Описание
Security update for janino
This update for janino fixes the following issues:
janino was upgraded to version 3.1.10:
- CVE-2023-33546: Fixed DoS due to missing error handling (bsc#1211923).
Список пакетов
openSUSE Leap 15.4
commons-compiler-3.1.10-150200.3.7.1
janino-3.1.10-150200.3.7.1
janino-javadoc-3.1.10-150200.3.7.1
openSUSE Leap 15.5
commons-compiler-3.1.10-150200.3.7.1
commons-compiler-jdk-3.1.10-150200.3.7.1
janino-3.1.10-150200.3.7.1
janino-javadoc-3.1.10-150200.3.7.1
Ссылки
- Link for SUSE-SU-2023:3385-1
- E-Mail link for SUSE-SU-2023:3385-1
- SUSE Security Ratings
- SUSE Bug 1211923
- SUSE CVE CVE-2023-33546 page
Описание
** DISPUTED ** Janino 3.1.9 and earlier are subject to denial of service (DOS) attacks when using the expression evaluator.guess parameter name method. If the parser runs on user-supplied input, an attacker could supply content that causes the parser to crash due to a stack overflow. NOTE: this is disputed by multiple parties because Janino is not intended for use with untrusted input.
Затронутые продукты
openSUSE Leap 15.4:commons-compiler-3.1.10-150200.3.7.1
openSUSE Leap 15.4:janino-3.1.10-150200.3.7.1
openSUSE Leap 15.4:janino-javadoc-3.1.10-150200.3.7.1
openSUSE Leap 15.5:commons-compiler-3.1.10-150200.3.7.1
Ссылки
- CVE-2023-33546
- SUSE Bug 1211923