SUSE-SU-2023:1690-1

Опубликовано: 29 мар. 2023

Источник: suse-cvrf

Описание

Security update for testng

This update for testng fixes the following issues:

CVE-2022-4065: Fixed a path traversal in zip files (bsc#1205628).

Список пакетов

Container containers/apache-pulsar:3.3

testng-7.4.0-150200.3.7.1

SUSE Enterprise Storage 7

testng-7.4.0-150200.3.7.1

SUSE Enterprise Storage 7.1

testng-7.4.0-150200.3.7.1

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS

testng-7.4.0-150200.3.7.1

SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS

testng-7.4.0-150200.3.7.1

SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS

testng-7.4.0-150200.3.7.1

SUSE Linux Enterprise Module for Development Tools 15 SP4

testng-7.4.0-150200.3.7.1

SUSE Linux Enterprise Real Time 15 SP3

testng-7.4.0-150200.3.7.1

SUSE Linux Enterprise Server 15 SP2-LTSS

testng-7.4.0-150200.3.7.1

SUSE Linux Enterprise Server 15 SP3-LTSS

testng-7.4.0-150200.3.7.1

SUSE Linux Enterprise Server for SAP Applications 15 SP2

testng-7.4.0-150200.3.7.1

SUSE Linux Enterprise Server for SAP Applications 15 SP3

testng-7.4.0-150200.3.7.1

openSUSE Leap 15.4

testng-7.4.0-150200.3.7.1

testng-javadoc-7.4.0-150200.3.7.1

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20231690-1/
Link for SUSE-SU-2023:1690-1
https://lists.suse.com/pipermail/sle-updates/2023-March/028497.html
E-Mail link for SUSE-SU-2023:1690-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1205628
SUSE Bug 1205628
https://www.suse.com/security/cve/CVE-2022-4065/
SUSE CVE CVE-2022-4065 page

Описание

A vulnerability was found in cbeust testng 7.5.0/7.6.0/7.6.1/7.7.0. It has been declared as critical. Affected by this vulnerability is the function testngXmlExistsInJar of the file testng-core/src/main/java/org/testng/JarFileUtils.java of the component XML File Parser. The manipulation leads to path traversal. The attack can be launched remotely. Upgrading to version 7.5.1 and 7.7.1 is able to address this issue. The patch is named 9150736cd2c123a6a3b60e6193630859f9f0422b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-214027.

Затронутые продукты

Container containers/apache-pulsar:3.3:testng-7.4.0-150200.3.7.1

SUSE Enterprise Storage 7.1:testng-7.4.0-150200.3.7.1

SUSE Enterprise Storage 7:testng-7.4.0-150200.3.7.1

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:testng-7.4.0-150200.3.7.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-4065.html
CVE-2022-4065
https://bugzilla.suse.com/1205628
SUSE Bug 1205628

SUSE-SU-2023:1690-1

Описание

Список пакетов

Container containers/apache-pulsar:3.3

SUSE Enterprise Storage 7

SUSE Enterprise Storage 7.1

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS

SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS

SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS

SUSE Linux Enterprise Module for Development Tools 15 SP4

SUSE Linux Enterprise Real Time 15 SP3

SUSE Linux Enterprise Server 15 SP2-LTSS

SUSE Linux Enterprise Server 15 SP3-LTSS

SUSE Linux Enterprise Server for SAP Applications 15 SP2

SUSE Linux Enterprise Server for SAP Applications 15 SP3

openSUSE Leap 15.4

Ссылки

Уязвимость: CVE-2022-4065

Описание

Затронутые продукты

Ссылки