[Bug 1780844] Re: CVE-2017-7957: XStream through 1.4.9 mishandles attempts to create an instance of the primitive type 'void'

Dan Streetman Thu, 12 Jul 2018 12:41:23 -0700

Xenial:

ubuntu@lp1780844-x:~$ dpkg -l | grep libxstream-java
ii  libxstream-java                  1.4.8-1                                    
all          Java library to serialize objects to XML and back again
ubuntu@lp1780844-x:~$ java -cp /usr/share/java/xstream-1.4.8.jar:. TestCVE
#
# A fatal error has been detected by the Java Runtime Environment:
#
#  SIGSEGV (0xb) at pc=0x00007fcba3ec99d2, pid=12644, tid=0x00007fcba55c6700



ubuntu@lp1780844-x:~$ sudo apt-add-repository ppa:ubuntu-security-proposed/ppa
 Pre-release Ubuntu Security Updates that need additional work or testing.
...

ubuntu@lp1780844-x:~$ dpkg -l | grep libxstream-java
ii  libxstream-java                  1.4.8-1ubuntu0.1                           
all          Java library to serialize objects to XML and back again
ubuntu@lp1780844-x:~$ java -cp /usr/share/java/xstream-1.4.8.jar:. TestCVE
Exception in thread "main" 
com.thoughtworks.xstream.converters.ConversionException: Type void cannot have 
an instance


Trusty:

ubuntu@lp1780844-t:~$ dpkg -l | grep libxstream-java
ii  libxstream-java                  1.4.7-1                                    
all          Java library to serialize objects to XML and back again
ubuntu@lp1780844-t:~$ java -cp /usr/share/java/xstream-1.4.7.jar:. TestCVE
#
# A fatal error has been detected by the Java Runtime Environment:
#
#  SIGSEGV (0xb) at pc=0x00007f89d9429a32, pid=11183, tid=140230055626496


ubuntu@lp1780844-t:~$ sudo apt-add-repository ppa:ubuntu-security-proposed/ppa
 Pre-release Ubuntu Security Updates that need additional work or testing.
...

ubuntu@lp1780844-t:~$ dpkg -l | grep libxstream-java
ii  libxstream-java                  1.4.7-1ubuntu0.1                           
all          Java library to serialize objects to XML and back again
ubuntu@lp1780844-t:~$ java -cp /usr/share/java/xstream-1.4.7.jar:. TestCVE
Exception in thread "main" 
com.thoughtworks.xstream.converters.ConversionException: Type void cannot have 
an instance

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1780844

Title:
  CVE-2017-7957: XStream through 1.4.9 mishandles attempts to create an
  instance of the primitive type 'void'

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libxstream-java/+bug/1780844/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1780844] Re: CVE-2017-7957: XStream through 1.4.9 mishandles attempts to create an instance of the primitive type 'void'

Reply via email to