Test ID:	1.3.6.1.4.1.25623.1.1.12.2023.5946.1
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-5946-1)
Summary:	The remote host is missing an update for the 'libxstream-java' package(s) announced via the USN-5946-1 advisory.
Description:	Summary: The remote host is missing an update for the 'libxstream-java' package(s) announced via the USN-5946-1 advisory. Vulnerability Insight: Lai Han discovered that XStream incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-39140) It was discovered that XStream incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-39139, CVE-2021-39141, CVE-2021-39144, CVE-2021-39145, CVE-2021-39146, CVE-2021-39147, CVE-2021-39148, CVE-2021-39149, CVE-2021-39151, CVE-2021-39153, CVE-2021-39154) It was discovered that XStream incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-39150, CVE-2021-39152) Lai Han discovered that XStream incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2022-41966) Affected Software/OS: 'libxstream-java' package(s) on Ubuntu 14.04, Ubuntu 16.04, Ubuntu 18.04, Ubuntu 20.04, Ubuntu 22.04, Ubuntu 22.10. Solution: Please install the updated package(s). CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2021-39139 https://github.com/x-stream/xstream/security/advisories/GHSA-64xx-cq4q-mf44 https://security.netapp.com/advisory/ntap-20210923-0003/ Debian Security Information: DSA-5004 (Google Search) https://www.debian.org/security/2021/dsa-5004 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/ https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujan2022.html https://www.oracle.com/security-alerts/cpujul2022.html https://x-stream.github.io/CVE-2021-39139.html https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html Common Vulnerability Exposure (CVE) ID: CVE-2021-39140 https://github.com/x-stream/xstream/security/advisories/GHSA-6wf9-jmg9-vxcc https://x-stream.github.io/CVE-2021-39140.html Common Vulnerability Exposure (CVE) ID: CVE-2021-39141 https://github.com/x-stream/xstream/security/advisories/GHSA-g5w6-mrj7-75h2 https://x-stream.github.io/CVE-2021-39141.html Common Vulnerability Exposure (CVE) ID: CVE-2021-39144 https://github.com/x-stream/xstream/security/advisories/GHSA-j9h8-phrw-h4fh http://packetstormsecurity.com/files/169859/VMware-NSX-Manager-XStream-Unauthenticated-Remote-Code-Execution.html https://x-stream.github.io/CVE-2021-39144.html Common Vulnerability Exposure (CVE) ID: CVE-2021-39145 https://github.com/x-stream/xstream/security/advisories/GHSA-8jrj-525p-826v https://x-stream.github.io/CVE-2021-39145.html Common Vulnerability Exposure (CVE) ID: CVE-2021-39146 https://github.com/x-stream/xstream/security/advisories/GHSA-p8pq-r894-fm8f https://x-stream.github.io/CVE-2021-39146.html Common Vulnerability Exposure (CVE) ID: CVE-2021-39147 https://github.com/x-stream/xstream/security/advisories/GHSA-h7v4-7xg3-hxcc https://x-stream.github.io/CVE-2021-39147.html Common Vulnerability Exposure (CVE) ID: CVE-2021-39148 https://github.com/x-stream/xstream/security/advisories/GHSA-qrx8-8545-4wg2 https://x-stream.github.io/CVE-2021-39148.html Common Vulnerability Exposure (CVE) ID: CVE-2021-39149 https://github.com/x-stream/xstream/security/advisories/GHSA-3ccq-5vw3-2p6x https://x-stream.github.io/CVE-2021-39149.html Common Vulnerability Exposure (CVE) ID: CVE-2021-39150 https://github.com/x-stream/xstream/security/advisories/GHSA-cxfm-5m4g-x7xp https://x-stream.github.io/CVE-2021-39150.html Common Vulnerability Exposure (CVE) ID: CVE-2021-39151 https://github.com/x-stream/xstream/security/advisories/GHSA-hph2-m3g5-xxv4 https://x-stream.github.io/CVE-2021-39151.html Common Vulnerability Exposure (CVE) ID: CVE-2021-39152 https://github.com/x-stream/xstream/security/advisories/GHSA-xw4p-crpj-vjx2 https://x-stream.github.io/CVE-2021-39152.html Common Vulnerability Exposure (CVE) ID: CVE-2021-39153 https://github.com/x-stream/xstream/security/advisories/GHSA-2q8x-2p7f-574v https://x-stream.github.io/CVE-2021-39153.html Common Vulnerability Exposure (CVE) ID: CVE-2021-39154 https://github.com/x-stream/xstream/security/advisories/GHSA-6w62-hx7r-mw68 https://x-stream.github.io/CVE-2021-39154.html Common Vulnerability Exposure (CVE) ID: CVE-2022-41966 https://github.com/x-stream/xstream/security/advisories/GHSA-j563-grx4-pjpv https://x-stream.github.io/CVE-2022-41966.html
Copyright	Copyright (C) 2023 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.