Updated xmlrpc packages has been released for Oracle Linux 7
Oracle Linux Security Advisory ELSA-2018-1780Xmlrpc Security Update for Oracle Linux 7
http://linux.oracle.com/errata/ELSA-2018-1780.html
The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:
x86_64:
xmlrpc-client-3.1.3-9.el7_5.noarch.rpm
xmlrpc-common-3.1.3-9.el7_5.noarch.rpm
xmlrpc-javadoc-3.1.3-9.el7_5.noarch.rpm
xmlrpc-server-3.1.3-9.el7_5.noarch.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/xmlrpc-3.1.3-9.el7_5.src.rpm
Description of changes:
[1:3.1.3-9]
- Disallow deserialization of tags by default
- Resolves: CVE-2016-5003