[Spacewalk-list] xstream CVE-2017-7957
Michael Mraka
michael.mraka at redhat.com
Fri Dec 1 07:20:57 UTC 2017
Eric:
> The xstream package that is pulled in with Spacewalk 2.6 is vulnerable
> to this. Is there an upgraded package anywhere that anyone knows about?
>
> Not sure what to do with some of the old jpackage packages that are all
> Spacewalk dependencies.....more and more of these are getting flagged
> by security scanners.
>
> Anybody else have any thoughts on this? Anybody else having a harder
> and harder time with vulnerabilities being flagged on Spacewalk?
Please upgrade to Spacewalk 2.7.
We moved from jpackage to Fedora java packages
which are better maintained... and has been fixed already.
Regards,
--
Michael Mráka
System Management Engineering, Red Hat
More information about the Spacewalk-list
mailing list