SUSE-SU-2023:2843-1

Опубликовано: 17 июл. 2023

Источник: suse-cvrf

Описание

Security update for bouncycastle

This update for bouncycastle fixes the following issues:

CVE-2023-33201: Fixed an issue with the X509LDAPCertStoreSpi where a specially crafted certificate subject could be used to try and extract extra information out of an LDAP server (bsc#1212508).

Список пакетов

Container containers/apache-pulsar:3.3

bouncycastle-1.74-150200.3.21.1

bouncycastle-pkix-1.74-150200.3.21.1

bouncycastle-util-1.74-150200.3.21.1

SUSE Enterprise Storage 7

bouncycastle-1.74-150200.3.21.1

bouncycastle-pg-1.74-150200.3.21.1

bouncycastle-pkix-1.74-150200.3.21.1

bouncycastle-util-1.74-150200.3.21.1

SUSE Enterprise Storage 7.1

bouncycastle-1.74-150200.3.21.1

bouncycastle-pg-1.74-150200.3.21.1

bouncycastle-pkix-1.74-150200.3.21.1

bouncycastle-util-1.74-150200.3.21.1

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS

bouncycastle-1.74-150200.3.21.1

bouncycastle-pg-1.74-150200.3.21.1

bouncycastle-pkix-1.74-150200.3.21.1

bouncycastle-util-1.74-150200.3.21.1

SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS

bouncycastle-1.74-150200.3.21.1

bouncycastle-pg-1.74-150200.3.21.1

bouncycastle-pkix-1.74-150200.3.21.1

bouncycastle-util-1.74-150200.3.21.1

SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS

bouncycastle-1.74-150200.3.21.1

bouncycastle-pg-1.74-150200.3.21.1

bouncycastle-pkix-1.74-150200.3.21.1

bouncycastle-util-1.74-150200.3.21.1

SUSE Linux Enterprise Module for Development Tools 15 SP4

bouncycastle-1.74-150200.3.21.1

bouncycastle-pg-1.74-150200.3.21.1

bouncycastle-pkix-1.74-150200.3.21.1

bouncycastle-util-1.74-150200.3.21.1

SUSE Linux Enterprise Module for Development Tools 15 SP5

bouncycastle-1.74-150200.3.21.1

bouncycastle-pg-1.74-150200.3.21.1

bouncycastle-pkix-1.74-150200.3.21.1

bouncycastle-util-1.74-150200.3.21.1

SUSE Linux Enterprise Real Time 15 SP3

bouncycastle-1.74-150200.3.21.1

bouncycastle-pg-1.74-150200.3.21.1

bouncycastle-pkix-1.74-150200.3.21.1

bouncycastle-util-1.74-150200.3.21.1

SUSE Linux Enterprise Server 15 SP2-LTSS

bouncycastle-1.74-150200.3.21.1

bouncycastle-pg-1.74-150200.3.21.1

bouncycastle-pkix-1.74-150200.3.21.1

bouncycastle-util-1.74-150200.3.21.1

SUSE Linux Enterprise Server 15 SP3-LTSS

bouncycastle-1.74-150200.3.21.1

bouncycastle-pg-1.74-150200.3.21.1

bouncycastle-pkix-1.74-150200.3.21.1

bouncycastle-util-1.74-150200.3.21.1

SUSE Linux Enterprise Server for SAP Applications 15 SP2

bouncycastle-1.74-150200.3.21.1

bouncycastle-pg-1.74-150200.3.21.1

bouncycastle-pkix-1.74-150200.3.21.1

bouncycastle-util-1.74-150200.3.21.1

SUSE Linux Enterprise Server for SAP Applications 15 SP3

bouncycastle-1.74-150200.3.21.1

bouncycastle-pg-1.74-150200.3.21.1

bouncycastle-pkix-1.74-150200.3.21.1

bouncycastle-util-1.74-150200.3.21.1

openSUSE Leap 15.4

bouncycastle-1.74-150200.3.21.1

bouncycastle-javadoc-1.74-150200.3.21.1

bouncycastle-mail-1.74-150200.3.21.1

bouncycastle-pg-1.74-150200.3.21.1

bouncycastle-pkix-1.74-150200.3.21.1

bouncycastle-tls-1.74-150200.3.21.1

bouncycastle-util-1.74-150200.3.21.1

openSUSE Leap 15.5

bouncycastle-1.74-150200.3.21.1

bouncycastle-javadoc-1.74-150200.3.21.1

bouncycastle-jmail-1.74-150200.3.21.1

bouncycastle-mail-1.74-150200.3.21.1

bouncycastle-pg-1.74-150200.3.21.1

bouncycastle-pkix-1.74-150200.3.21.1

bouncycastle-tls-1.74-150200.3.21.1

bouncycastle-util-1.74-150200.3.21.1

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20232843-1/
Link for SUSE-SU-2023:2843-1
https://lists.suse.com/pipermail/sle-security-updates/2023-July/015507.html
E-Mail link for SUSE-SU-2023:2843-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1212508
SUSE Bug 1212508
https://www.suse.com/security/cve/CVE-2023-33201/
SUSE CVE CVE-2023-33201 page

Описание

Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate's Subject Name into an LDAP search filter without any escaping, which leads to an LDAP injection vulnerability.

Затронутые продукты

Container containers/apache-pulsar:3.3:bouncycastle-1.74-150200.3.21.1

Container containers/apache-pulsar:3.3:bouncycastle-pkix-1.74-150200.3.21.1

Container containers/apache-pulsar:3.3:bouncycastle-util-1.74-150200.3.21.1

SUSE Enterprise Storage 7.1:bouncycastle-1.74-150200.3.21.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-33201.html
CVE-2023-33201
https://bugzilla.suse.com/1212508
SUSE Bug 1212508

SUSE-SU-2023:2843-1

Описание

Список пакетов

Container containers/apache-pulsar:3.3

SUSE Enterprise Storage 7

SUSE Enterprise Storage 7.1

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS

SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS

SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS

SUSE Linux Enterprise Module for Development Tools 15 SP4

SUSE Linux Enterprise Module for Development Tools 15 SP5

SUSE Linux Enterprise Real Time 15 SP3

SUSE Linux Enterprise Server 15 SP2-LTSS

SUSE Linux Enterprise Server 15 SP3-LTSS

SUSE Linux Enterprise Server for SAP Applications 15 SP2

SUSE Linux Enterprise Server for SAP Applications 15 SP3

openSUSE Leap 15.4

openSUSE Leap 15.5

Ссылки

Уязвимость: CVE-2023-33201

Описание

Затронутые продукты

Ссылки