SUSE: 2022:3310-1 moderate: tika-core | LinuxSecurity.com

What Are You Looking For?

Popular Tags

Contribute

   SUSE Security Update: Security update for tika-core
______________________________________________________________________________

Announcement ID:    SUSE-SU-2022:3310-1
Rating:             moderate
References:         #1199604 #1200283 #1201217 
Cross-References:   CVE-2022-30126 CVE-2022-30973 CVE-2022-33879
                   
CVSS scores:
                    CVE-2022-30126 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2022-30126 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-30973 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2022-30973 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-33879 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
                    CVE-2022-33879 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:
                    SUSE Linux Enterprise Module for SUSE Manager Server 4.2
                    SUSE Manager Server 4.2
______________________________________________________________________________

   An update that fixes three vulnerabilities is now available.

Description:

   This update for tika-core fixes the following issues:

   - CVE-2022-33879: Incomplete fix and new regex DoS in
     StandardsExtractingContentHandler. (bsc#1201217)
   - CVE-2022-30973, CVE-2022-30126: Regular Expression Denial of Service in
     Standards Extractor. (bsc#1199604, bsc#1200283)


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for SUSE Manager Server 4.2:

      zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-3310=1



Package List:

   - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (noarch):

      tika-core-1.26-150300.4.3.1


References:

   https://www.suse.com/security/cve/CVE-2022-30126.html
   https://www.suse.com/security/cve/CVE-2022-30973.html
   https://www.suse.com/security/cve/CVE-2022-33879.html
   https://bugzilla.suse.com/1199604
   https://bugzilla.suse.com/1200283
   https://bugzilla.suse.com/1201217

SUSE: 2022:3310-1 moderate: tika-core

September 19, 2022
An update that fixes three vulnerabilities is now available

Summary

This update for tika-core fixes the following issues: - CVE-2022-33879: Incomplete fix and new regex DoS in StandardsExtractingContentHandler. (bsc#1201217) - CVE-2022-30973, CVE-2022-30126: Regular Expression Denial of Service in Standards Extractor. (bsc#1199604, bsc#1200283) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-3310=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (noarch): tika-core-1.26-150300.4.3.1

References

#1199604 #1200283 #1201217

Cross- CVE-2022-30126 CVE-2022-30973 CVE-2022-33879

CVSS scores:

CVE-2022-30126 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2022-30126 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2022-30973 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2022-30973 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2022-33879 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CVE-2022-33879 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

SUSE Linux Enterprise Module for SUSE Manager Server 4.2

SUSE Manager Server 4.2

https://www.suse.com/security/cve/CVE-2022-30126.html

https://www.suse.com/security/cve/CVE-2022-30973.html

https://www.suse.com/security/cve/CVE-2022-33879.html

https://bugzilla.suse.com/1199604

https://bugzilla.suse.com/1200283

https://bugzilla.suse.com/1201217

Severity
Announcement ID: SUSE-SU-2022:3310-1
Rating: moderate

News

Advisories

HOWTOs

Features

History of Malware on Linux and What's Being Done to Stop It
A Complete Guide to Security Automation & Reporting Using Open Source Tools
How to Check if Your Linux System is Infected with a Virus
Security Considerations for Azure Linux & Windows Subsystem for Linux Users
Admins Receive Automated Linux Patch Management & Improved Security with ManageEngine Endpoint Central

About Us

Powered By

Footer Logo

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

Learn More About Our Cookie Policy