[Spacewalk-list] xstream CVE-2017-7957

Michael Mraka michael.mraka at redhat.com
Fri Dec 1 07:20:57 UTC 2017

> The xstream package that is pulled in with Spacewalk 2.6 is vulnerable
> to this.  Is there an upgraded package anywhere that anyone knows about?  
> Not sure what to do with some of the old jpackage packages that are all
> Spacewalk dependencies.....more and  more of these are getting flagged
> by security scanners. 
> Anybody else have any thoughts on this?  Anybody else having a harder
> and harder time with vulnerabilities being flagged on Spacewalk?

Please upgrade to Spacewalk 2.7. 
We moved from jpackage to Fedora java packages
which are better maintained... and has been fixed already.


Michael Mráka
System Management Engineering, Red Hat

More information about the Spacewalk-list mailing list