SUSE-SU-2023:4367-1

See a problem?
Please try reporting it to the source first.
Source
https://www.suse.com/support/update/announcement/2023/suse-su-20234367-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4367-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/SUSE-SU-2023:4367-1
Related
Published
2023-11-05T16:28:40Z
Modified
2023-11-05T16:28:40Z
Summary
Security update for apache-ivy
Details

This update for apache-ivy fixes the following issues:

  • Upgrade to version 2.5.2 (bsc#1214422)
  • CVE-2022-46751: Fixed an XML External Entity Injections that could be exploited to exfiltrate data, access resources only the machine running Ivy has access to or disturb the execution of Ivy in different ways. (bsc#1214422)
References

Affected packages

SUSE:Linux Enterprise Module for Development Tools 15 SP4 / apache-ivy

Package

Name
apache-ivy
Purl
pkg:rpm/suse/apache-ivy&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.5.2-150200.3.9.1

Ecosystem specific 

{
    "binaries": [
        {
            "apache-ivy": "2.5.2-150200.3.9.1"
        }
    ]
}

SUSE:Linux Enterprise Module for Development Tools 15 SP5 / apache-ivy

Package

Name
apache-ivy
Purl
pkg:rpm/suse/apache-ivy&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.5.2-150200.3.9.1

Ecosystem specific 

{
    "binaries": [
        {
            "apache-ivy": "2.5.2-150200.3.9.1"
        }
    ]
}

SUSE:Linux Enterprise High Performance Computing 15 SP2-LTSS / apache-ivy

Package

Name
apache-ivy
Purl
pkg:rpm/suse/apache-ivy&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.5.2-150200.3.9.1

Ecosystem specific 

{
    "binaries": [
        {
            "apache-ivy": "2.5.2-150200.3.9.1"
        }
    ]
}

SUSE:Linux Enterprise High Performance Computing 15 SP3-ESPOS / apache-ivy

Package

Name
apache-ivy
Purl
pkg:rpm/suse/apache-ivy&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.5.2-150200.3.9.1

Ecosystem specific 

{
    "binaries": [
        {
            "apache-ivy": "2.5.2-150200.3.9.1"
        }
    ]
}

SUSE:Linux Enterprise High Performance Computing 15 SP3-LTSS / apache-ivy

Package

Name
apache-ivy
Purl
pkg:rpm/suse/apache-ivy&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.5.2-150200.3.9.1

Ecosystem specific 

{
    "binaries": [
        {
            "apache-ivy": "2.5.2-150200.3.9.1"
        }
    ]
}

SUSE:Linux Enterprise Server 15 SP2-LTSS / apache-ivy

Package

Name
apache-ivy
Purl
pkg:rpm/suse/apache-ivy&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.5.2-150200.3.9.1

Ecosystem specific 

{
    "binaries": [
        {
            "apache-ivy": "2.5.2-150200.3.9.1"
        }
    ]
}

SUSE:Linux Enterprise Server 15 SP3-LTSS / apache-ivy

Package

Name
apache-ivy
Purl
pkg:rpm/suse/apache-ivy&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.5.2-150200.3.9.1

Ecosystem specific 

{
    "binaries": [
        {
            "apache-ivy": "2.5.2-150200.3.9.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 15 SP2 / apache-ivy

Package

Name
apache-ivy
Purl
pkg:rpm/suse/apache-ivy&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.5.2-150200.3.9.1

Ecosystem specific 

{
    "binaries": [
        {
            "apache-ivy": "2.5.2-150200.3.9.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 15 SP3 / apache-ivy

Package

Name
apache-ivy
Purl
pkg:rpm/suse/apache-ivy&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.5.2-150200.3.9.1

Ecosystem specific 

{
    "binaries": [
        {
            "apache-ivy": "2.5.2-150200.3.9.1"
        }
    ]
}

SUSE:Enterprise Storage 7.1 / apache-ivy

Package

Name
apache-ivy
Purl
pkg:rpm/suse/apache-ivy&distro=SUSE%20Enterprise%20Storage%207.1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.5.2-150200.3.9.1

Ecosystem specific 

{
    "binaries": [
        {
            "apache-ivy": "2.5.2-150200.3.9.1"
        }
    ]
}

openSUSE:Leap 15.4 / apache-ivy

Package

Name
apache-ivy
Purl
pkg:rpm/opensuse/apache-ivy&distro=openSUSE%20Leap%2015.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.5.2-150200.3.9.1

Ecosystem specific 

{
    "binaries": [
        {
            "apache-ivy-javadoc": "2.5.2-150200.3.9.1",
            "apache-ivy": "2.5.2-150200.3.9.1"
        }
    ]
}

openSUSE:Leap 15.5 / apache-ivy

Package

Name
apache-ivy
Purl
pkg:rpm/opensuse/apache-ivy&distro=openSUSE%20Leap%2015.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.5.2-150200.3.9.1

Ecosystem specific 

{
    "binaries": [
        {
            "apache-ivy-javadoc": "2.5.2-150200.3.9.1",
            "apache-ivy": "2.5.2-150200.3.9.1"
        }
    ]
}