Advisories » MGASA-2020-0077

Updated xmlrpc packages fix security vulnerability

Publication date: 09 Feb 2020
Modification date: 09 Feb 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-17570

Description

A flaw was discovered where the XMLRPC client implementation in Apache
XMLRPC, performed deserialization of the server-side exception serialized
in the faultCause attribute of XMLRPC error response messages. A malicious
or compromised XMLRPC server could possibly use this flaw to execute
arbitrary code with the privileges of an application using the Apache XMLRPC
client library (CVE-2019-17570).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=26090
• https://access.redhat.com/errata/RHSA-2020:0310
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17570

SRPMS

7/core

• xmlrpc-3.1.3-73.1.mga7