RHSA-2014:0294: Important: XStream security update
XStream is a simple library to serialize and de-serialize objects to andfrom XML.It was found that XStream could deserialize arbitrary user-supplied XMLcontent, representing objects of any type. A remote attacker able to passXML to XStream could use this flaw to perform a variety of attacks,including remote code execution in the context of the server running theXStream application. (CVE-2013-7285)The main distribution of Red Hat JBoss Data Virtualization 6.0.0 does notcontain the vulnerable XStream library and is not vulnerable toCVE-2013-7285. Only users of Red Hat JBoss Data Virtualization 6.0.0 whoinstalled an optional S-RAMP distribution as provided from the Red HatCustomer Portal are advised to apply this update.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2014:0294?
The severity of RHSA-2014:0294 is classified as Important.
How do I fix RHSA-2014:0294?
To fix RHSA-2014:0294, apply the appropriate update or patch to your affected Red Hat JBoss Data Virtualization software.
What products are affected by RHSA-2014:0294?
RHSA-2014:0294 affects Red Hat JBoss Data Virtualization.
Can RHSA-2014:0294 be exploited by an attacker?
Yes, a remote attacker can exploit RHSA-2014:0294 by supplying malicious XML to XStream.
What are the consequences of not addressing RHSA-2014:0294?
Failure to address RHSA-2014:0294 may lead to the remote execution of arbitrary code on affected systems.