SUSE-SU-2022:1417-1

Опубликовано: 27 апр. 2022

Источник: suse-cvrf

Описание

Security update for ant

This update for ant fixes the following issues:

CVE-2021-36373: Fixed an excessive memory allocation when reading a specially crafted TAR archive (bsc#1188468).
CVE-2021-36374: Fixed an excessive memory allocation when reading a specially crafted ZIP archive (bsc#1188469).

Список пакетов

SUSE Linux Enterprise Server 12 SP5

ant-1.9.4-3.9.1

SUSE Linux Enterprise Server for SAP Applications 12 SP5

ant-1.9.4-3.9.1

SUSE Linux Enterprise Software Development Kit 12 SP5

ant-1.9.4-3.9.1

ant-antlr-1.9.4-3.9.1

ant-apache-bcel-1.9.4-3.9.1

ant-apache-bsf-1.9.4-3.9.1

ant-apache-log4j-1.9.4-3.9.1

ant-apache-oro-1.9.4-3.9.1

ant-apache-regexp-1.9.4-3.9.1

ant-apache-resolver-1.9.4-3.9.1

ant-commons-logging-1.9.4-3.9.1

ant-javadoc-1.9.4-3.9.1

ant-javamail-1.9.4-3.9.1

ant-jdepend-1.9.4-3.9.1

ant-jmf-1.9.4-3.9.1

ant-junit-1.9.4-3.9.1

ant-manual-1.9.4-3.9.1

ant-scripts-1.9.4-3.9.1

ant-swing-1.9.4-3.9.1

Ссылки

https://www.suse.com/support/update/announcement/2022/suse-su-20221417-1/
Link for SUSE-SU-2022:1417-1
https://lists.suse.com/pipermail/sle-security-updates/2022-April/010842.html
E-Mail link for SUSE-SU-2022:1417-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1188468
SUSE Bug 1188468
https://bugzilla.suse.com/1188469
SUSE Bug 1188469
https://www.suse.com/security/cve/CVE-2021-36373/
SUSE CVE CVE-2021-36373 page
https://www.suse.com/security/cve/CVE-2021-36374/
SUSE CVE CVE-2021-36374 page

Описание

When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant prior to 1.9.16 and 1.10.11 were affected.

Затронутые продукты

SUSE Linux Enterprise Server 12 SP5:ant-1.9.4-3.9.1

SUSE Linux Enterprise Server for SAP Applications 12 SP5:ant-1.9.4-3.9.1

SUSE Linux Enterprise Software Development Kit 12 SP5:ant-1.9.4-3.9.1

SUSE Linux Enterprise Software Development Kit 12 SP5:ant-antlr-1.9.4-3.9.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-36373.html
CVE-2021-36373
https://bugzilla.suse.com/1188468
SUSE Bug 1188468

Описание

When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives are for instance JAR files and many office files. Apache Ant prior to 1.9.16 and 1.10.11 were affected.

Затронутые продукты

SUSE Linux Enterprise Server 12 SP5:ant-1.9.4-3.9.1

SUSE Linux Enterprise Server for SAP Applications 12 SP5:ant-1.9.4-3.9.1

SUSE Linux Enterprise Software Development Kit 12 SP5:ant-1.9.4-3.9.1

SUSE Linux Enterprise Software Development Kit 12 SP5:ant-antlr-1.9.4-3.9.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-36374.html
CVE-2021-36374
https://bugzilla.suse.com/1188469
SUSE Bug 1188469

SUSE-SU-2022:1417-1

Описание

Список пакетов

SUSE Linux Enterprise Server 12 SP5

SUSE Linux Enterprise Server for SAP Applications 12 SP5

SUSE Linux Enterprise Software Development Kit 12 SP5

Ссылки

Уязвимость: CVE-2021-36373

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2021-36374

Описание

Затронутые продукты

Ссылки