[El-errata] ELSA-2018-1779 Important: Oracle Linux 6 xmlrpc3 security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Thu May 31 14:06:07 PDT 2018


Oracle Linux Security Advisory ELSA-2018-1779

http://linux.oracle.com/errata/ELSA-2018-1779.html

The following updated rpms for Oracle Linux 6 have been uploaded to the 
Unbreakable Linux Network:

i386:
xmlrpc3-client-3.0-4.17.el6_9.noarch.rpm
xmlrpc3-client-devel-3.0-4.17.el6_9.noarch.rpm
xmlrpc3-common-3.0-4.17.el6_9.noarch.rpm
xmlrpc3-common-devel-3.0-4.17.el6_9.noarch.rpm
xmlrpc3-javadoc-3.0-4.17.el6_9.noarch.rpm
xmlrpc3-server-3.0-4.17.el6_9.noarch.rpm
xmlrpc3-server-devel-3.0-4.17.el6_9.noarch.rpm

x86_64:
xmlrpc3-client-3.0-4.17.el6_9.noarch.rpm
xmlrpc3-client-devel-3.0-4.17.el6_9.noarch.rpm
xmlrpc3-common-3.0-4.17.el6_9.noarch.rpm
xmlrpc3-common-devel-3.0-4.17.el6_9.noarch.rpm
xmlrpc3-javadoc-3.0-4.17.el6_9.noarch.rpm
xmlrpc3-server-3.0-4.17.el6_9.noarch.rpm
xmlrpc3-server-devel-3.0-4.17.el6_9.noarch.rpm


SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/xmlrpc3-3.0-4.17.el6_9.src.rpm



Description of changes:

[3.0-4.17]
- Rebase patch to avoid orig files in source JAR
- Related: CVE-2016-5003

[3.0-4.16]
- Disallow deserialization of <ex:serializable> tags by default
- Resolves: CVE-2016-5003





More information about the El-errata mailing list