SUSE-SU-2022:4331-1

Опубликовано: 06 дек. 2022

Источник: suse-cvrf

Описание

Security update for bcel

This update for bcel fixes the following issues:

CVE-2022-42920: Fixed producing arbitrary bytecode via out-of-bounds writing (bsc#1205125).

Список пакетов

SUSE Linux Enterprise Server 12 SP5

bcel-5.2-28.3.1

SUSE Linux Enterprise Server for SAP Applications 12 SP5

bcel-5.2-28.3.1

Ссылки

https://www.suse.com/support/update/announcement/2022/suse-su-20224331-1/
Link for SUSE-SU-2022:4331-1
https://lists.suse.com/pipermail/sle-security-updates/2022-December/013192.html
E-Mail link for SUSE-SU-2022:4331-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1205125
SUSE Bug 1205125
https://www.suse.com/security/cve/CVE-2022-42920/
SUSE CVE CVE-2022-42920 page

Описание

Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce arbitrary bytecode. This could be abused in applications that pass attacker-controllable data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected. Update to Apache Commons BCEL 6.6.0.

Затронутые продукты

SUSE Linux Enterprise Server 12 SP5:bcel-5.2-28.3.1

SUSE Linux Enterprise Server for SAP Applications 12 SP5:bcel-5.2-28.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-42920.html
CVE-2022-42920
https://bugzilla.suse.com/1205125
SUSE Bug 1205125
https://bugzilla.suse.com/1209316
SUSE Bug 1209316

SUSE-SU-2022:4331-1

Описание

Список пакетов

SUSE Linux Enterprise Server 12 SP5

SUSE Linux Enterprise Server for SAP Applications 12 SP5

Ссылки

Уязвимость: CVE-2022-42920

Описание

Затронутые продукты

Ссылки