Описание
Security update for eclipse
This update for eclipse fixes the following issues:
- CVE-2020-27225: Authenticate active help requests to the local help web server (bsc#1183728).
This update was imported from the SUSE:SLE-15-SP2:Update update project.
Список пакетов
openSUSE Leap 15.2
eclipse-contributor-tools-4.9.0-lp152.3.3.1
eclipse-contributor-tools-bootstrap-4.9.0-lp152.3.3.1
eclipse-equinox-osgi-4.9.0-lp152.3.3.1
eclipse-equinox-osgi-bootstrap-4.9.0-lp152.3.3.1
eclipse-jdt-4.9.0-lp152.3.3.1
eclipse-jdt-bootstrap-4.9.0-lp152.3.3.1
eclipse-p2-discovery-4.9.0-lp152.3.3.1
eclipse-p2-discovery-bootstrap-4.9.0-lp152.3.3.1
eclipse-pde-4.9.0-lp152.3.3.1
eclipse-pde-bootstrap-4.9.0-lp152.3.3.1
eclipse-platform-4.9.0-lp152.3.3.1
eclipse-platform-bootstrap-4.9.0-lp152.3.3.1
eclipse-swt-4.9.0-lp152.3.3.1
eclipse-swt-bootstrap-4.9.0-lp152.3.3.1
eclipse-tests-4.9.0-lp152.3.3.1
eclipse-tests-bootstrap-4.9.0-lp152.3.3.1
Ссылки
- E-Mail link for openSUSE-SU-2021:0485-1
- SUSE Security Ratings
- SUSE Bug 1183728
- SUSE CVE CVE-2020-27225 page
Описание
In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform process.
Затронутые продукты
openSUSE Leap 15.2:eclipse-contributor-tools-4.9.0-lp152.3.3.1
openSUSE Leap 15.2:eclipse-contributor-tools-bootstrap-4.9.0-lp152.3.3.1
openSUSE Leap 15.2:eclipse-equinox-osgi-4.9.0-lp152.3.3.1
openSUSE Leap 15.2:eclipse-equinox-osgi-bootstrap-4.9.0-lp152.3.3.1
Ссылки
- CVE-2020-27225
- SUSE Bug 1183728