[El-errata] ELSA-2018-1779 Important: Oracle Linux 6 xmlrpc3 security update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Thu May 31 14:06:07 PDT 2018
Oracle Linux Security Advisory ELSA-2018-1779
http://linux.oracle.com/errata/ELSA-2018-1779.html
The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:
i386:
xmlrpc3-client-3.0-4.17.el6_9.noarch.rpm
xmlrpc3-client-devel-3.0-4.17.el6_9.noarch.rpm
xmlrpc3-common-3.0-4.17.el6_9.noarch.rpm
xmlrpc3-common-devel-3.0-4.17.el6_9.noarch.rpm
xmlrpc3-javadoc-3.0-4.17.el6_9.noarch.rpm
xmlrpc3-server-3.0-4.17.el6_9.noarch.rpm
xmlrpc3-server-devel-3.0-4.17.el6_9.noarch.rpm
x86_64:
xmlrpc3-client-3.0-4.17.el6_9.noarch.rpm
xmlrpc3-client-devel-3.0-4.17.el6_9.noarch.rpm
xmlrpc3-common-3.0-4.17.el6_9.noarch.rpm
xmlrpc3-common-devel-3.0-4.17.el6_9.noarch.rpm
xmlrpc3-javadoc-3.0-4.17.el6_9.noarch.rpm
xmlrpc3-server-3.0-4.17.el6_9.noarch.rpm
xmlrpc3-server-devel-3.0-4.17.el6_9.noarch.rpm
SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/xmlrpc3-3.0-4.17.el6_9.src.rpm
Description of changes:
[3.0-4.17]
- Rebase patch to avoid orig files in source JAR
- Related: CVE-2016-5003
[3.0-4.16]
- Disallow deserialization of <ex:serializable> tags by default
- Resolves: CVE-2016-5003
More information about the El-errata
mailing list