SUSE-SU-2022:3550-1

Опубликовано: 07 окт. 2022

Источник: suse-cvrf

Описание

Security update for xmlgraphics-commons

This update for xmlgraphics-commons fixes the following issues:

Update to version 2.6
CVE-2020-11988: Fixed a server-side request forgery caused by improper input validation by the XMPParser. (bsc#281607)

Список пакетов

SUSE Linux Enterprise Software Development Kit 12 SP5

xmlgraphics-commons-2.6-3.3.1

Ссылки

https://www.suse.com/support/update/announcement/2022/suse-su-20223550-1/
Link for SUSE-SU-2022:3550-1
https://lists.suse.com/pipermail/sle-security-updates/2022-October/012518.html
E-Mail link for SUSE-SU-2022:3550-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1182754
SUSE Bug 1182754
https://www.suse.com/security/cve/CVE-2020-11988/
SUSE CVE CVE-2020-11988 page

Описание

Apache XmlGraphics Commons 2.4 and earlier is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. Users should upgrade to 2.6 or later.

Затронутые продукты

SUSE Linux Enterprise Software Development Kit 12 SP5:xmlgraphics-commons-2.6-3.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-11988.html
CVE-2020-11988
https://bugzilla.suse.com/1182754
SUSE Bug 1182754

SUSE-SU-2022:3550-1

Описание

Список пакетов

SUSE Linux Enterprise Software Development Kit 12 SP5

Ссылки

Уязвимость: CVE-2020-11988

Описание

Затронутые продукты

Ссылки