Описание
Security update for apache-commons-io
This update for apache-commons-io fixes the following issues:
Upgrade to 2.17.0:
- CVE-2024-47554: Fixed untrusted input to XmlStreamReader can lead to uncontrolled resource consumption (bsc#1231298)
Other changes:
Список пакетов
SUSE Linux Enterprise Server 12 SP5
apache-commons-io-2.17.0-11.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
apache-commons-io-2.17.0-11.3.1
SUSE Linux Enterprise Software Development Kit 12 SP5
apache-commons-io-2.17.0-11.3.1
Ссылки
- Link for SUSE-SU-2024:3596-1
- E-Mail link for SUSE-SU-2024:3596-1
- SUSE Security Ratings
- SUSE Bug 1231298
- SUSE CVE CVE-2024-47554 page
Описание
Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input. This issue affects Apache Commons IO: from 2.0 before 2.14.0. Users are recommended to upgrade to version 2.14.0 or later, which fixes the issue.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:apache-commons-io-2.17.0-11.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5:apache-commons-io-2.17.0-11.3.1
SUSE Linux Enterprise Software Development Kit 12 SP5:apache-commons-io-2.17.0-11.3.1
Ссылки
- CVE-2024-47554
- SUSE Bug 1231298