Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2021:2612-1

Опубликовано: 05 авг. 2021
Источник: suse-cvrf

Описание

Security update for apache-commons-compress

This update for apache-commons-compress fixes the following issues:

  • Updated to 1.21
  • CVE-2021-35515: Fixed an infinite loop when reading a specially crafted 7Z archive. (bsc#1188463)
  • CVE-2021-35516: Fixed an excessive memory allocation when reading a specially crafted 7Z archive. (bsc#1188464)
  • CVE-2021-35517: Fixed an excessive memory allocation when reading a specially crafted TAR archive. (bsc#1188465)
  • CVE-2021-36090: Fixed an excessive memory allocation when reading a specially crafted ZIP archive. (bsc#1188466)

Список пакетов

openSUSE Leap 15.3
apache-commons-compress-1.21-3.3.1
apache-commons-compress-javadoc-1.21-3.3.1

Ссылки

Описание

When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package.

Затронутые продукты
openSUSE Leap 15.3:apache-commons-compress-1.21-3.3.1
openSUSE Leap 15.3:apache-commons-compress-javadoc-1.21-3.3.1
Ссылки

Описание

When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' sevenz package.

Затронутые продукты
openSUSE Leap 15.3:apache-commons-compress-1.21-3.3.1
openSUSE Leap 15.3:apache-commons-compress-javadoc-1.21-3.3.1
Ссылки

Описание

When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' tar package.

Затронутые продукты
openSUSE Leap 15.3:apache-commons-compress-1.21-3.3.1
openSUSE Leap 15.3:apache-commons-compress-javadoc-1.21-3.3.1
Ссылки

Описание

When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package.

Затронутые продукты
openSUSE Leap 15.3:apache-commons-compress-1.21-3.3.1
openSUSE Leap 15.3:apache-commons-compress-javadoc-1.21-3.3.1
Ссылки