Описание
Security update for xerces-j2
This update for xerces-j2 fixes the following issues:
- CVE-2022-23437: Fixed infinite loop within Apache XercesJ xml parser (bsc#1195108).
Список пакетов
Container bci/kiwi:latest
xerces-j2-2.12.0-3.3.1
Container suse/manager/5.0/x86_64/server:latest
xerces-j2-2.12.0-3.3.1
Image SLES15-SP2-Manager-4-1-Server-BYOS-Azure
xerces-j2-2.12.0-3.3.1
Image SLES15-SP2-Manager-4-1-Server-BYOS-EC2-HVM
xerces-j2-2.12.0-3.3.1
Image SLES15-SP2-Manager-4-1-Server-BYOS-GCE
xerces-j2-2.12.0-3.3.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure
xerces-j2-2.12.0-3.3.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM
xerces-j2-2.12.0-3.3.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE
xerces-j2-2.12.0-3.3.1
Image SLES15-SP4-Manager-Server-4-3
xerces-j2-2.12.0-3.3.1
Image SLES15-SP4-Manager-Server-4-3-Azure-llc
xerces-j2-2.12.0-3.3.1
Image SLES15-SP4-Manager-Server-4-3-Azure-ltd
xerces-j2-2.12.0-3.3.1
Image SLES15-SP4-Manager-Server-4-3-BYOS
xerces-j2-2.12.0-3.3.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure
xerces-j2-2.12.0-3.3.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2
xerces-j2-2.12.0-3.3.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE
xerces-j2-2.12.0-3.3.1
Image SLES15-SP4-Manager-Server-4-3-EC2-llc
xerces-j2-2.12.0-3.3.1
Image SLES15-SP4-Manager-Server-4-3-EC2-ltd
xerces-j2-2.12.0-3.3.1
Image server-image
xerces-j2-2.12.0-3.3.1
SUSE Enterprise Storage 7
xerces-j2-2.12.0-3.3.1
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS
xerces-j2-2.12.0-3.3.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
xerces-j2-2.12.0-3.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP3
xerces-j2-2.12.0-3.3.1
SUSE Linux Enterprise Real Time 15 SP2
xerces-j2-2.12.0-3.3.1
SUSE Linux Enterprise Server 15 SP2-BCL
xerces-j2-2.12.0-3.3.1
SUSE Linux Enterprise Server 15 SP2-LTSS
xerces-j2-2.12.0-3.3.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
xerces-j2-2.12.0-3.3.1
SUSE Manager Proxy 4.1
xerces-j2-2.12.0-3.3.1
SUSE Manager Retail Branch Server 4.1
xerces-j2-2.12.0-3.3.1
SUSE Manager Server 4.1
xerces-j2-2.12.0-3.3.1
Ссылки
- Link for SUSE-SU-2022:0503-1
- E-Mail link for SUSE-SU-2022:0503-1
- SUSE Security Ratings
- SUSE Bug 1195108
- SUSE CVE CVE-2022-23437 page
Описание
There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.
Затронутые продукты
Container bci/kiwi:latest:xerces-j2-2.12.0-3.3.1
Container suse/manager/5.0/x86_64/server:latest:xerces-j2-2.12.0-3.3.1
Image SLES15-SP2-Manager-4-1-Server-BYOS-Azure:xerces-j2-2.12.0-3.3.1
Image SLES15-SP2-Manager-4-1-Server-BYOS-EC2-HVM:xerces-j2-2.12.0-3.3.1
Ссылки
- CVE-2022-23437
- SUSE Bug 1195108
- SUSE Bug 1196394