: Deserialization of untrusted Java object through <ex:serializable> tag</ex:serializable>
00 #1508124 CVE-2016-5003 xmlrpc: Deserialization of untrusted Java object through <ex:serializable> tag [fedora-all]</ex:serializable>

Automated Test Results