Описание
Security update for bea-stax, xstream
This update for bea-stax, xstream fixes the following issues:
- CVE-2024-47072: Fixed possible remote denial-of-service via a stack overflow (bsc#1233085).
Список пакетов
Container bci/kiwi:latest
bea-stax-1.2.0-150200.11.3.1
bea-stax-api-1.2.0-150200.11.3.1
Container suse/manager/5.0/x86_64/server:latest
xstream-1.4.21-150200.3.28.1
Image SLES15-SP4-Manager-Server-4-3
xstream-1.4.21-150200.3.28.1
Image SLES15-SP4-Manager-Server-4-3-Azure-llc
xstream-1.4.21-150200.3.28.1
Image SLES15-SP4-Manager-Server-4-3-Azure-ltd
xstream-1.4.21-150200.3.28.1
Image SLES15-SP4-Manager-Server-4-3-BYOS
xstream-1.4.21-150200.3.28.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure
xstream-1.4.21-150200.3.28.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2
xstream-1.4.21-150200.3.28.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE
xstream-1.4.21-150200.3.28.1
Image server-image
xstream-1.4.21-150200.3.28.1
SUSE Enterprise Storage 7.1
bea-stax-1.2.0-150200.11.3.1
bea-stax-api-1.2.0-150200.11.3.1
xstream-1.4.21-150200.3.28.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
bea-stax-1.2.0-150200.11.3.1
bea-stax-api-1.2.0-150200.11.3.1
xstream-1.4.21-150200.3.28.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
bea-stax-1.2.0-150200.11.3.1
bea-stax-api-1.2.0-150200.11.3.1
xstream-1.4.21-150200.3.28.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
bea-stax-1.2.0-150200.11.3.1
bea-stax-api-1.2.0-150200.11.3.1
xstream-1.4.21-150200.3.28.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
bea-stax-1.2.0-150200.11.3.1
bea-stax-api-1.2.0-150200.11.3.1
xstream-1.4.21-150200.3.28.1
SUSE Linux Enterprise Module for Basesystem 15 SP5
bea-stax-1.2.0-150200.11.3.1
bea-stax-api-1.2.0-150200.11.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP6
bea-stax-1.2.0-150200.11.3.1
bea-stax-api-1.2.0-150200.11.3.1
SUSE Linux Enterprise Module for Development Tools 15 SP5
xstream-1.4.21-150200.3.28.1
SUSE Linux Enterprise Module for Development Tools 15 SP6
xstream-1.4.21-150200.3.28.1
SUSE Linux Enterprise Server 15 SP2-LTSS
bea-stax-1.2.0-150200.11.3.1
bea-stax-api-1.2.0-150200.11.3.1
xstream-1.4.21-150200.3.28.1
SUSE Linux Enterprise Server 15 SP3-LTSS
bea-stax-1.2.0-150200.11.3.1
bea-stax-api-1.2.0-150200.11.3.1
xstream-1.4.21-150200.3.28.1
SUSE Linux Enterprise Server 15 SP4-LTSS
bea-stax-1.2.0-150200.11.3.1
bea-stax-api-1.2.0-150200.11.3.1
xstream-1.4.21-150200.3.28.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
bea-stax-1.2.0-150200.11.3.1
bea-stax-api-1.2.0-150200.11.3.1
xstream-1.4.21-150200.3.28.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
bea-stax-1.2.0-150200.11.3.1
bea-stax-api-1.2.0-150200.11.3.1
xstream-1.4.21-150200.3.28.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4
bea-stax-1.2.0-150200.11.3.1
bea-stax-api-1.2.0-150200.11.3.1
xstream-1.4.21-150200.3.28.1
SUSE Manager Proxy 4.3
bea-stax-1.2.0-150200.11.3.1
bea-stax-api-1.2.0-150200.11.3.1
SUSE Manager Server 4.3
bea-stax-1.2.0-150200.11.3.1
bea-stax-api-1.2.0-150200.11.3.1
SUSE Manager Server Module 4.3
xstream-1.4.21-150200.3.28.1
openSUSE Leap 15.5
bea-stax-1.2.0-150200.11.3.1
bea-stax-api-1.2.0-150200.11.3.1
xstream-1.4.21-150200.3.28.1
xstream-benchmark-1.4.21-150200.3.28.1
xstream-javadoc-1.4.21-150200.3.28.1
xstream-parent-1.4.21-150200.3.28.1
openSUSE Leap 15.6
bea-stax-1.2.0-150200.11.3.1
bea-stax-api-1.2.0-150200.11.3.1
xstream-1.4.21-150200.3.28.1
xstream-benchmark-1.4.21-150200.3.28.1
xstream-javadoc-1.4.21-150200.3.28.1
xstream-parent-1.4.21-150200.3.28.1
Ссылки
- Link for SUSE-SU-2024:4037-1
- E-Mail link for SUSE-SU-2024:4037-1
- SUSE Security Ratings
- SUSE Bug 1233085
- SUSE CVE CVE-2024-47072 page
Описание
XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream when XStream is configured to use the BinaryStreamDriver. XStream 1.4.21 has been patched to detect the manipulation in the binary input stream causing the the stack overflow and raises an InputManipulationException instead. Users are advised to upgrade. Users unable to upgrade may catch the StackOverflowError in the client code calling XStream if XStream is configured to use the BinaryStreamDriver.
Затронутые продукты
Container bci/kiwi:latest:bea-stax-1.2.0-150200.11.3.1
Container bci/kiwi:latest:bea-stax-api-1.2.0-150200.11.3.1
Container suse/manager/5.0/x86_64/server:latest:xstream-1.4.21-150200.3.28.1
Image SLES15-SP4-Manager-Server-4-3-Azure-llc:xstream-1.4.21-150200.3.28.1
Ссылки
- CVE-2024-47072
- SUSE Bug 1233085