USN-4496-1: Apache XML-RPC vulnerability

15 September 2020

Apache XML-RPC could be made to execute arbitrary code if it received specially crafted data by a malicious XML-RPC server.

Releases

Packages

  • libxmlrpc3-java - XML-RPC implementation in Java

Details

It was discovered that Apache XML-RPC (aka ws-xmlrpc) does not properly
deserialize untrusted data. An attacker could possibly use this issue to
execute arbitrary code. (CVE-2019-17570)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.04
Ubuntu 16.04

In general, a standard system update will make all the necessary changes.

References