Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

SUSE: 2022:3397-1 Important Update for Snakeyaml Denial Of Service Threats

suse
Calendar Grey September 26, 2022
Dist Suse Esm H88
SUSE releases enhancements for snakeyaml, tackling 6 critical vulnerabilities along with guidance for implementing the security fix. Discover the details.
An update that fixes 6 vulnerabilities is now available

Summary

This update for snakeyaml fixes the following issues: - CVE-2022-38750: Fixed uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (bsc#1203158). - CVE-2022-38749: Fixed StackOverflowError for many open unmatched brackets (bsc#1203149). - CVE-2022-38752: Fixed uncaught exception in java.base/java.util.ArrayList.hashCode (bsc#1203154). - CVE-2022-38751: Fixed unrestricted data matched with Regular Expressions (bsc#1203153). - CVE-2022-25857: Fixed denial of service vulnerability due missing to nested depth limitation for collections (bsc#1202932). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

Topics%20covered

Topics Covered

security advisory denial of service software update important SUSE Linux patch instructions snakeyaml

References

#1202932 #1203149 #1203153 #1203154 #1203158

Cross- CVE-2020-13936 CVE-2022-25857 CVE-2022-38749

CVE-2022-38750 CVE-2022-38751 CVE-2022-38752

CVSS scores:

CVE-2020-13936 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2020-13936 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-25857 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2022-25857 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2022-38749 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2022-38749 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2022-38750 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2022-38750 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:3397-1
Rating: important

Topics%20covered

Topics Covered

security advisory denial of service software update important SUSE Linux patch instructions snakeyaml

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here