SUSE-SU-2024:4054-1

Опубликовано: 26 нояб. 2024

Источник: suse-cvrf

Описание

Security update for javapackages-tools, xmlgraphics-batik, xmlgraphics-commons, xmlgraphics-fop

This update for javapackages-tools, xmlgraphics-batik, xmlgraphics-commons, xmlgraphics-fop fixes the following issues:

xmlgraphics-fop was updated from version 2.8 to 2.10:

Security issues fixed:
- CVE-2024-28168: Fixed improper restriction of XML External Entity (XXE) reference (bsc#1231428)
Upstream changes and bugs fixed:
- Version 2.10:
  - footnote-body ignores rl-tb writing mode
  - SVG tspan content is displayed out of place
  - Added new schema to handle pdf/a and pdfa/ua
  - Correct fop version at runtime
  - NoSuchElementException when using font with no family name
  - Resolve classpath for binary distribution
  - Switch to spotbugs
  - Set an automatic module name
  - Rename packages to avoid conflicts with modules
  - Resize table only for multicolumn page
  - Missing jars in servlet
  - Optimise performance of PNG with alpha using raw loader
  - basic-link not navigating to corresponding footnote
  - Added option to sign PDF
  - Added secure processing for XSL input
  - Allow sections which need security permissions to be run when AllPermission denied in caller code
  - Remove unused PDFStructElem
  - Remove space generated by fo:wrapper
  - Reset content length for table changing ipd
  - Added alt text to PDF signature
  - Allow change of resource level for SVG in AFP
  - Exclude shape not in clipping path for AFP
  - Only support 1 column for redo of layout without page pos only
  - Switch to Jakarta servlet API
  - NPE when list item is split alongside an ipd change
  - Added mandatory MODCA triplet to AFP
  - Redo layout for multipage columns
  - Added image mask option for AFP
  - Skip written block ipds inside float
  - Allow curly braces for src url
  - Missing content for last page with change ipd
  - Added warning when different pdf languages are used
  - Only restart line manager when there is a linebreak for blocklayout
- Version 2.9:
  - Values in PDF Number Trees must be indirect references
  - Do not delete files on syntax errors using command line
  - Surrogate pair edge-case causes Exception
  - Reset character spacing
  - SVG text containing certain glyphs isn't rendered
  - Remove duplicate classes from maven classpath
  - Allow use of page position only on redo of layout
  - Failure to render multi-block itemBody alongside float
  - Update to PDFBox 2.0.27
  - NPE if link destination is missing with accessibility
  - Make property cache thread safe
  - Font size was rounded to 0 for AFP TTF
  - Cannot process a SVG using mvn jars
  - Remove serializer jar
  - Allow creating a PDF 2.0 document
  - Text missing after page break inside table inline
  - IllegalArgumentException for list in a table
  - Table width may be too wide when layout width changes
  - NPE when using broken link and PDF 1.5
  - Allow XMP at PDF page level
  - Symbol font was not being mapped to unicode
  - Correct font differences table for Chrome
  - Link against Java 8 API
  - Added support for font-selection-strategy=character-by-character
  - Merge form fields in external PDFs
  - Fixed test for Java 11

xmlgraphics-batik was updated from version 1.17 to 1.18:

PNG transcoder references nonexistent class
Set offset to 0 if missing in stop tag
Validate throws NPE
Fixed missing arabic characters
Animated rotate tranform ignores y-origin at exactly 270 degrees
Set an automatic module name
Ignore inkscape properties
Switch to spotbugs
Allow source and target resolution configuration

xmlgraphics-commons was updated from version 2.8 to 2.10:

Fixed test for Java 11
Allow XMP at PDF page level
Allow source resolution configuration
Added new schema to handle pdf/a and pdfa/ua
Set an automatic module name
Switch to spotbugs
Do not use a singleton for ImageImplRegistry

javapackages-tools was updated from version 6.3.0 to 6.3.4:

Version 6.3.4:
- A corner case when which is not present
- Remove dependency on which
- Simplify after the which -> type -p change
- jpackage_script: Remove pointless assignment when %java_home is unset
- Don't export JAVA_HOME (bsc#1231347)
Version 6.3.2:
- Search for JAVACMD under JAVA_HOME only if it's set
- Obsolete set_jvm and set_jvm_dirs functions
- Drop unneeded _set_java_home function
- Remove JAVA_HOME check from check_java_env function
- Bump codecov/codecov-action from 2.0.2 to 4.6.0
- Bump actions/setup-python from 4 to 5
- Bump actions/checkout from 2 to 4
- Added custom dependabot config
- Remove the test for JAVA_HOME and error if it is not set
- java-functions: Remove unneeded local variables
- Fixed build status shield
Version 6.3.1:
- Allow missing components with abs2rel
- Fixed tests with python 3.4
- Sync spec file from Fedora
- Drop default JRE/JDK
- Fixed the use of java-functions in scripts
- Test that we don't bomb on
- Test variable expansion in artifactId
- Interpolate properties also in the current artifact
- Rewrite abs2rel in shell
- Use asciidoctor instead of asciidoc
- Fixed incompatibility with RPM 4.20
- Reproducible exclusions order in maven metadata
- Do not bomb on construct
- Make maven_depmap order of aliases reproducible

Список пакетов

Container bci/kiwi:latest

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

Container bci/openjdk-devel:11

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

Container bci/openjdk-devel:17

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

Container bci/openjdk-devel:latest

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

Container bci/openjdk:11

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

Container bci/openjdk:17

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

Container bci/openjdk:latest

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

Container containers/apache-pulsar:3.3

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

Container containers/apache-tomcat:10.1-openjdk11

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

Container containers/apache-tomcat:10.1-openjdk17

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

Container containers/apache-tomcat:10.1-openjdk21

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

Container containers/apache-tomcat:9-openjdk11

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

Container containers/apache-tomcat:9-openjdk17

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

Container containers/apache-tomcat:9-openjdk21

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

Container containers/apache-tomcat:9-openjdk8

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

Container suse/manager/5.0/x86_64/server-attestation:latest

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

Container suse/manager/5.0/x86_64/server:latest

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

Image SLES15-SP3-SAP-Azure-LI-BYOS-Production

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

Image SLES15-SP3-SAPCAL-Azure

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

Image SLES15-SP3-SAPCAL-EC2-HVM

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

Image SLES15-SP3-SAPCAL-GCE

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

Image SLES15-SP4-Manager-Server-4-3

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

Image SLES15-SP4-Manager-Server-4-3-Azure-llc

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

Image SLES15-SP4-Manager-Server-4-3-Azure-ltd

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

Image SLES15-SP4-Manager-Server-4-3-BYOS

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

Image SLES15-SP4-SAP

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

Image SLES15-SP4-SAP-Azure

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

Image SLES15-SP4-SAP-Azure-LI-BYOS

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

Image SLES15-SP4-SAP-Azure-LI-BYOS-Production

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

Image SLES15-SP4-SAP-Azure-VLI-BYOS

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

Image SLES15-SP4-SAP-EC2

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

Image SLES15-SP4-SAP-GCE

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

Image SLES15-SP4-SAPCAL

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

Image SLES15-SP4-SAPCAL-Azure

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

Image SLES15-SP4-SAPCAL-EC2

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

Image SLES15-SP4-SAPCAL-GCE

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

Image SLES15-SP5-SAP-Azure-LI-BYOS

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

Image SLES15-SP5-SAP-Azure-LI-BYOS-Production

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

Image SLES15-SP5-SAP-Azure-VLI-BYOS

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

Image SLES15-SP5-SAPCAL-Azure

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

Image SLES15-SP5-SAPCAL-EC2

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

Image SLES15-SP5-SAPCAL-GCE

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

Image SLES15-SP6-SAP

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

Image SLES15-SP6-SAP-Azure

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

Image SLES15-SP6-SAP-Azure-LI-BYOS

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

Image SLES15-SP6-SAP-Azure-LI-BYOS-Production

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

Image SLES15-SP6-SAP-Azure-VLI-BYOS

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

Image SLES15-SP6-SAP-EC2

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

Image SLES15-SP6-SAP-GCE

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

Image SLES15-SP6-SAPCAL

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

Image SLES15-SP6-SAPCAL-Azure

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

Image SLES15-SP6-SAPCAL-EC2

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

Image SLES15-SP6-SAPCAL-GCE

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

Image server-attestation-image

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

Image server-image

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

Image tomcat_15_6

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

SUSE Enterprise Storage 7.1

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-gradle-6.3.4-150200.3.15.1

javapackages-ivy-6.3.4-150200.3.15.1

javapackages-local-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

python3-javapackages-6.3.4-150200.3.15.1

xmlgraphics-batik-1.18-150200.4.10.2

xmlgraphics-batik-css-1.18-150200.4.10.2

xmlgraphics-commons-2.10-150200.3.10.2

xmlgraphics-fop-2.10-150200.13.10.1

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-gradle-6.3.4-150200.3.15.1

javapackages-ivy-6.3.4-150200.3.15.1

javapackages-local-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

python3-javapackages-6.3.4-150200.3.15.1

xmlgraphics-batik-1.18-150200.4.10.2

xmlgraphics-batik-css-1.18-150200.4.10.2

xmlgraphics-commons-2.10-150200.3.10.2

xmlgraphics-fop-2.10-150200.13.10.1

SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-gradle-6.3.4-150200.3.15.1

javapackages-ivy-6.3.4-150200.3.15.1

javapackages-local-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

python3-javapackages-6.3.4-150200.3.15.1

xmlgraphics-batik-1.18-150200.4.10.2

xmlgraphics-batik-css-1.18-150200.4.10.2

xmlgraphics-commons-2.10-150200.3.10.2

xmlgraphics-fop-2.10-150200.13.10.1

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-gradle-6.3.4-150200.3.15.1

javapackages-ivy-6.3.4-150200.3.15.1

javapackages-local-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

python3-javapackages-6.3.4-150200.3.15.1

xmlgraphics-batik-1.18-150200.4.10.2

xmlgraphics-batik-css-1.18-150200.4.10.2

xmlgraphics-commons-2.10-150200.3.10.2

xmlgraphics-fop-2.10-150200.13.10.1

SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-gradle-6.3.4-150200.3.15.1

javapackages-ivy-6.3.4-150200.3.15.1

javapackages-local-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

python3-javapackages-6.3.4-150200.3.15.1

xmlgraphics-batik-1.18-150200.4.10.2

xmlgraphics-batik-css-1.18-150200.4.10.2

xmlgraphics-commons-2.10-150200.3.10.2

xmlgraphics-fop-2.10-150200.13.10.1

SUSE Linux Enterprise Module for Basesystem 15 SP5

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

python3-javapackages-6.3.4-150200.3.15.1

SUSE Linux Enterprise Module for Basesystem 15 SP6

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

python3-javapackages-6.3.4-150200.3.15.1

SUSE Linux Enterprise Module for Development Tools 15 SP5

javapackages-gradle-6.3.4-150200.3.15.1

javapackages-ivy-6.3.4-150200.3.15.1

javapackages-local-6.3.4-150200.3.15.1

xmlgraphics-batik-1.18-150200.4.10.2

xmlgraphics-batik-css-1.18-150200.4.10.2

xmlgraphics-commons-2.10-150200.3.10.2

xmlgraphics-fop-2.10-150200.13.10.1

SUSE Linux Enterprise Module for Development Tools 15 SP6

javapackages-gradle-6.3.4-150200.3.15.1

javapackages-ivy-6.3.4-150200.3.15.1

javapackages-local-6.3.4-150200.3.15.1

SUSE Linux Enterprise Module for Package Hub 15 SP6

xmlgraphics-batik-1.18-150200.4.10.2

xmlgraphics-batik-css-1.18-150200.4.10.2

xmlgraphics-commons-2.10-150200.3.10.2

SUSE Linux Enterprise Server 15 SP2-LTSS

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-gradle-6.3.4-150200.3.15.1

javapackages-ivy-6.3.4-150200.3.15.1

javapackages-local-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

python3-javapackages-6.3.4-150200.3.15.1

xmlgraphics-batik-1.18-150200.4.10.2

xmlgraphics-batik-css-1.18-150200.4.10.2

xmlgraphics-commons-2.10-150200.3.10.2

xmlgraphics-fop-2.10-150200.13.10.1

SUSE Linux Enterprise Server 15 SP3-LTSS

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-gradle-6.3.4-150200.3.15.1

javapackages-ivy-6.3.4-150200.3.15.1

javapackages-local-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

python3-javapackages-6.3.4-150200.3.15.1

xmlgraphics-batik-1.18-150200.4.10.2

xmlgraphics-batik-css-1.18-150200.4.10.2

xmlgraphics-commons-2.10-150200.3.10.2

xmlgraphics-fop-2.10-150200.13.10.1

SUSE Linux Enterprise Server 15 SP4-LTSS

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-gradle-6.3.4-150200.3.15.1

javapackages-ivy-6.3.4-150200.3.15.1

javapackages-local-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

python3-javapackages-6.3.4-150200.3.15.1

xmlgraphics-batik-1.18-150200.4.10.2

xmlgraphics-batik-css-1.18-150200.4.10.2

xmlgraphics-commons-2.10-150200.3.10.2

xmlgraphics-fop-2.10-150200.13.10.1

SUSE Linux Enterprise Server for SAP Applications 15 SP2

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-gradle-6.3.4-150200.3.15.1

javapackages-ivy-6.3.4-150200.3.15.1

javapackages-local-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

python3-javapackages-6.3.4-150200.3.15.1

xmlgraphics-batik-1.18-150200.4.10.2

xmlgraphics-batik-css-1.18-150200.4.10.2

xmlgraphics-commons-2.10-150200.3.10.2

xmlgraphics-fop-2.10-150200.13.10.1

SUSE Linux Enterprise Server for SAP Applications 15 SP3

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-gradle-6.3.4-150200.3.15.1

javapackages-ivy-6.3.4-150200.3.15.1

javapackages-local-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

python3-javapackages-6.3.4-150200.3.15.1

xmlgraphics-batik-1.18-150200.4.10.2

xmlgraphics-batik-css-1.18-150200.4.10.2

xmlgraphics-commons-2.10-150200.3.10.2

xmlgraphics-fop-2.10-150200.13.10.1

SUSE Linux Enterprise Server for SAP Applications 15 SP4

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-gradle-6.3.4-150200.3.15.1

javapackages-ivy-6.3.4-150200.3.15.1

javapackages-local-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

python3-javapackages-6.3.4-150200.3.15.1

xmlgraphics-batik-1.18-150200.4.10.2

xmlgraphics-batik-css-1.18-150200.4.10.2

xmlgraphics-commons-2.10-150200.3.10.2

xmlgraphics-fop-2.10-150200.13.10.1

SUSE Manager Proxy 4.3

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

python3-javapackages-6.3.4-150200.3.15.1

SUSE Manager Server 4.3

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

python3-javapackages-6.3.4-150200.3.15.1

openSUSE Leap 15.5

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-gradle-6.3.4-150200.3.15.1

javapackages-ivy-6.3.4-150200.3.15.1

javapackages-local-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

python3-javapackages-6.3.4-150200.3.15.1

xmlgraphics-batik-1.18-150200.4.10.2

xmlgraphics-batik-css-1.18-150200.4.10.2

xmlgraphics-batik-demo-1.18-150200.4.10.2

xmlgraphics-batik-javadoc-1.18-150200.4.10.2

xmlgraphics-batik-rasterizer-1.18-150200.4.10.2

xmlgraphics-batik-slideshow-1.18-150200.4.10.2

xmlgraphics-batik-squiggle-1.18-150200.4.10.2

xmlgraphics-batik-svgpp-1.18-150200.4.10.2

xmlgraphics-batik-ttf2svg-1.18-150200.4.10.2

xmlgraphics-commons-2.10-150200.3.10.2

xmlgraphics-commons-javadoc-2.10-150200.3.10.2

xmlgraphics-fop-2.10-150200.13.10.1

openSUSE Leap 15.6

javapackages-filesystem-6.3.4-150200.3.15.1

javapackages-gradle-6.3.4-150200.3.15.1

javapackages-ivy-6.3.4-150200.3.15.1

javapackages-local-6.3.4-150200.3.15.1

javapackages-tools-6.3.4-150200.3.15.1

python3-javapackages-6.3.4-150200.3.15.1

xmlgraphics-batik-1.18-150200.4.10.2

xmlgraphics-batik-css-1.18-150200.4.10.2

xmlgraphics-batik-demo-1.18-150200.4.10.2

xmlgraphics-batik-javadoc-1.18-150200.4.10.2

xmlgraphics-batik-rasterizer-1.18-150200.4.10.2

xmlgraphics-batik-slideshow-1.18-150200.4.10.2

xmlgraphics-batik-squiggle-1.18-150200.4.10.2

xmlgraphics-batik-svgpp-1.18-150200.4.10.2

xmlgraphics-batik-ttf2svg-1.18-150200.4.10.2

xmlgraphics-commons-2.10-150200.3.10.2

xmlgraphics-commons-javadoc-2.10-150200.3.10.2

xmlgraphics-fop-2.10-150200.13.10.1

Ссылки

https://www.suse.com/support/update/announcement/2024/suse-su-20244054-1/
Link for SUSE-SU-2024:4054-1
https://lists.suse.com/pipermail/sle-security-updates/2024-November/019844.html
E-Mail link for SUSE-SU-2024:4054-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1231347
SUSE Bug 1231347
https://bugzilla.suse.com/1231428
SUSE Bug 1231428
https://www.suse.com/security/cve/CVE-2024-28168/
SUSE CVE CVE-2024-28168 page

Описание

Improper Restriction of XML External Entity Reference ('XXE') vulnerability in Apache XML Graphics FOP. This issue affects Apache XML Graphics FOP: 2.9. Users are recommended to upgrade to version 2.10, which fixes the issue.

Затронутые продукты

Container bci/kiwi:latest:javapackages-filesystem-6.3.4-150200.3.15.1

Container bci/kiwi:latest:javapackages-tools-6.3.4-150200.3.15.1

Container bci/openjdk-devel:11:javapackages-filesystem-6.3.4-150200.3.15.1

Container bci/openjdk-devel:11:javapackages-tools-6.3.4-150200.3.15.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-28168.html
CVE-2024-28168
https://bugzilla.suse.com/1231428
SUSE Bug 1231428