SUSE: 2024:0726-2 Critical: Apache Commons Potential Loop Vulnerability

suse

February 29, 2024

* bsc#1220068 * bsc#1220070 Cross-References: * CVE-2024-25710

Summary

## This update for Java fixes the following issues: apache-commons-codec was updated to version 1.16.1: * Changes in version 1.16.1: * New features: * Added Maven property project.build.outputTimestamp for build reproducibility * Bugs fixed: * Correct error in Base64 Javadoc * Added minimum Java version in changes.xml * Documentation update for the org.apache.commons.codec.digest.* package * Precompile regular expression in UnixCrypt.crypt(byte[], String) * Fixed possible IndexOutOfBoundException in PhoneticEngine.encode method * Fixed possible ArrayIndexOutOfBoundsException in QuotedPrintableCodec.encodeQuotedPrintable() method * Fixed possible StringIndexOutOfBoundException in MatchRatingApproachEncoder.encode() method

Topics Covered

security advisory important threat resolution infinite loop suse linux java update apache commons

References

* bsc#1220068

* bsc#1220070

Cross-

* CVE-2024-25710

* CVE-2024-26308

CVSS scores:

* CVE-2024-25710 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-25710 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

* CVE-2024-26308 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-26308 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected Products:

* Basesystem Module 15-SP5

* Development Tools Module 15-SP5

* openSUSE Leap 15.5

* SUSE Enterprise Storage 7.1

* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4

* SUSE Linux Enterprise Desktop 15 SP5

* SUSE Linux Enterprise High Performance Computing 15 SP2

* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2

* SUSE Linux Enterprise High Performance Computing 15 SP3

Severity

critical

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2024:0726-1

Rating: important

Topics Covered

security advisory important threat resolution infinite loop suse linux java update apache commons

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2024:0726-2 Critical: Apache Commons Potential Loop Vulnerability

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2024:0726-2 Critical: Apache Commons Potential Loop Vulnerability

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!