Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
89
security advisoryhigh severityfedoraFedora 40: FEDORA-2024-129d8ca6fc High: jdom2 Type Confusion Issues
Change for system JDK from 17 to 21. upstream security release 122.0.6261.94 High CVE-2024-1938: Type Confusion in V8 High CVE-2024-1939: Type Confusion in V8 fixed bug with requires. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-129d8ca6fc 2024-03-07 22:24:39.963937 -------------------------------------------------------------------------------- Name : jdom2 Product : Fedora 40 Version : 2.0.6.1 Release : 7.fc40 URL : http://www.jdom.org/ Summary : Java manipulation of XML made easy Description : JDOM is a Java-oriented object model which models XML documents. It provides a Java-centric means of generating and manipulating XML documents. While JDOM inter-operates well with existing standards such as the Simple API for XML (SAX) and the Document Object Model (DOM), it is not an abstraction layer or enhancement to those APIs. Rather, it seeks to provide a robust, light-weight means of reading and writing XML data without the complex and memory-consumptive options that current API offerings provide. -------------------------------------------------------------------------------- Update Information: Change for system JDK from 17 to 21. upstream security release 122.0.6261.94 High CVE-2024-1938: Type Confusion in V8 High CVE-2024-1939: Type Confusion in V8 fixed bug with requires Automatic update for lucene-9.9.2-1.fc40. bump java source/target to 1.8, fixes 2266639 -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 2 2024 Jiri Vanek - 2.0.6.1-7 - Rebuilt for java-21-openjdk as system jdk * Tue Feb 20 2024 Marian Koncek - 2.0.6.1-6 - Update Java source/target to 1.8 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2123726 - consoleImageViewer crashes at start https://bugzilla.redhat.com/show_bug.cgi?id=2123726 [ 2 ] Bug #2261062 -directory-maven-plugin: FTBFS in Fedora rawhide/f40 https://bugzilla.redhat.com/show_bug.cgi?id=2261062 [ 3 ] Bug #2266639 - directory-maven-plugin fails to build with java-21-openjdk https://bugzilla.redhat.com/show_bug.cgi?id=2266639 [ 4 ] Bug #2266934 - CVE-2024-1938 chromium: type confusion [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2266934 [ 5 ] Bug #2266937 - CVE-2024-1939 chromium: type confusion [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2266937 [ 6 ] Bug #2267486 - Include Java 21 as system Java Change in Fedora 40 Beta https://bugzilla.redhat.com/show_bug.cgi?id=2267486 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-129d8ca6fc' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Mar 07, 2024
Fedora
89
security advisorycriticalFedoraFedora 35 FEDORA-2021-3cb0d02576 Critical DoS Threat for jdom2
Resolves CVE-2021-33813 security vulnerability. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-3cb0d02576 2021-10-29 22:48:33.392887 --------------------------------------------------------------------------------Name : jdom2 Product : Fedora 35 Version : 2.0.6 Release : 24.fc35 URL : http://www.jdom.org/ Summary : Java manipulation of XML made easy Description : JDOM is a Java-oriented object model which models XML documents. It provides a Java-centric means of generating and manipulating XML documents. While JDOM inter-operates well with existing standards such as the Simple API for XML (SAX) and the Document Object Model (DOM), it is not an abstraction layer or enhancement to those APIs. Rather, it seeks to provide a robust, light-weight means of reading and writing XML data without the complex and memory-consumptive options that current API offerings provide. --------------------------------------------------------------------------------Update Information: Resolves CVE-2021-33813 security vulnerability --------------------------------------------------------------------------------ChangeLog: * Thu Oct 14 2021 Mikolaj Izdebski - 2.0.6-24 - Add patches to address DoS security vulnerability - Resolves: CVE-2021-33813 --------------------------------------------------------------------------------References: [ 1 ] Bug #1973414 - CVE-2021-33813 jdom2: jdom: XXE allows attackers to cause a DoS via a crafted HTTP request [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1973414 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-3cb0d02576' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the FedoraProject GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Oct 29, 2021
•Critical
Fedora
202
security advisorysecurity issueDoSopenSUSE Leap 15.2: 2021:1031-1 Important jdom2 DoS Advisory
An update that fixes one vulnerability is now available. . openSUSE Security Update: Security update for jdom2 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:1031-1 Rating: important References: #1187446 Cross-References: CVE-2021-33813 CVSS scores: CVE-2021-33813 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-33813 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for jdom2 fixes the following issues: - CVE-2021-33813: XXE issue in SAXBuilder can cause a denial of service via a crafted HTTP request (bsc#1187446) This update was imported from the SUSE:SLE-15-SP2:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2021-1031=1 Package List: - openSUSE Leap 15.2 (noarch): jdom2-2.0.6-lp152.2.3.1 jdom2-javadoc-2.0.6-lp152.2.3.1 References: https://www.suse.com/security/cve/CVE-2021-33813.html https://bugzilla.suse.com/1187446 . This critical announcement addresses a vulnerability in json-lib for Fedora, boosting protection with streamlined upgrade steps.. openSUSE,jdom2,security update,denial of service,important. . Severity: Important. LinuxSecurity.com Team
Jul 13, 2021
•Important
OpenSUSE
100
security advisorydenial of servicesecurity updateSUSE: 2021:2293-1 Important: jdom2 Denial Of Service Threat
An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for jdom2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2293-1 Rating: important References: #1187446 Cross-References: CVE-2021-33813 CVSS scores: CVE-2021-33813 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-33813 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for jdom2 fixes the following issues: - CVE-2021-33813: XXE issue in SAXBuilder can cause a denial of service via a crafted HTTP request (bsc#1187446) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-2293=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-2293=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): jdom2-2.0.6-3.3.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (noarch): jdom2-2.0.6-3.3.1 References: https://www.suse.com/security/cve/CVE-2021-33813.html https://bugzilla.suse.com/1187446 . A critical security patch has been released for jdom2 which resolves a significant denial of service vulnerability found in SUSE Linux development utilities.. SUSE Linux,Development Tools, jdom2 Update, Security Patch. . Severity: Important. LinuxSecurity.com Team
Jul 12, 2021
•Important
SuSE
202
security advisorydenial of servicesecurity updateopenSUSE 15.3: 2021:2293-1 Important: jdom2 Denial Of Service
An update that fixes one vulnerability is now available. . openSUSE Security Update: Security update for jdom2 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:2293-1 Rating: important References: #1187446 Cross-References: CVE-2021-33813 CVSS scores: CVE-2021-33813 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-33813 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for jdom2 fixes the following issues: - CVE-2021-33813: XXE issue in SAXBuilder can cause a denial of service via a crafted HTTP request (bsc#1187446) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2021-2293=1 Package List: - openSUSE Leap 15.3 (noarch): jdom2-2.0.6-3.3.1 jdom2-javadoc-2.0.6-3.3.1 References: https://www.suse.com/security/cve/CVE-2021-33813.html https://bugzilla.suse.com/1187446 . A fresh update for jdom2 on openSUSE addresses a critical denial of service vulnerability listed under CVE-2021-33813.. openSUSE Security Update,jdom2 patch,CVE-2021-33813,denial of service fix. . Severity: Important. LinuxSecurity.com Team
Jul 12, 2021
•Important
OpenSUSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!