Описание
Security update for slf4j
This update for slf4j fixes the following issues:
- CVE-2018-8088: Disallow EventData deserialization by default to avoid arbitrary code execution using serialized data (bsc#1085970)
Список пакетов
HPE Helion OpenStack 8
slf4j-1.7.12-3.3.1
SUSE Linux Enterprise Software Development Kit 12 SP3
slf4j-1.7.12-3.3.1
SUSE Manager Server 3.0
slf4j-1.7.12-3.3.1
SUSE Manager Server 3.1
slf4j-1.7.12-3.3.1
SUSE OpenStack Cloud 8
slf4j-1.7.12-3.3.1
SUSE OpenStack Cloud Crowbar 8
slf4j-1.7.12-3.3.1
Ссылки
- Link for SUSE-SU-2018:1744-1
- E-Mail link for SUSE-SU-2018:1744-1
- SUSE Security Ratings
- SUSE Bug 1085970
- SUSE CVE CVE-2018-8088 page
Описание
org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J versions 1.7.26 later and in the 2.0.x series.
Затронутые продукты
HPE Helion OpenStack 8:slf4j-1.7.12-3.3.1
SUSE Linux Enterprise Software Development Kit 12 SP3:slf4j-1.7.12-3.3.1
SUSE Manager Server 3.0:slf4j-1.7.12-3.3.1
SUSE Manager Server 3.1:slf4j-1.7.12-3.3.1
Ссылки
- CVE-2018-8088
- SUSE Bug 1085970