openSUSE-SU-2022:0503-1

Опубликовано: 18 фев. 2022

Источник: suse-cvrf

Описание

Security update for xerces-j2

This update for xerces-j2 fixes the following issues:

CVE-2022-23437: Fixed infinite loop within Apache XercesJ xml parser (bsc#1195108).

Список пакетов

openSUSE Leap 15.3

xerces-j2-2.12.0-3.3.1

xerces-j2-demo-2.12.0-3.3.1

xerces-j2-javadoc-2.12.0-3.3.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/U7E32672AADOJILNWAAKOTVLBYTBDBKD/
E-Mail link for openSUSE-SU-2022:0503-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1195108
SUSE Bug 1195108
https://www.suse.com/security/cve/CVE-2022-23437/
SUSE CVE CVE-2022-23437 page

Описание

There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.

Затронутые продукты

openSUSE Leap 15.3:xerces-j2-2.12.0-3.3.1

openSUSE Leap 15.3:xerces-j2-demo-2.12.0-3.3.1

openSUSE Leap 15.3:xerces-j2-javadoc-2.12.0-3.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-23437.html
CVE-2022-23437
https://bugzilla.suse.com/1195108
SUSE Bug 1195108
https://bugzilla.suse.com/1196394
SUSE Bug 1196394

openSUSE-SU-2022:0503-1

Описание

Список пакетов

openSUSE Leap 15.3

Ссылки

Уязвимость: CVE-2022-23437

Описание

Затронутые продукты

Ссылки