Описание
Security update for xmlbeans
This update for xmlbeans fixes the following issues:
- CVE-2021-23926: Fixed XML parsers not protecting from malicious XML input (bsc#1180915).
Список пакетов
SUSE Enterprise Storage 7
xmlbeans-2.6.0-150000.5.3.1
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS
xmlbeans-2.6.0-150000.5.3.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
xmlbeans-2.6.0-150000.5.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP3
xmlbeans-2.6.0-150000.5.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP4
xmlbeans-2.6.0-150000.5.3.1
SUSE Linux Enterprise Server 15 SP2-BCL
xmlbeans-2.6.0-150000.5.3.1
SUSE Linux Enterprise Server 15 SP2-LTSS
xmlbeans-2.6.0-150000.5.3.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
xmlbeans-2.6.0-150000.5.3.1
SUSE Manager Proxy 4.1
xmlbeans-2.6.0-150000.5.3.1
SUSE Manager Retail Branch Server 4.1
xmlbeans-2.6.0-150000.5.3.1
SUSE Manager Server 4.1
xmlbeans-2.6.0-150000.5.3.1
openSUSE Leap 15.3
xmlbeans-2.6.0-150000.5.3.1
xmlbeans-scripts-2.6.0-150000.5.3.1
openSUSE Leap 15.4
xmlbeans-2.6.0-150000.5.3.1
xmlbeans-scripts-2.6.0-150000.5.3.1
Ссылки
- Link for SUSE-SU-2022:3875-1
- E-Mail link for SUSE-SU-2022:3875-1
- SUSE Security Ratings
- SUSE Bug 1180915
- SUSE CVE CVE-2021-23926 page
Описание
The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion attacks. Affects XMLBeans up to and including v2.6.0.
Затронутые продукты
SUSE Enterprise Storage 7:xmlbeans-2.6.0-150000.5.3.1
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:xmlbeans-2.6.0-150000.5.3.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xmlbeans-2.6.0-150000.5.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP3:xmlbeans-2.6.0-150000.5.3.1
Ссылки
- CVE-2021-23926
- SUSE Bug 1180915