openSUSE Security Update : xstream (openSUSE-2021-832)

critical Nessus Plugin ID 150248



The remote openSUSE host is missing a security update.


This update for xstream fixes the following issues :

- Upgrade to 1.4.16

- CVE-2021-21351: remote attacker to load and execute arbitrary code (bsc#1184796)

- CVE-2021-21349: SSRF can lead to a remote attacker to request data from internal resources (bsc#1184797)

- CVE-2021-21350: arbitrary code execution (bsc#1184380)

- CVE-2021-21348: remote attacker could cause denial of service by consuming maximum CPU time (bsc#1184374)

- CVE-2021-21347: remote attacker to load and execute arbitrary code from a remote host (bsc#1184378)

- CVE-2021-21344: remote attacker could load and execute arbitrary code from a remote host (bsc#1184375)

- CVE-2021-21342: server-side forgery (bsc#1184379)

- CVE-2021-21341: remote attacker could cause a denial of service by allocating 100% CPU time (bsc#1184377)

- CVE-2021-21346: remote attacker could load and execute arbitrary code (bsc#1184373)

- CVE-2021-21345: remote attacker with sufficient rights could execute commands (bsc#1184372)

- CVE-2021-21343: replace or inject objects, that result in the deletion of files on the local host (bsc#1184376)

This update was imported from the SUSE:SLE-15-SP2:Update update project.


Update the affected xstream packages.

See Also

Plugin Details

Severity: Critical

ID: 150248

File Name: openSUSE-2021-832.nasl

Version: 1.4

Type: local

Agent: unix

Published: 6/4/2021

Updated: 12/27/2023

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information


Risk Factor: High

Score: 7.3


Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2021-21350


Risk Factor: Critical

Base Score: 9.9

Temporal Score: 9.2

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

CVSS Score Source: CVE-2021-21345

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:xstream, p-cpe:/a:novell:opensuse:xstream-benchmark, p-cpe:/a:novell:opensuse:xstream-javadoc, p-cpe:/a:novell:opensuse:xstream-parent, cpe:/o:novell:opensuse:15.2

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/3/2021

Vulnerability Publication Date: 3/23/2021

Reference Information

CVE: CVE-2021-21341, CVE-2021-21342, CVE-2021-21343, CVE-2021-21344, CVE-2021-21345, CVE-2021-21346, CVE-2021-21347, CVE-2021-21348, CVE-2021-21349, CVE-2021-21350, CVE-2021-21351