OESA-2022-1977

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1977

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2022-1977.json

JSON Data

https://api.test.osv.dev/v1/vulns/OESA-2022-1977

Upstream

CVE-2022-34169

Published

2022-09-30T11:04:23Z

Modified

2025-08-12T05:14:13.838602Z

Summary

bcel security update

Details

The Byte Code Engineering Library (formerly known as JavaClass) is intended to give users a convenient possibility to analyze, create, and manipulate (binary) Java class files (those ending with .class).

Security Fix(es):

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. The Apache Xalan Java project is dormant and in the process of being retired. No future releases of Apache Xalan Java to address this issue are expected. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.(CVE-2022-34169)

Database specific

{
    "severity": "High"
}

References

Affected packages

openEuler:20.03-LTS-SP1 / bcel

Package

Name: bcel
Purl: pkg:rpm/openEuler/bcel&distro=openEuler-20.03-LTS-SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.2-5.oe1

Ecosystem specific

{
    "src": [
        "bcel-6.2-5.oe1.src.rpm"
    ],
    "noarch": [
        "bcel-6.2-5.oe1.noarch.rpm"
    ]
}

openEuler:20.03-LTS-SP3 / bcel

Package

Name: bcel
Purl: pkg:rpm/openEuler/bcel&distro=openEuler-20.03-LTS-SP3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.2-5.oe1

Ecosystem specific

{
    "src": [
        "bcel-6.2-5.oe1.src.rpm"
    ],
    "noarch": [
        "bcel-6.2-5.oe1.noarch.rpm"
    ]
}

openEuler:22.03-LTS / bcel

Package

Name: bcel
Purl: pkg:rpm/openEuler/bcel&distro=openEuler-22.03-LTS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.4.1-2.oe2203

Ecosystem specific

{
    "src": [
        "bcel-6.4.1-2.oe2203.src.rpm"
    ],
    "noarch": [
        "bcel-6.4.1-2.oe2203.noarch.rpm"
    ]
}