SUSE-SU-2022:4306-1

Опубликовано: 01 дек. 2022

Источник: suse-cvrf

Описание

Security update for bcel

This update for bcel fixes the following issues:

CVE-2022-42920: Fixed producing arbitrary bytecode via out-of-bounds writing (bsc#1205125).

Список пакетов

Container suse/manager/5.0/x86_64/server:latest

bcel-5.2-150200.11.3.1

Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure

bcel-5.2-150200.11.3.1

Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM

bcel-5.2-150200.11.3.1

Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE

bcel-5.2-150200.11.3.1

Image SLES15-SP4-Manager-Server-4-3

bcel-5.2-150200.11.3.1

Image SLES15-SP4-Manager-Server-4-3-Azure-llc

bcel-5.2-150200.11.3.1

Image SLES15-SP4-Manager-Server-4-3-Azure-ltd

bcel-5.2-150200.11.3.1

Image SLES15-SP4-Manager-Server-4-3-BYOS

bcel-5.2-150200.11.3.1

Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure

bcel-5.2-150200.11.3.1

Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2

bcel-5.2-150200.11.3.1

Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE

bcel-5.2-150200.11.3.1

Image SLES15-SP4-Manager-Server-4-3-EC2-llc

bcel-5.2-150200.11.3.1

Image SLES15-SP4-Manager-Server-4-3-EC2-ltd

bcel-5.2-150200.11.3.1

Image server-image

bcel-5.2-150200.11.3.1

SUSE Linux Enterprise Module for Basesystem 15 SP3

bcel-5.2-150200.11.3.1

SUSE Linux Enterprise Module for Basesystem 15 SP4

bcel-5.2-150200.11.3.1

openSUSE Leap 15.3

bcel-5.2-150200.11.3.1

openSUSE Leap 15.4

bcel-5.2-150200.11.3.1

Ссылки

https://www.suse.com/support/update/announcement/2022/suse-su-20224306-1/
Link for SUSE-SU-2022:4306-1
https://lists.suse.com/pipermail/sle-security-updates/2022-December/013183.html
E-Mail link for SUSE-SU-2022:4306-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1205125
SUSE Bug 1205125
https://www.suse.com/security/cve/CVE-2022-42920/
SUSE CVE CVE-2022-42920 page

Описание

Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce arbitrary bytecode. This could be abused in applications that pass attacker-controllable data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected. Update to Apache Commons BCEL 6.6.0.

Затронутые продукты

Container suse/manager/5.0/x86_64/server:latest:bcel-5.2-150200.11.3.1

Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure:bcel-5.2-150200.11.3.1

Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM:bcel-5.2-150200.11.3.1

Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE:bcel-5.2-150200.11.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-42920.html
CVE-2022-42920
https://bugzilla.suse.com/1205125
SUSE Bug 1205125
https://bugzilla.suse.com/1209316
SUSE Bug 1209316

SUSE-SU-2022:4306-1

Описание

Список пакетов

Container suse/manager/5.0/x86_64/server:latest

Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure

Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM

Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE

Image SLES15-SP4-Manager-Server-4-3

Image SLES15-SP4-Manager-Server-4-3-Azure-llc

Image SLES15-SP4-Manager-Server-4-3-Azure-ltd

Image SLES15-SP4-Manager-Server-4-3-BYOS

Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure

Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2

Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE

Image SLES15-SP4-Manager-Server-4-3-EC2-llc

Image SLES15-SP4-Manager-Server-4-3-EC2-ltd

Image server-image

SUSE Linux Enterprise Module for Basesystem 15 SP3

SUSE Linux Enterprise Module for Basesystem 15 SP4

openSUSE Leap 15.3

openSUSE Leap 15.4

Ссылки

Уязвимость: CVE-2022-42920

Описание

Затронутые продукты

Ссылки