Alerts This Week
Warning Icon 1 923
Alerts This Week
Warning Icon 1 923

Fedora 40: Critical Advisory for Apache Commons Stack Overflow Errors

fedora
Calendar Grey March 29, 2024
Dist Fedora Esm H88
News for Fedora: critical updates issued for apache-commons-configuration to rectify stack overflow issues. Essential patches have been integrated.
This update contains security fixes for CVE-2024-29131 and CVE-2024-29133

Summary

The Commons Configuration software library provides a generic

configuration interface which enables a Java application to read

configuration data from a variety of sources. Commons Configuration

provides typed access to single, and multi-valued configuration

parameters as demonstrated by the following code:

Double double = config.getDouble("number");

Integer integer = config.getInteger("number");

Configuration parameters may be loaded from the following sources:

- Properties files

- XML documents

- Windows INI files

- Property list files (plist)

- JNDI

- JDBC Datasource

- System properties

- Applet parameters

- Servlet parameters

Configuration objects are created using configuration builders.

Different configuration sources can be mixed using a

CombinedConfigurationBuilder and a CombinedConfiguration. Additional

sources of configuration parameters can be created by using custom

configuration objects. This customization can be achieved by extending

AbstractConfiguration or AbstractHierarchicalConfiguration.

%javadoc_package

Update Information:

This update contains security fixes for CVE-2024-29131 and CVE-2024-29133. See NOTES.txt for changes in versions 2.10.0 and 2.10.1.

Topics%20covered

Topics Covered

security advisory critical software update Fedora security fix configuration issue Apache Commons stack overflow error apache-commons-configuration

Change Log

* Thu Mar 21 2024 Jerry James - 2.10.1-1 - Version 2.10.1 (CVE-2024-29131, CVE-2024-29133) * Wed Mar 13 2024 Jerry James - 2.10.0-1 - Version 2.10.0

References


[ 1 ] Bug #2270673 - CVE-2024-29133 commons-configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree https://bugzilla.redhat.com/show_bug.cgi?id=2270673 [ 2 ] Bug #2270674 - CVE-2024-29131 commons-configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator() https://bugzilla.redhat.com/show_bug.cgi?id=2270674

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-c673517dce' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
critical
Lowest
Low
Medium
High
Critical

Name: apache-commons-configuration
Product: Fedora 40
Version: 2.10.1
Release: 1.fc40
URL: https://commons.apache.org/proper/commons-configuration/
Summary: Read configuration data from a variety of sources

Topics%20covered

Topics Covered

security advisory critical software update Fedora security fix configuration issue Apache Commons stack overflow error apache-commons-configuration

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here