Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2022:1265-1

Опубликовано: 19 апр. 2022
Источник: suse-cvrf

Описание

Security update for jsoup, jsr-305

This update for jsoup, jsr-305 fixes the following issues:

  • CVE-2021-37714: Fixed infinite in untrusted HTML or XML data parsing (bsc#1189749).

Changes in jsr-305:

  • Build with java source and target levels 8
  • Upgrade to upstream version 3.0.2

Changes in jsoup:

  • Upgrade to upstream version 1.14.2
  • Generate tarball using source service instead of a script

Список пакетов

Container bci/openjdk-devel:11
jsoup-1.14.2-150200.3.3.1
jsr-305-3.0.2-150200.3.3.1
Container bci/openjdk-devel:17
jsoup-1.14.2-150200.3.3.1
jsr-305-3.0.2-150200.3.3.1
Container bci/openjdk-devel:latest
jsoup-1.14.2-150200.3.3.1
jsr-305-3.0.2-150200.3.3.1
Container containers/apache-pulsar:3.3
jsr-305-3.0.2-150200.3.3.1
Container suse/manager/5.0/x86_64/server:latest
jsr-305-3.0.2-150200.3.3.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure
jsr-305-3.0.2-150200.3.3.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM
jsr-305-3.0.2-150200.3.3.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE
jsr-305-3.0.2-150200.3.3.1
Image server-image
jsr-305-3.0.2-150200.3.3.1
SUSE Enterprise Storage 7
jsoup-1.14.2-150200.3.3.1
jsr-305-3.0.2-150200.3.3.1
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS
jsoup-1.14.2-150200.3.3.1
jsr-305-3.0.2-150200.3.3.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
jsoup-1.14.2-150200.3.3.1
jsr-305-3.0.2-150200.3.3.1
SUSE Linux Enterprise Module for Development Tools 15 SP3
jsoup-1.14.2-150200.3.3.1
jsr-305-3.0.2-150200.3.3.1
SUSE Linux Enterprise Real Time 15 SP2
jsoup-1.14.2-150200.3.3.1
jsr-305-3.0.2-150200.3.3.1
SUSE Linux Enterprise Server 15 SP2-BCL
jsoup-1.14.2-150200.3.3.1
jsr-305-3.0.2-150200.3.3.1
SUSE Linux Enterprise Server 15 SP2-LTSS
jsoup-1.14.2-150200.3.3.1
jsr-305-3.0.2-150200.3.3.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
jsoup-1.14.2-150200.3.3.1
jsr-305-3.0.2-150200.3.3.1
SUSE Manager Proxy 4.1
jsoup-1.14.2-150200.3.3.1
jsr-305-3.0.2-150200.3.3.1
SUSE Manager Retail Branch Server 4.1
jsoup-1.14.2-150200.3.3.1
jsr-305-3.0.2-150200.3.3.1
SUSE Manager Server 4.1
jsoup-1.14.2-150200.3.3.1
jsr-305-3.0.2-150200.3.3.1
openSUSE Leap 15.3
jsoup-1.14.2-150200.3.3.1
jsoup-javadoc-1.14.2-150200.3.3.1
jsr-305-3.0.2-150200.3.3.1
jsr-305-javadoc-3.0.2-150200.3.3.1

Ссылки

Описание

jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancelled), to complete more slowly than usual, or to throw an unexpected exception. This effect may support a denial of service attack. The issue is patched in version 1.14.2. There are a few available workarounds. Users may rate limit input parsing, limit the size of inputs based on system resources, and/or implement thread watchdogs to cap and timeout parse runtimes.

Затронутые продукты
Container bci/openjdk-devel:11:jsoup-1.14.2-150200.3.3.1
Container bci/openjdk-devel:11:jsr-305-3.0.2-150200.3.3.1
Container bci/openjdk-devel:17:jsoup-1.14.2-150200.3.3.1
Container bci/openjdk-devel:17:jsr-305-3.0.2-150200.3.3.1
Ссылки
Уязвимость SUSE-SU-2022:1265-1