Описание
Security update for apache-commons-fileupload
This update for apache-commons-fileupload fixes the following issues:
Updated to version 1.5:
- CVE-2023-24998: Added a configurable maximum number of files to upload per request (bsc#1208513).
Список пакетов
Container suse/manager/5.0/x86_64/server:latest
apache-commons-fileupload-1.5-150200.3.9.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure
apache-commons-fileupload-1.5-150200.3.9.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM
apache-commons-fileupload-1.5-150200.3.9.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE
apache-commons-fileupload-1.5-150200.3.9.1
Image SLES15-SP4-Manager-Server-4-3
apache-commons-fileupload-1.5-150200.3.9.1
Image SLES15-SP4-Manager-Server-4-3-Azure-llc
apache-commons-fileupload-1.5-150200.3.9.1
Image SLES15-SP4-Manager-Server-4-3-Azure-ltd
apache-commons-fileupload-1.5-150200.3.9.1
Image SLES15-SP4-Manager-Server-4-3-BYOS
apache-commons-fileupload-1.5-150200.3.9.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure
apache-commons-fileupload-1.5-150200.3.9.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2
apache-commons-fileupload-1.5-150200.3.9.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE
apache-commons-fileupload-1.5-150200.3.9.1
Image SLES15-SP4-Manager-Server-4-3-EC2-llc
apache-commons-fileupload-1.5-150200.3.9.1
Image SLES15-SP4-Manager-Server-4-3-EC2-ltd
apache-commons-fileupload-1.5-150200.3.9.1
Image server-image
apache-commons-fileupload-1.5-150200.3.9.1
SUSE Enterprise Storage 7
apache-commons-fileupload-1.5-150200.3.9.1
SUSE Enterprise Storage 7.1
apache-commons-fileupload-1.5-150200.3.9.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
apache-commons-fileupload-1.5-150200.3.9.1
SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS
apache-commons-fileupload-1.5-150200.3.9.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
apache-commons-fileupload-1.5-150200.3.9.1
SUSE Linux Enterprise Module for Web and Scripting 15 SP4
apache-commons-fileupload-1.5-150200.3.9.1
SUSE Linux Enterprise Module for Web and Scripting 15 SP5
apache-commons-fileupload-1.5-150200.3.9.1
SUSE Linux Enterprise Server 15 SP2-LTSS
apache-commons-fileupload-1.5-150200.3.9.1
SUSE Linux Enterprise Server 15 SP3-LTSS
apache-commons-fileupload-1.5-150200.3.9.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
apache-commons-fileupload-1.5-150200.3.9.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
apache-commons-fileupload-1.5-150200.3.9.1
SUSE Manager Server 4.2
apache-commons-fileupload-1.5-150200.3.9.1
openSUSE Leap 15.4
apache-commons-fileupload-1.5-150200.3.9.1
apache-commons-fileupload-javadoc-1.5-150200.3.9.1
openSUSE Leap 15.5
apache-commons-fileupload-1.5-150200.3.9.1
apache-commons-fileupload-javadoc-1.5-150200.3.9.1
Ссылки
- Link for SUSE-SU-2023:2390-1
- E-Mail link for SUSE-SU-2023:2390-1
- SUSE Security Ratings
- SUSE Bug 1208513
- SUSE CVE CVE-2023-24998 page
Описание
Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured.
Затронутые продукты
Container suse/manager/5.0/x86_64/server:latest:apache-commons-fileupload-1.5-150200.3.9.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure:apache-commons-fileupload-1.5-150200.3.9.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM:apache-commons-fileupload-1.5-150200.3.9.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE:apache-commons-fileupload-1.5-150200.3.9.1
Ссылки
- CVE-2023-24998
- SUSE Bug 1208513
- SUSE Bug 1210310
- SUSE Bug 1211608
- SUSE Bug 1228313