OESA-2023-1412

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1412
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2023-1412.json
JSON Data
https://api.test.osv.dev/v1/vulns/OESA-2023-1412
Upstream
Published
2023-07-08T11:05:30Z
Modified
2025-08-12T05:19:46.218017Z
Summary
guava security update
Details

Guava is a set of core Java libraries from Google that includes new collection types (such as multimap and multiset), immutable collections, a graph library, and utilities for concurrency, I/O, hashing, caching, primitives, strings, and more! It is widely used on most Java projects within Google, and widely used by many other companies as well.

Security Fix(es):

Use of Java's default temporary directory for file creation in FileBackedOutputStream in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class.

Even though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.

(CVE-2023-2976)

Database specific 
{
    "severity": "High"
}
References

Affected packages

openEuler:20.03-LTS-SP1 / guava

Package

Name
guava
Purl
pkg:rpm/openEuler/guava&distro=openEuler-20.03-LTS-SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
25.0-6.oe1

Ecosystem specific 

{
    "noarch": [
        "guava-25.0-6.oe1.noarch.rpm",
        "guava-testlib-25.0-6.oe1.noarch.rpm",
        "guava-help-25.0-6.oe1.noarch.rpm"
    ],
    "src": [
        "guava-25.0-6.oe1.src.rpm"
    ]
}

openEuler:20.03-LTS-SP3 / guava

Package

Name
guava
Purl
pkg:rpm/openEuler/guava&distro=openEuler-20.03-LTS-SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
25.0-6.oe1

Ecosystem specific 

{
    "noarch": [
        "guava-testlib-25.0-6.oe1.noarch.rpm",
        "guava-help-25.0-6.oe1.noarch.rpm",
        "guava-25.0-6.oe1.noarch.rpm"
    ],
    "src": [
        "guava-25.0-6.oe1.src.rpm"
    ]
}

openEuler:22.03-LTS / guava

Package

Name
guava
Purl
pkg:rpm/openEuler/guava&distro=openEuler-22.03-LTS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
25.0-6.oe2203sp2

Ecosystem specific 

{
    "noarch": [
        "guava-help-25.0-6.oe2203.noarch.rpm",
        "guava-25.0-6.oe2203.noarch.rpm",
        "guava-testlib-25.0-6.oe2203.noarch.rpm",
        "guava-help-25.0-6.oe2203sp1.noarch.rpm",
        "guava-25.0-6.oe2203sp1.noarch.rpm",
        "guava-testlib-25.0-6.oe2203sp1.noarch.rpm",
        "guava-testlib-25.0-6.oe2203sp2.noarch.rpm",
        "guava-25.0-6.oe2203sp2.noarch.rpm",
        "guava-help-25.0-6.oe2203sp2.noarch.rpm"
    ],
    "src": [
        "guava-25.0-6.oe2203.src.rpm",
        "guava-25.0-6.oe2203sp1.src.rpm",
        "guava-25.0-6.oe2203sp2.src.rpm"
    ]
}

openEuler:22.03-LTS-SP1 / guava

Package

Name
guava
Purl
pkg:rpm/openEuler/guava&distro=openEuler-22.03-LTS-SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
25.0-6.oe2203sp1

Ecosystem specific 

{
    "noarch": [
        "guava-help-25.0-6.oe2203sp1.noarch.rpm",
        "guava-25.0-6.oe2203sp1.noarch.rpm",
        "guava-testlib-25.0-6.oe2203sp1.noarch.rpm"
    ],
    "src": [
        "guava-25.0-6.oe2203sp1.src.rpm"
    ]
}

openEuler:22.03-LTS-SP2 / guava

Package

Name
guava
Purl
pkg:rpm/openEuler/guava&distro=openEuler-22.03-LTS-SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
25.0-6.oe2203sp2

Ecosystem specific 

{
    "noarch": [
        "guava-testlib-25.0-6.oe2203sp2.noarch.rpm",
        "guava-25.0-6.oe2203sp2.noarch.rpm",
        "guava-help-25.0-6.oe2203sp2.noarch.rpm"
    ],
    "src": [
        "guava-25.0-6.oe2203sp2.src.rpm"
    ]
}