SUSE-SU-2022:1418-1

Опубликовано: 27 апр. 2022

Источник: suse-cvrf

Описание

Security update for ant

This update for ant fixes the following issues:

CVE-2021-36373: Fixed an excessive memory allocation when reading a specially crafted TAR archive (bsc#1188468).
CVE-2021-36374: Fixed an excessive memory allocation when reading a specially crafted ZIP archive (bsc#1188469).

Список пакетов

SUSE Linux Enterprise Module for Development Tools 15 SP3

ant-1.10.7-150200.4.6.1

ant-antlr-1.10.7-150200.4.6.1

ant-apache-bcel-1.10.7-150200.4.6.1

ant-apache-bsf-1.10.7-150200.4.6.1

ant-apache-log4j-1.10.7-150200.4.6.1

ant-apache-oro-1.10.7-150200.4.6.1

ant-apache-regexp-1.10.7-150200.4.6.1

ant-apache-resolver-1.10.7-150200.4.6.1

ant-commons-logging-1.10.7-150200.4.6.1

ant-javamail-1.10.7-150200.4.6.1

ant-jdepend-1.10.7-150200.4.6.1

ant-jmf-1.10.7-150200.4.6.1

ant-junit-1.10.7-150200.4.6.1

ant-manual-1.10.7-150200.4.6.1

ant-scripts-1.10.7-150200.4.6.1

ant-swing-1.10.7-150200.4.6.1

SUSE Linux Enterprise Real Time 15 SP2

ant-1.10.7-150200.4.6.1

ant-antlr-1.10.7-150200.4.6.1

ant-apache-bcel-1.10.7-150200.4.6.1

ant-apache-bsf-1.10.7-150200.4.6.1

ant-apache-log4j-1.10.7-150200.4.6.1

ant-apache-oro-1.10.7-150200.4.6.1

ant-apache-regexp-1.10.7-150200.4.6.1

ant-apache-resolver-1.10.7-150200.4.6.1

ant-commons-logging-1.10.7-150200.4.6.1

ant-javamail-1.10.7-150200.4.6.1

ant-jdepend-1.10.7-150200.4.6.1

ant-jmf-1.10.7-150200.4.6.1

ant-junit-1.10.7-150200.4.6.1

ant-manual-1.10.7-150200.4.6.1

ant-scripts-1.10.7-150200.4.6.1

ant-swing-1.10.7-150200.4.6.1

openSUSE Leap 15.3

ant-1.10.7-150200.4.6.1

ant-antlr-1.10.7-150200.4.6.1

ant-apache-bcel-1.10.7-150200.4.6.1

ant-apache-bsf-1.10.7-150200.4.6.1

ant-apache-log4j-1.10.7-150200.4.6.1

ant-apache-oro-1.10.7-150200.4.6.1

ant-apache-regexp-1.10.7-150200.4.6.1

ant-apache-resolver-1.10.7-150200.4.6.1

ant-apache-xalan2-1.10.7-150200.4.6.1

ant-commons-logging-1.10.7-150200.4.6.1

ant-commons-net-1.10.7-150200.4.6.1

ant-imageio-1.10.7-150200.4.6.1

ant-javamail-1.10.7-150200.4.6.1

ant-jdepend-1.10.7-150200.4.6.1

ant-jmf-1.10.7-150200.4.6.1

ant-jsch-1.10.7-150200.4.6.1

ant-junit-1.10.7-150200.4.6.1

ant-junit5-1.10.7-150200.4.6.1

ant-manual-1.10.7-150200.4.6.1

ant-scripts-1.10.7-150200.4.6.1

ant-swing-1.10.7-150200.4.6.1

ant-testutil-1.10.7-150200.4.6.1

ant-xz-1.10.7-150200.4.6.1

openSUSE Leap 15.4

ant-1.10.7-150200.4.6.1

ant-antlr-1.10.7-150200.4.6.1

ant-apache-bcel-1.10.7-150200.4.6.1

ant-apache-bsf-1.10.7-150200.4.6.1

ant-apache-log4j-1.10.7-150200.4.6.1

ant-apache-oro-1.10.7-150200.4.6.1

ant-apache-regexp-1.10.7-150200.4.6.1

ant-apache-resolver-1.10.7-150200.4.6.1

ant-apache-xalan2-1.10.7-150200.4.6.1

ant-commons-logging-1.10.7-150200.4.6.1

ant-commons-net-1.10.7-150200.4.6.1

ant-imageio-1.10.7-150200.4.6.1

ant-javamail-1.10.7-150200.4.6.1

ant-jdepend-1.10.7-150200.4.6.1

ant-jmf-1.10.7-150200.4.6.1

ant-jsch-1.10.7-150200.4.6.1

ant-junit-1.10.7-150200.4.6.1

ant-junit5-1.10.7-150200.4.6.1

ant-manual-1.10.7-150200.4.6.1

ant-scripts-1.10.7-150200.4.6.1

ant-swing-1.10.7-150200.4.6.1

ant-testutil-1.10.7-150200.4.6.1

ant-xz-1.10.7-150200.4.6.1

Ссылки

https://www.suse.com/support/update/announcement/2022/suse-su-20221418-1/
Link for SUSE-SU-2022:1418-1
https://lists.suse.com/pipermail/sle-security-updates/2022-April/010843.html
E-Mail link for SUSE-SU-2022:1418-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1188468
SUSE Bug 1188468
https://bugzilla.suse.com/1188469
SUSE Bug 1188469
https://www.suse.com/security/cve/CVE-2021-36373/
SUSE CVE CVE-2021-36373 page
https://www.suse.com/security/cve/CVE-2021-36374/
SUSE CVE CVE-2021-36374 page

Описание

When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant prior to 1.9.16 and 1.10.11 were affected.

Затронутые продукты

SUSE Linux Enterprise Module for Development Tools 15 SP3:ant-1.10.7-150200.4.6.1

SUSE Linux Enterprise Module for Development Tools 15 SP3:ant-antlr-1.10.7-150200.4.6.1

SUSE Linux Enterprise Module for Development Tools 15 SP3:ant-apache-bcel-1.10.7-150200.4.6.1

SUSE Linux Enterprise Module for Development Tools 15 SP3:ant-apache-bsf-1.10.7-150200.4.6.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-36373.html
CVE-2021-36373
https://bugzilla.suse.com/1188468
SUSE Bug 1188468

Описание

When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives are for instance JAR files and many office files. Apache Ant prior to 1.9.16 and 1.10.11 were affected.

Затронутые продукты

SUSE Linux Enterprise Module for Development Tools 15 SP3:ant-1.10.7-150200.4.6.1

SUSE Linux Enterprise Module for Development Tools 15 SP3:ant-antlr-1.10.7-150200.4.6.1

SUSE Linux Enterprise Module for Development Tools 15 SP3:ant-apache-bcel-1.10.7-150200.4.6.1

SUSE Linux Enterprise Module for Development Tools 15 SP3:ant-apache-bsf-1.10.7-150200.4.6.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-36374.html
CVE-2021-36374
https://bugzilla.suse.com/1188469
SUSE Bug 1188469

SUSE-SU-2022:1418-1

Описание

Список пакетов

SUSE Linux Enterprise Module for Development Tools 15 SP3

SUSE Linux Enterprise Real Time 15 SP2

openSUSE Leap 15.3

openSUSE Leap 15.4

Ссылки

Уязвимость: CVE-2021-36373

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2021-36374

Описание

Затронутые продукты

Ссылки