Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2022:0500-1

Опубликовано: 18 фев. 2022
Источник: suse-cvrf

Описание

Security update for xerces-j2

This update for xerces-j2 fixes the following issues:

  • CVE-2022-23437: Fixed infinite loop within Apache XercesJ xml parser (bsc#1195108).

Список пакетов

SUSE Enterprise Storage 6
xerces-j2-2.11.0-4.3.1
xerces-j2-xml-apis-2.11.0-4.3.1
xerces-j2-xml-resolver-2.11.0-4.3.1
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS
xerces-j2-2.11.0-4.3.1
xerces-j2-xml-apis-2.11.0-4.3.1
xerces-j2-xml-resolver-2.11.0-4.3.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
xerces-j2-2.11.0-4.3.1
xerces-j2-xml-apis-2.11.0-4.3.1
xerces-j2-xml-resolver-2.11.0-4.3.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS
xerces-j2-2.11.0-4.3.1
xerces-j2-xml-apis-2.11.0-4.3.1
xerces-j2-xml-resolver-2.11.0-4.3.1
SUSE Linux Enterprise High Performance Computing 15-LTSS
xerces-j2-2.11.0-4.3.1
xerces-j2-xml-apis-2.11.0-4.3.1
xerces-j2-xml-resolver-2.11.0-4.3.1
SUSE Linux Enterprise Server 15 SP1-BCL
xerces-j2-2.11.0-4.3.1
xerces-j2-xml-apis-2.11.0-4.3.1
xerces-j2-xml-resolver-2.11.0-4.3.1
SUSE Linux Enterprise Server 15 SP1-LTSS
xerces-j2-2.11.0-4.3.1
xerces-j2-xml-apis-2.11.0-4.3.1
xerces-j2-xml-resolver-2.11.0-4.3.1
SUSE Linux Enterprise Server 15-LTSS
xerces-j2-2.11.0-4.3.1
xerces-j2-xml-apis-2.11.0-4.3.1
xerces-j2-xml-resolver-2.11.0-4.3.1
SUSE Linux Enterprise Server for SAP Applications 15
xerces-j2-2.11.0-4.3.1
xerces-j2-xml-apis-2.11.0-4.3.1
xerces-j2-xml-resolver-2.11.0-4.3.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1
xerces-j2-2.11.0-4.3.1
xerces-j2-xml-apis-2.11.0-4.3.1
xerces-j2-xml-resolver-2.11.0-4.3.1

Ссылки

Описание

There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.

Затронутые продукты
SUSE Enterprise Storage 6:xerces-j2-2.11.0-4.3.1
SUSE Enterprise Storage 6:xerces-j2-xml-apis-2.11.0-4.3.1
SUSE Enterprise Storage 6:xerces-j2-xml-resolver-2.11.0-4.3.1
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xerces-j2-2.11.0-4.3.1
Ссылки
Уязвимость SUSE-SU-2022:0500-1