RHEL 7 : Virtualization (RHSA-2018:2317)

High Nessus Plugin ID 111514

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

An update for xmlrpc is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

XML-RPC is a way to make remote procedure calls over the Internet. It converts procedure calls into XML documents, sends them to a remote server using the HTTP protocol, and gets back the response as XML.

The following packages have been upgraded to a later upstream version:
xmlrpc (3.1.3). (BZ#1594618)

Security Fix(es) :

* xmlrpc: Deserialization of untrusted Java object through tag (CVE-2016-5003)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Solution

Update the affected packages.

See Also

http://rhn.redhat.com/errata/RHSA-2018-2317.html

https://www.redhat.com/security/data/cve/CVE-2016-5003.html

Plugin Details

Severity: High

ID: 111514

File Name: redhat-RHSA-2018-2317.nasl

Version: 1.1

Type: local

Agent: unix

Published: 2018/08/02

Modified: 2018/08/02

Dependencies: 12634

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:xmlrpc-client, p-cpe:/a:redhat:enterprise_linux:xmlrpc-common, p-cpe:/a:redhat:enterprise_linux:xmlrpc-javadoc, p-cpe:/a:redhat:enterprise_linux:xmlrpc-server, cpe:/o:redhat:enterprise_linux:7

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Patch Publication Date: 2018/07/31

Reference Information

CVE: CVE-2016-5003

RHSA: 2018:2317