This might lead to data exfiltration or worse. Therefore, we recommend upgrading Xarses to version 1.18.4 and Xml2Xml to version 5.1.5. Both of these packages fix several security issues. Additionally, we recommend updating any other third-party packages that are used by Xarses and Xml2Xml. If you are using a version of Xarses or Xml2Xml earlier than 5.1.5, you should upgrade as soon these fixes were released. If you are using a version of Xarses earlier than 1.18.0, you should upgrade immediately. Xarses and Xml2Xml both fix several security issues.

Installing Xarses and Xml2Xml on CentOS 7

To install these packages on CentOS 7, run the following command from your terminal:
yum update
yum upgrade
yum install xarses xml2xml-cli xml2xml
This will update your CentOS 7 system to the latest versions of both Xarses and Xml2Xml.

Xarses

, Xml2Xml, and the Security Issues
The two packages are commonly used together to process XML documents.
These packages have both been found to contain several security issues that could lead to data exfiltration or worse. Specifically, these packages have been found to have vulnerabilities that could allow attackers to execute arbitrary code as the user running Xarses or Xml2Xml.

Timeline

Published on: 11/17/2022 05:15:00 UTC
Last modified on: 11/17/2022 23:27:00 UTC

References