SUSE-SU-2022:3560-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2022:3560-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2022:3560-1
- Related
- Published
- 2022-10-11T07:43:48Z
- Modified
- 2022-10-11T07:43:48Z
- Summary
- Security update for snakeyaml
- Details
-
This update for snakeyaml fixes the following issues:
snakeyaml was upgraded to version 1.31:
- CVE-2022-25857: Fixed DoS due missing to nested depth limitation for collections (bsc#1202932).
- CVE-2022-38749: Fixed DoS due to stack overflow in parser (bsc#1202932).
- CVE-2022-38751: Fixed DoS due to parsing of untrusted yaml files (bsc#1203153).
- CVE-2022-38752: Fixed DoS due to stack overflow in parser (bsc#1203154).
- CVE-2022-38750: Fixed DoS due to parsing of untrusted yaml files (bsc#1203158).
- CVE-2020-13936: Fixed arbitrary code execution when attacker is able to modify templates (bsc#1183360).
- References
-
- https://www.suse.com/support/update/announcement/2022/suse-su-20223560-1/
- https://bugzilla.suse.com/1183360
- https://bugzilla.suse.com/1202932
- https://bugzilla.suse.com/1203149
- https://bugzilla.suse.com/1203153
- https://bugzilla.suse.com/1203154
- https://bugzilla.suse.com/1203158
- https://www.suse.com/security/cve/CVE-2020-13936
- https://www.suse.com/security/cve/CVE-2022-25857
- https://www.suse.com/security/cve/CVE-2022-38749
- https://www.suse.com/security/cve/CVE-2022-38750
- https://www.suse.com/security/cve/CVE-2022-38751
- https://www.suse.com/security/cve/CVE-2022-38752