Red Hat Product Errata RHSA-2018:1784 - Security Advisory
Issued:
2018-06-04
Updated:
2018-06-04

RHSA-2018:1784 - Security Advisory

Synopsis

Important: rh-java-common-xmlrpc security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for rh-java-common-xmlrpc is now available for Red Hat Software Collections.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Apache XML-RPC is a Java implementation of XML-RPC, a popular protocol that uses XML over HTTP to implement remote procedure calls.

Security Fix(es):

  • xmlrpc: Deserialization of untrusted Java object through <ex:serializable> tag (CVE-2016-5003)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.7 x86_64
  • Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.6 x86_64
  • Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.5 x86_64
  • Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.4 x86_64
  • Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.3 x86_64
  • Red Hat Software Collections (for RHEL Server) 1 for RHEL 7 x86_64
  • Red Hat Software Collections (for RHEL Server) 1 for RHEL 6.7 x86_64
  • Red Hat Software Collections (for RHEL Server) 1 for RHEL 6 x86_64
  • Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7 x86_64
  • Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 6 x86_64

Fixes

  • BZ - 1508123 - CVE-2016-5003 xmlrpc: Deserialization of untrusted Java object through <ex:serializable> tag

Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.7

SRPM
rh-java-common-xmlrpc-3.1.3-8.16.el7.src.rpm SHA-256: 1bbab16793b0fda6dd396a456c4b806bdafff29d5dbe586cfa8ec7373a7c0f5f
x86_64
rh-java-common-xmlrpc-client-3.1.3-8.16.el7.noarch.rpm SHA-256: b399962fee5e662d458494ce293d808a5d5c45032810255e65c2f574736fdacb
rh-java-common-xmlrpc-common-3.1.3-8.16.el7.noarch.rpm SHA-256: 3dcedac5e66a9496c82ec8f29c65a3d216b4308cc4a872f4065e2856823a0ef5
rh-java-common-xmlrpc-javadoc-3.1.3-8.16.el7.noarch.rpm SHA-256: 3f9870678aae21245316966a4554891702348e0217d7cb3ae229ab33d3b8a61d
rh-java-common-xmlrpc-server-3.1.3-8.16.el7.noarch.rpm SHA-256: f0e7ef61ddb7035280afe45768215aeda98b7df16596eeabfebd19f4edb610d9

Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.6

SRPM
rh-java-common-xmlrpc-3.1.3-8.16.el7.src.rpm SHA-256: 1bbab16793b0fda6dd396a456c4b806bdafff29d5dbe586cfa8ec7373a7c0f5f
x86_64
rh-java-common-xmlrpc-client-3.1.3-8.16.el7.noarch.rpm SHA-256: b399962fee5e662d458494ce293d808a5d5c45032810255e65c2f574736fdacb
rh-java-common-xmlrpc-common-3.1.3-8.16.el7.noarch.rpm SHA-256: 3dcedac5e66a9496c82ec8f29c65a3d216b4308cc4a872f4065e2856823a0ef5
rh-java-common-xmlrpc-javadoc-3.1.3-8.16.el7.noarch.rpm SHA-256: 3f9870678aae21245316966a4554891702348e0217d7cb3ae229ab33d3b8a61d
rh-java-common-xmlrpc-server-3.1.3-8.16.el7.noarch.rpm SHA-256: f0e7ef61ddb7035280afe45768215aeda98b7df16596eeabfebd19f4edb610d9

Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.5

SRPM
rh-java-common-xmlrpc-3.1.3-8.16.el7.src.rpm SHA-256: 1bbab16793b0fda6dd396a456c4b806bdafff29d5dbe586cfa8ec7373a7c0f5f
x86_64
rh-java-common-xmlrpc-client-3.1.3-8.16.el7.noarch.rpm SHA-256: b399962fee5e662d458494ce293d808a5d5c45032810255e65c2f574736fdacb
rh-java-common-xmlrpc-common-3.1.3-8.16.el7.noarch.rpm SHA-256: 3dcedac5e66a9496c82ec8f29c65a3d216b4308cc4a872f4065e2856823a0ef5
rh-java-common-xmlrpc-javadoc-3.1.3-8.16.el7.noarch.rpm SHA-256: 3f9870678aae21245316966a4554891702348e0217d7cb3ae229ab33d3b8a61d
rh-java-common-xmlrpc-server-3.1.3-8.16.el7.noarch.rpm SHA-256: f0e7ef61ddb7035280afe45768215aeda98b7df16596eeabfebd19f4edb610d9

Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.4

SRPM
rh-java-common-xmlrpc-3.1.3-8.16.el7.src.rpm SHA-256: 1bbab16793b0fda6dd396a456c4b806bdafff29d5dbe586cfa8ec7373a7c0f5f
x86_64
rh-java-common-xmlrpc-client-3.1.3-8.16.el7.noarch.rpm SHA-256: b399962fee5e662d458494ce293d808a5d5c45032810255e65c2f574736fdacb
rh-java-common-xmlrpc-common-3.1.3-8.16.el7.noarch.rpm SHA-256: 3dcedac5e66a9496c82ec8f29c65a3d216b4308cc4a872f4065e2856823a0ef5
rh-java-common-xmlrpc-javadoc-3.1.3-8.16.el7.noarch.rpm SHA-256: 3f9870678aae21245316966a4554891702348e0217d7cb3ae229ab33d3b8a61d
rh-java-common-xmlrpc-server-3.1.3-8.16.el7.noarch.rpm SHA-256: f0e7ef61ddb7035280afe45768215aeda98b7df16596eeabfebd19f4edb610d9

Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.3

SRPM
rh-java-common-xmlrpc-3.1.3-8.16.el7.src.rpm SHA-256: 1bbab16793b0fda6dd396a456c4b806bdafff29d5dbe586cfa8ec7373a7c0f5f
x86_64
rh-java-common-xmlrpc-client-3.1.3-8.16.el7.noarch.rpm SHA-256: b399962fee5e662d458494ce293d808a5d5c45032810255e65c2f574736fdacb
rh-java-common-xmlrpc-common-3.1.3-8.16.el7.noarch.rpm SHA-256: 3dcedac5e66a9496c82ec8f29c65a3d216b4308cc4a872f4065e2856823a0ef5
rh-java-common-xmlrpc-javadoc-3.1.3-8.16.el7.noarch.rpm SHA-256: 3f9870678aae21245316966a4554891702348e0217d7cb3ae229ab33d3b8a61d
rh-java-common-xmlrpc-server-3.1.3-8.16.el7.noarch.rpm SHA-256: f0e7ef61ddb7035280afe45768215aeda98b7df16596eeabfebd19f4edb610d9

Red Hat Software Collections (for RHEL Server) 1 for RHEL 7

SRPM
rh-java-common-xmlrpc-3.1.3-8.16.el7.src.rpm SHA-256: 1bbab16793b0fda6dd396a456c4b806bdafff29d5dbe586cfa8ec7373a7c0f5f
x86_64
rh-java-common-xmlrpc-client-3.1.3-8.16.el7.noarch.rpm SHA-256: b399962fee5e662d458494ce293d808a5d5c45032810255e65c2f574736fdacb
rh-java-common-xmlrpc-common-3.1.3-8.16.el7.noarch.rpm SHA-256: 3dcedac5e66a9496c82ec8f29c65a3d216b4308cc4a872f4065e2856823a0ef5
rh-java-common-xmlrpc-javadoc-3.1.3-8.16.el7.noarch.rpm SHA-256: 3f9870678aae21245316966a4554891702348e0217d7cb3ae229ab33d3b8a61d
rh-java-common-xmlrpc-server-3.1.3-8.16.el7.noarch.rpm SHA-256: f0e7ef61ddb7035280afe45768215aeda98b7df16596eeabfebd19f4edb610d9

Red Hat Software Collections (for RHEL Server) 1 for RHEL 6.7

SRPM
rh-java-common-xmlrpc-3.1.3-8.16.el6.src.rpm SHA-256: 709f0a0066842bd93fb371a27c78c1126dfdc1cf761f3e86a7958a9058460cff
x86_64
rh-java-common-xmlrpc-client-3.1.3-8.16.el6.noarch.rpm SHA-256: 7472e41a6e96bd3d13f091a7706a3cc8689260e6b3b19fb22cbe4ea46bb4def3
rh-java-common-xmlrpc-common-3.1.3-8.16.el6.noarch.rpm SHA-256: e275ee98bcce9579446acc7db91f8aecc297bc5f86710506ed4401b9949c064d
rh-java-common-xmlrpc-javadoc-3.1.3-8.16.el6.noarch.rpm SHA-256: 42900155d811d6c95129f9394815f895dceb04ef59a98489c003ca746d95d3c3
rh-java-common-xmlrpc-server-3.1.3-8.16.el6.noarch.rpm SHA-256: b0f1fdaf4ce1bf3902123db3e1d199aa1916e89e3b85ee626328acb6fc4c8696

Red Hat Software Collections (for RHEL Server) 1 for RHEL 6

SRPM
rh-java-common-xmlrpc-3.1.3-8.16.el6.src.rpm SHA-256: 709f0a0066842bd93fb371a27c78c1126dfdc1cf761f3e86a7958a9058460cff
x86_64
rh-java-common-xmlrpc-client-3.1.3-8.16.el6.noarch.rpm SHA-256: 7472e41a6e96bd3d13f091a7706a3cc8689260e6b3b19fb22cbe4ea46bb4def3
rh-java-common-xmlrpc-common-3.1.3-8.16.el6.noarch.rpm SHA-256: e275ee98bcce9579446acc7db91f8aecc297bc5f86710506ed4401b9949c064d
rh-java-common-xmlrpc-javadoc-3.1.3-8.16.el6.noarch.rpm SHA-256: 42900155d811d6c95129f9394815f895dceb04ef59a98489c003ca746d95d3c3
rh-java-common-xmlrpc-server-3.1.3-8.16.el6.noarch.rpm SHA-256: b0f1fdaf4ce1bf3902123db3e1d199aa1916e89e3b85ee626328acb6fc4c8696

Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7

SRPM
rh-java-common-xmlrpc-3.1.3-8.16.el7.src.rpm SHA-256: 1bbab16793b0fda6dd396a456c4b806bdafff29d5dbe586cfa8ec7373a7c0f5f
x86_64
rh-java-common-xmlrpc-client-3.1.3-8.16.el7.noarch.rpm SHA-256: b399962fee5e662d458494ce293d808a5d5c45032810255e65c2f574736fdacb
rh-java-common-xmlrpc-common-3.1.3-8.16.el7.noarch.rpm SHA-256: 3dcedac5e66a9496c82ec8f29c65a3d216b4308cc4a872f4065e2856823a0ef5
rh-java-common-xmlrpc-javadoc-3.1.3-8.16.el7.noarch.rpm SHA-256: 3f9870678aae21245316966a4554891702348e0217d7cb3ae229ab33d3b8a61d
rh-java-common-xmlrpc-server-3.1.3-8.16.el7.noarch.rpm SHA-256: f0e7ef61ddb7035280afe45768215aeda98b7df16596eeabfebd19f4edb610d9

Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 6

SRPM
rh-java-common-xmlrpc-3.1.3-8.16.el6.src.rpm SHA-256: 709f0a0066842bd93fb371a27c78c1126dfdc1cf761f3e86a7958a9058460cff
x86_64
rh-java-common-xmlrpc-client-3.1.3-8.16.el6.noarch.rpm SHA-256: 7472e41a6e96bd3d13f091a7706a3cc8689260e6b3b19fb22cbe4ea46bb4def3
rh-java-common-xmlrpc-common-3.1.3-8.16.el6.noarch.rpm SHA-256: e275ee98bcce9579446acc7db91f8aecc297bc5f86710506ed4401b9949c064d
rh-java-common-xmlrpc-javadoc-3.1.3-8.16.el6.noarch.rpm SHA-256: 42900155d811d6c95129f9394815f895dceb04ef59a98489c003ca746d95d3c3
rh-java-common-xmlrpc-server-3.1.3-8.16.el6.noarch.rpm SHA-256: b0f1fdaf4ce1bf3902123db3e1d199aa1916e89e3b85ee626328acb6fc4c8696

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.