SUSE-SU-2024:0806-1

Опубликовано: 07 мар. 2024

Источник: suse-cvrf

Описание

Security update for google-oauth-java-client

This update for google-oauth-java-client fixes the following issues:

CVE-2021-22573: Fixed token signature not verified (bsc#1199188).

Список пакетов

openSUSE Leap 15.5

google-oauth-java-client-1.22.0-150200.3.7.1

google-oauth-java-client-java6-1.22.0-150200.3.7.1

google-oauth-java-client-javadoc-1.22.0-150200.3.7.1

google-oauth-java-client-parent-1.22.0-150200.3.7.1

google-oauth-java-client-servlet-1.22.0-150200.3.7.1

Ссылки

https://www.suse.com/support/update/announcement/2024/suse-su-20240806-1/
Link for SUSE-SU-2024:0806-1
https://lists.suse.com/pipermail/sle-updates/2024-March/034574.html
E-Mail link for SUSE-SU-2024:0806-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1199188
SUSE Bug 1199188
https://www.suse.com/security/cve/CVE-2021-22573/
SUSE CVE CVE-2021-22573 page

Описание

The vulnerability is that IDToken verifier does not verify if token is properly signed. Signature verification makes sure that the token's payload comes from valid provider, not from someone else. An attacker can provide a compromised token with custom payload. The token will pass the validation on the client side. We recommend upgrading to version 1.33.3 or above

Затронутые продукты

openSUSE Leap 15.5:google-oauth-java-client-1.22.0-150200.3.7.1

openSUSE Leap 15.5:google-oauth-java-client-java6-1.22.0-150200.3.7.1

openSUSE Leap 15.5:google-oauth-java-client-javadoc-1.22.0-150200.3.7.1

openSUSE Leap 15.5:google-oauth-java-client-parent-1.22.0-150200.3.7.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-22573.html
CVE-2021-22573
https://bugzilla.suse.com/1199188
SUSE Bug 1199188

SUSE-SU-2024:0806-1

Описание

Список пакетов

openSUSE Leap 15.5

Ссылки

Уязвимость: CVE-2021-22573

Описание

Затронутые продукты

Ссылки