SUSE-SU-2022:0542-1

Опубликовано: 21 фев. 2022

Источник: suse-cvrf

Описание

Security update for xerces-j2

This update for xerces-j2 fixes the following issues:

CVE-2022-23437: Fixed infinite loop within Apache XercesJ xml parser (bsc#1195108).

Список пакетов

HPE Helion OpenStack 8

xerces-j2-2.8.1-268.9.1

xerces-j2-xml-apis-2.8.1-268.9.1

xerces-j2-xml-resolver-2.8.1-268.9.1

SUSE Linux Enterprise Server 12 SP2-BCL

xerces-j2-2.8.1-268.9.1

xerces-j2-xml-apis-2.8.1-268.9.1

xerces-j2-xml-resolver-2.8.1-268.9.1

SUSE Linux Enterprise Server 12 SP3-BCL

xerces-j2-2.8.1-268.9.1

xerces-j2-xml-apis-2.8.1-268.9.1

xerces-j2-xml-resolver-2.8.1-268.9.1

SUSE Linux Enterprise Server 12 SP3-LTSS

xerces-j2-2.8.1-268.9.1

xerces-j2-xml-apis-2.8.1-268.9.1

xerces-j2-xml-resolver-2.8.1-268.9.1

SUSE Linux Enterprise Server 12 SP4-LTSS

xerces-j2-2.8.1-268.9.1

xerces-j2-xml-apis-2.8.1-268.9.1

xerces-j2-xml-resolver-2.8.1-268.9.1

SUSE Linux Enterprise Server 12 SP5

xerces-j2-2.8.1-268.9.1

xerces-j2-xml-apis-2.8.1-268.9.1

xerces-j2-xml-resolver-2.8.1-268.9.1

SUSE Linux Enterprise Server for SAP Applications 12 SP3

xerces-j2-2.8.1-268.9.1

xerces-j2-xml-apis-2.8.1-268.9.1

xerces-j2-xml-resolver-2.8.1-268.9.1

SUSE Linux Enterprise Server for SAP Applications 12 SP4

xerces-j2-2.8.1-268.9.1

xerces-j2-xml-apis-2.8.1-268.9.1

xerces-j2-xml-resolver-2.8.1-268.9.1

SUSE Linux Enterprise Server for SAP Applications 12 SP5

xerces-j2-2.8.1-268.9.1

xerces-j2-xml-apis-2.8.1-268.9.1

xerces-j2-xml-resolver-2.8.1-268.9.1

SUSE Linux Enterprise Software Development Kit 12 SP5

xerces-j2-demo-2.8.1-268.9.1

xerces-j2-scripts-2.8.1-268.9.1

SUSE OpenStack Cloud 8

xerces-j2-2.8.1-268.9.1

xerces-j2-xml-apis-2.8.1-268.9.1

xerces-j2-xml-resolver-2.8.1-268.9.1

SUSE OpenStack Cloud 9

xerces-j2-2.8.1-268.9.1

xerces-j2-xml-apis-2.8.1-268.9.1

xerces-j2-xml-resolver-2.8.1-268.9.1

SUSE OpenStack Cloud Crowbar 8

xerces-j2-2.8.1-268.9.1

xerces-j2-xml-apis-2.8.1-268.9.1

xerces-j2-xml-resolver-2.8.1-268.9.1

SUSE OpenStack Cloud Crowbar 9

xerces-j2-2.8.1-268.9.1

xerces-j2-xml-apis-2.8.1-268.9.1

xerces-j2-xml-resolver-2.8.1-268.9.1

Ссылки

https://www.suse.com/support/update/announcement/2022/suse-su-20220542-1/
Link for SUSE-SU-2022:0542-1
https://lists.suse.com/pipermail/sle-security-updates/2022-February/010280.html
E-Mail link for SUSE-SU-2022:0542-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1195108
SUSE Bug 1195108
https://www.suse.com/security/cve/CVE-2022-23437/
SUSE CVE CVE-2022-23437 page

Описание

There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.

Затронутые продукты

HPE Helion OpenStack 8:xerces-j2-2.8.1-268.9.1

HPE Helion OpenStack 8:xerces-j2-xml-apis-2.8.1-268.9.1

HPE Helion OpenStack 8:xerces-j2-xml-resolver-2.8.1-268.9.1

SUSE Linux Enterprise Server 12 SP2-BCL:xerces-j2-2.8.1-268.9.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-23437.html
CVE-2022-23437
https://bugzilla.suse.com/1195108
SUSE Bug 1195108
https://bugzilla.suse.com/1196394
SUSE Bug 1196394

SUSE-SU-2022:0542-1

Описание

Список пакетов

HPE Helion OpenStack 8

SUSE Linux Enterprise Server 12 SP2-BCL

SUSE Linux Enterprise Server 12 SP3-BCL

SUSE Linux Enterprise Server 12 SP3-LTSS

SUSE Linux Enterprise Server 12 SP4-LTSS

SUSE Linux Enterprise Server 12 SP5

SUSE Linux Enterprise Server for SAP Applications 12 SP3

SUSE Linux Enterprise Server for SAP Applications 12 SP4

SUSE Linux Enterprise Server for SAP Applications 12 SP5

SUSE Linux Enterprise Software Development Kit 12 SP5

SUSE OpenStack Cloud 8

SUSE OpenStack Cloud 9

SUSE OpenStack Cloud Crowbar 8

SUSE OpenStack Cloud Crowbar 9

Ссылки

Уязвимость: CVE-2022-23437

Описание

Затронутые продукты

Ссылки