openSUSE 15.5: 2024:1304-1 Moderate: Eclipse Maven-Surefire Security Fix
opensuse
April 16, 2024
This update for eclipse, maven-surefire, tycho fixes the following issues: eclipse received the following security fix:
Description
This update for eclipse, maven-surefire, tycho fixes the following issues:
eclipse received the following security fix:
* CVE-2023-4218: Fixed a bug where parsing files with xml content laeds to XXE
attacks. (bsc#1216992)
maven-sunfire was updated from version 2.22.0 to 2.22.2:
* Changes in version 2.22.2:
* Bugs fixed:
* Fixed JUnit Runner that writes to System.out corrupts Surefireâs STDOUT when using JUnitâs Vintage Engine
* Changes in version 2.22.1:
* Bugs fixed:
* Fixed Surefire unable to run testng suites in parallel
* Fixed Git wrongly considering PNG files as changed when there is no change
* Fixed the surefire XSD published on maven site lacking of some rerun element
* Fixed XML Report elements rerunError, rerunFailure, flakyFailure, flakyError
* Fixed overriding platform version through project/plugin dependencies
* Fixed mixed up characters in standard output
* Logs in Parallel Tests are mixed up when...
Read the Full Advisory
Patch
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-1304=1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1304=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-1304=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-1304=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-1304=1
* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2024-1304=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-1304=1
* Development Tools Module 15-SP5
zypper in -t patch...
Read the Full AdvisoryPackage List
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch)
* maven-surefire-2.22.2-150200.3.9.9.1
* maven-surefire-plugin-2.22.2-150200.3.9.9.1
* maven-surefire-provider-junit-2.22.2-150200.3.9.9.1
* maven-surefire-provider-testng-2.22.2-150200.3.9.9.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (noarch)
* maven-surefire-2.22.2-150200.3.9.9.1
* maven-surefire-plugin-2.22.2-150200.3.9.9.1
* maven-surefire-provider-junit-2.22.2-150200.3.9.9.1
* maven-surefire-provider-testng-2.22.2-150200.3.9.9.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch)
* maven-surefire-2.22.2-150200.3.9.9.1
* maven-surefire-plugin-2.22.2-150200.3.9.9.1
* maven-surefire-provider-junit-2.22.2-150200.3.9.9.1
* maven-surefire-provider-testng-2.22.2-150200.3.9.9.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch)
* maven-surefire-2.22.2-150200.3.9.9.1
* maven-surefire-plugin-2.22.2-150200.3.9.9.1
* maven-surefire-provider-junit-2.22.2-150200.3.9.9.1
*...
Read the Full AdvisoryReferences
* bsc#1216992
## References:
* https://www.suse.com/security/cve/CVE-2023-4218.html
* https://bugzilla.suse.com/show_bug.cgi?id=1216992
PREVIOUS
NEXT
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!