OESA-2023-1411

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1411

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2023-1411.json

JSON Data

https://api.test.osv.dev/v1/vulns/OESA-2023-1411

Upstream

CVE-2023-2976

Published

2023-07-08T11:05:30Z

Modified

2025-08-12T05:19:45.656612Z

Summary

guava20 security update

Details

Guava is a set of core libraries that includes new collection types ,immutable collections, a graph library, and utilities for concurrency, I/O, hashing, primitives, strings, and more.

Security Fix(es):

Use of Java's default temporary directory for file creation in FileBackedOutputStream in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class.

Even though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.

(CVE-2023-2976)

Database specific

{
    "severity": "High"
}

References

Affected packages

openEuler:20.03-LTS-SP1 / guava20

Package

Name: guava20
Purl: pkg:rpm/openEuler/guava20&distro=openEuler-20.03-LTS-SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

20.0-11.oe1

Ecosystem specific

{
    "noarch": [
        "guava20-help-20.0-11.oe1.noarch.rpm",
        "guava20-20.0-11.oe1.noarch.rpm"
    ],
    "src": [
        "guava20-20.0-11.oe1.src.rpm"
    ]
}

openEuler:20.03-LTS-SP3 / guava20

Package

Name: guava20
Purl: pkg:rpm/openEuler/guava20&distro=openEuler-20.03-LTS-SP3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

20.0-11.oe1

Ecosystem specific

{
    "noarch": [
        "guava20-20.0-11.oe1.noarch.rpm",
        "guava20-help-20.0-11.oe1.noarch.rpm"
    ],
    "src": [
        "guava20-20.0-11.oe1.src.rpm"
    ]
}

openEuler:22.03-LTS / guava20

Package

Name: guava20
Purl: pkg:rpm/openEuler/guava20&distro=openEuler-22.03-LTS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

20.0-11.oe2203sp2

Ecosystem specific

{
    "noarch": [
        "guava20-20.0-11.oe2203.noarch.rpm",
        "guava20-help-20.0-11.oe2203.noarch.rpm",
        "guava20-help-20.0-11.oe2203sp1.noarch.rpm",
        "guava20-20.0-11.oe2203sp1.noarch.rpm",
        "guava20-help-20.0-11.oe2203sp2.noarch.rpm",
        "guava20-20.0-11.oe2203sp2.noarch.rpm"
    ],
    "src": [
        "guava20-20.0-11.oe2203.src.rpm",
        "guava20-20.0-11.oe2203sp1.src.rpm",
        "guava20-20.0-11.oe2203sp2.src.rpm"
    ]
}

openEuler:22.03-LTS-SP1 / guava20

Package

Name: guava20
Purl: pkg:rpm/openEuler/guava20&distro=openEuler-22.03-LTS-SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

20.0-11.oe2203sp1

Ecosystem specific

{
    "noarch": [
        "guava20-help-20.0-11.oe2203sp1.noarch.rpm",
        "guava20-20.0-11.oe2203sp1.noarch.rpm"
    ],
    "src": [
        "guava20-20.0-11.oe2203sp1.src.rpm"
    ]
}

openEuler:22.03-LTS-SP2 / guava20

Package

Name: guava20
Purl: pkg:rpm/openEuler/guava20&distro=openEuler-22.03-LTS-SP2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

20.0-11.oe2203sp2

Ecosystem specific

{
    "noarch": [
        "guava20-help-20.0-11.oe2203sp2.noarch.rpm",
        "guava20-20.0-11.oe2203sp2.noarch.rpm"
    ],
    "src": [
        "guava20-20.0-11.oe2203sp2.src.rpm"
    ]
}