Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 2 articles for you...
172
security advisorysoftware updateUbuntuUbuntu 22.04 LTS: USN-7208-1 critical: bcel buffer overflow
Apache Commons BCEL could be made to crash or run programs if it received specially crafted network traffic.. ========================================================================== Ubuntu Security Notice USN-7208-1 January 16, 2025 bcel vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Apache Commons BCEL could be made to crash or run programs if it received specially crafted network traffic. Software Description: - bcel: Analyze, create, and manipulate (binary) Java class files Details: Felix Wilhelm discovered that Apache Commons BCEL APIs incorrectly handled parameters due to a memory issue. An attacker supplying malicious input could exploit this to generate and execute arbitrary bytecode. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS libbcel-java 6.5.0-1ubuntu0.1 Ubuntu 20.04 LTS libbcel-java 6.4.1-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 18.04 LTS libbcel-java 6.2-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 16.04 LTS libbcel-java 6.0~rc3-2ubuntu1+esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7208-1 CVE-2022-42920 Package Information: https://launchpad.net/ubuntu/+source/bcel/6.5.0-1ubuntu0.1 . Ubuntu Security Notice USN-7209-1 outlines fixes for a bcel weakness affecting various Ubuntu editions.. Apache Commons, Memory Attack, Network Vulnerability, System Update, Software Security. . Severity: Critical. LinuxSecurity.com Team
Jan 16, 2025
•Critical
Ubuntu
98
security advisorysecurity updatecriticalRed Hat Enterprise Linux 9.0 RHSA-2023-0004-01 Critical BCEL Update
An update for bcel is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: bcel security update Advisory ID: RHSA-2023:0004-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:0004 Issue date: 2023-01-02 CVE Names: CVE-2022-42920 ==================================================================== 1. Summary: An update for bcel is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v.9.0) - noarch 3. Description: The Byte Code Engineering Library (Apache Commons BCEL) is intended to give users a convenient way to analyze, create, and manipulate (binary) Java class files (those ending with .class). Security Fix(es): * Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing (CVE-2022-42920) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2142707 - CVE-2022-42920 Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing 6. PackageList: Red Hat Enterprise Linux AppStream EUS (v.9.0): Source: bcel-6.4.1-9.el9_0.src.rpm noarch: bcel-6.4.1-9.el9_0.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-42920 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY7KzMdzjgjWX9erEAQhNnA/6Aj0dFqQToL48z8urkAHu9cjbjtXe8WY4 OtTUIPiNcx/ag0nFZXiJAg9Fpm1zsZ/vtijr+0g1zOwDH+jxsD6Jls0B2hvJ231+ MGpfDLLSbAiGPBi+h6bfS/5B0pVnBPzwIqHDuw88pZ65oTvYrSbesBxQRwSlpoLx KVNaZLcI1un3Tnj0B+g1PTenIoZr4t2ew5a1UBHG6922PfhpjkkGZkEMMGXhS39u IoDnZ86D6EwKgfgkI3DRvWROyllD3Uwn2K2LxWbGa3h6kgpIpLAwsBLs46pnoyYm F0SFZk/dLqWfAlQdBuQf9puG9b/UgF9afz/Sd823QItmV53i0K9969PKJTXd7hKV kup5w8Q+DXPB4QkVkirX/45vw8HynC3f+3v2PtIG4RX4vmavIKa7KH/GyQP+jKfj I42jho3Bof5QH2HYuYOPrsxc1Q9kuyNPy6C8q4kwj42I3T7uWnn1eztodGniv2qN ewOpSbIvQF9qgnpoDGSAydp6AfWq1hXLApWgq3Q3gwp/Bw4CVRF9BNaiGO92Qan8 Jh6jVdoBrLlpQeTeG3KNSA/cuagQzDFOlNPGAlRweoZd8HU1DKtbKVAWiy98WkcZ wX6h+/MheGxofaA5JKNpmF5T8a+6x5fOlLQW9DFxHtNXWPI6TpWp9aC0F2TOgjqt 4lvL+q5bFIM=2oN+ -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jan 02, 2023
•Important
Red Hat
98
security advisorysecurity updateRed Hat Enterprise LinuxRed Hat Enterprise Linux 9 RHSA-2023-0005-01 Crucial: BCEL Security Patch
An update for bcel is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: bcel security update Advisory ID: RHSA-2023:0005-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:0005 Issue date: 2023-01-02 CVE Names: CVE-2022-42920 ==================================================================== 1. Summary: An update for bcel is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 9) - noarch 3. Description: The Byte Code Engineering Library (Apache Commons BCEL) is intended to give users a convenient way to analyze, create, and manipulate (binary) Java class files (those ending with .class). Security Fix(es): * Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing (CVE-2022-42920) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2142707 - CVE-2022-42920 Apache-Commons-BCEL: arbitrary bytecode produced via out-of-boundswriting 6. Package List: Red Hat Enterprise Linux AppStream (v. 9): Source: bcel-6.4.1-9.el9_1.src.rpm noarch: bcel-6.4.1-9.el9_1.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-42920 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY7KzLtzjgjWX9erEAQi1RxAAjOBWF4SlAzB+rMSa0jprRya01ZR1l47y 717QoQX9htFZAt/rT0+ra8x612EJFAczDbducY5QykcjMdsq2b7N2hKscevc6xYr IsXJGTzNwfMAGMs6R1WSiGhAQA9Fop6s/+A9noGR67IWCmp3ugEs/YyZEPxb6cZr oxGgp2ClWpuUoZ0MUyhoW8gJx01DZi8jgcUzE8+mfGEFSBIsjIvJ6jQpFTmSAAwe iz6kN24ANeO9FLtGtEZmVdhwwaowIONU4TvVQ0V68Abeipxqou9GhoCFDLfI4gRa JhgfpYrRPTQckfTZGemN+1P6L3FgMZztIzoa8V3zEwhw8UG4Ofslm/aMPV8KZukq XDrRNQgP9BXFr0ccJpF1v62q3hgQmX4oZBkpjujfeZD1KGYl5IVmOJH3Ry/FJUui f9WXKJlW7Jw1L9bO6S8vIvPtkbgwAZIjuFhm96uSqhCu7Qlr82t2hNRCH6d5X0EW 2pwJmhn0o+7I3DUgogmWbRh/qEBIByZWtZP3PTU9Fh3f8Bf+6lnLwwgEzB2sbNDO RaybVJmHp1O5XpfCGNV7H/dGh7sAN/nzyEjzF1oB/QA1dbDkiudQCczx4wvtxpFu KpyF8N+R8Xn1VASx+X7LEbfaQAnVATutFUnYp39gT7PgEBDTt3pPH9l2l/wNhSJM tE7d9mkqkrs=gsMH -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jan 02, 2023
•Important
Red Hat
217
security advisorycriticalsoftware updateOracle Linux 7 ELSA-2022-8958 Critical Bcel Security Fix
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2022-8958 https://linux.oracle.com/errata/ELSA-2022-8958.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: bcel-5.2-19.el7_9.noarch.rpm bcel-javadoc-5.2-19.el7_9.noarch.rpm SRPMS: https://oss.oracle.com:443/ol7/SRPMS-updates/bcel-5.2-19.el7_9.src.rpm Related CVEs: CVE-2022-42920 Description of changes: [0:5.2-19] - Fix arbitrary bytecode produced via out-of-bounds writing - Resolves: CVE-2022-42920 _______________________________________________ El-errata mailing list
Dec 13, 2022
•Critical
Oracle
89
security advisorymoderateFedoraFedora 36: FEDORA-2023-a71e63e213 High: XYZ Buffer Overflow Vulnerability
Security fix: CVE-2022-42920 bcel: Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-f60a52e054 2022-12-11 01:46:58.698227 --------------------------------------------------------------------------------Name : bcel Product : Fedora 35 Version : 6.4.1 Release : 10.fc35 URL : https://commons.apache.org/proper/commons-bcel/ Summary : Byte Code Engineering Library Description : The Byte Code Engineering Library (formerly known as JavaClass) is intended to give users a convenient possibility to analyze, create, and manipulate (binary) Java class files (those ending with .class). Classes are represented by objects which contain all the symbolic information of the given class: methods, fields and byte code instructions, in particular. Such objects can be read from an existing file, be transformed by a program (e.g. a class loader at run-time) and dumped to a file again. An even more interesting application is the creation of classes from scratch at run-time. The Byte Code Engineering Library (BCEL) may be also useful if you want to learn about the Java Virtual Machine (JVM) and the format of Java .class files. BCEL is already being used successfully in several projects such as compilers, optimizers, obsfuscators and analysis tools, the most popular probably being the Xalan XSLT processor at Apache. --------------------------------------------------------------------------------Update Information: Security fix: CVE-2022-42920 bcel: Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing --------------------------------------------------------------------------------ChangeLog: * Thu Dec 1 2022 Mikolaj Izdebski - 6.4.1-10 - Fix arbitrary bytecode produced via out-of-bounds writing - Resolves: CVE-2022-42920 * Sat Feb 5 2022 Jiri Vanek - 6.4.1-9 - Rebuilt for java-17-openjdk as systemjdk * Wed Jan 19 2022 Fedora Release Engineering - 6.4.1-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild --------------------------------------------------------------------------------References: [ 1 ] Bug #2142727 - CVE-2022-42920 bcel: Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing [fedora-35] https://bugzilla.redhat.com/show_bug.cgi?id=2142727 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-f60a52e054' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Dec 11, 2022
Fedora
89
security advisoryFedorasecurity fixFedora 36: 2022-0e358addb8 Critical Advisory For Bcel Execution Risk
Security fix: CVE-2022-42920 bcel: Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-0e358addb8 2022-12-11 01:39:26.469686 --------------------------------------------------------------------------------Name : bcel Product : Fedora 36 Version : 6.4.1 Release : 10.fc36 URL : https://commons.apache.org/proper/commons-bcel/ Summary : Byte Code Engineering Library Description : The Byte Code Engineering Library (formerly known as JavaClass) is intended to give users a convenient possibility to analyze, create, and manipulate (binary) Java class files (those ending with .class). Classes are represented by objects which contain all the symbolic information of the given class: methods, fields and byte code instructions, in particular. Such objects can be read from an existing file, be transformed by a program (e.g. a class loader at run-time) and dumped to a file again. An even more interesting application is the creation of classes from scratch at run-time. The Byte Code Engineering Library (BCEL) may be also useful if you want to learn about the Java Virtual Machine (JVM) and the format of Java .class files. BCEL is already being used successfully in several projects such as compilers, optimizers, obsfuscators and analysis tools, the most popular probably being the Xalan XSLT processor at Apache. --------------------------------------------------------------------------------Update Information: Security fix: CVE-2022-42920 bcel: Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing --------------------------------------------------------------------------------ChangeLog: * Thu Dec 1 2022 Mikolaj Izdebski - 6.4.1-10 - Fix arbitrary bytecode produced via out-of-bounds writing - Resolves:CVE-2022-42920 --------------------------------------------------------------------------------References: [ 1 ] Bug #2142728 - CVE-2022-42920 bcel: Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing [fedora-36] https://bugzilla.redhat.com/show_bug.cgi?id=2142728 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-0e358addb8' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Dec 11, 2022
•Critical
Fedora
89
security advisorycriticalFedoraFedora 37 CVE-2022-42920 Critical: bcel Out-Of-Bounds Bytecode Risk
Security fix: CVE-2022-42920 bcel: Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-01a56f581c 2022-12-11 01:24:18.453204 --------------------------------------------------------------------------------Name : bcel Product : Fedora 37 Version : 6.5.0 Release : 3.fc37 URL : https://commons.apache.org/proper/commons-bcel/ Summary : Byte Code Engineering Library Description : The Byte Code Engineering Library (formerly known as JavaClass) is intended to give users a convenient possibility to analyze, create, and manipulate (binary) Java class files (those ending with .class). Classes are represented by objects which contain all the symbolic information of the given class: methods, fields and byte code instructions, in particular. Such objects can be read from an existing file, be transformed by a program (e.g. a class loader at run-time) and dumped to a file again. An even more interesting application is the creation of classes from scratch at run-time. The Byte Code Engineering Library (BCEL) may be also useful if you want to learn about the Java Virtual Machine (JVM) and the format of Java .class files. BCEL is already being used successfully in several projects such as compilers, optimizers, obsfuscators and analysis tools, the most popular probably being the Xalan XSLT processor at Apache. --------------------------------------------------------------------------------Update Information: Security fix: CVE-2022-42920 bcel: Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing --------------------------------------------------------------------------------ChangeLog: * Thu Dec 1 2022 Mikolaj Izdebski - 6.5.0-3 - Fix arbitrary bytecode produced via out-of-bounds writing - Resolves:CVE-2022-42920 --------------------------------------------------------------------------------References: [ 1 ] Bug #2143514 - CVE-2022-42920 bcel: Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing [fedora-37] https://bugzilla.redhat.com/show_bug.cgi?id=2143514 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-01a56f581c' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Dec 11, 2022
•Critical
Fedora
100
security advisorymoderatesecurity updateSUSE Linux 12-SP5: SUSE-SU-2022:4331-1 Moderate: BCEL Security Fix
An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for bcel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4331-1 Rating: moderate References: #1205125 Cross-References: CVE-2022-42920 CVSS scores: CVE-2022-42920 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42920 (SUSE): 5.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for bcel fixes the following issues: - CVE-2022-42920: Fixed producing arbitrary bytecode via out-of-bounds writing (bsc#1205125). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4331=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (noarch): bcel-5.2-28.3.1 References: https://www.suse.com/security/cve/CVE-2022-42920.html https://bugzilla.suse.com/1205125 . SUSE Security Patch for bcel, Announcement ID: SUSE-SU-2022:4321-1, tackles a moderate threat concern.. SUSE Linux Update, BCEL Patch, CVE-2022-42920 Fix. . LinuxSecurity.com Team
Dec 06, 2022
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!