Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-45490 (GCVE-0-2024-45490)
Vulnerability from cvelistv5 – Published: 2024-08-30 00:00 – Updated: 2026-05-12 11:57
VLAI
EPSS
Summary
An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
11 references
Impacted products
7 products
| Vendor | Product | Version | |
|---|---|---|---|
| libexpat_project | libexpat |
Affected:
0 , < 2.6.3
(custom)
cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:* |
|
| Siemens | RUGGEDCOM RST2428P |
Affected:
0 , < V3.1
(custom)
|
|
| Siemens | SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family |
Unaffected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XCM-/XRM-/XCH-/XRH-300 family |
Affected:
0 , < V3.1
(custom)
|
|
| Siemens | SIMATIC S7-1500 CPU 1518-4 PN/DP MFP |
Affected:
V3.1.5 , < *
(custom)
|
|
| Siemens | SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP |
Affected:
V3.1.5 , < *
(custom)
|
|
| Siemens | SIPLUS S7-1500 CPU 1518-4 PN/DP MFP |
Affected:
V3.1.5 , < *
(custom)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "libexpat",
"vendor": "libexpat_project",
"versions": [
{
"lessThan": "2.6.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-45490",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T18:17:03.200505Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-14T19:07:39.114Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T16:15:47.407Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20241018-0004/"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Dec/12"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Dec/10"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Dec/8"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Dec/7"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Dec/6"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00036.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RST2428P",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XCM-/XRM-/XCH-/XRH-300 family",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T11:57:31.663Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-613116.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T02:10:04.584Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/libexpat/libexpat/pull/890"
},
{
"url": "https://github.com/libexpat/libexpat/issues/887"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-45490",
"datePublished": "2024-08-30T00:00:00.000Z",
"dateReserved": "2024-08-30T00:00:00.000Z",
"dateUpdated": "2026-05-12T11:57:31.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-45490",
"date": "2026-06-03",
"epss": "0.00613",
"percentile": "0.70204"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-45490\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2024-08-30T03:15:03.757\",\"lastModified\":\"2026-05-12T12:17:10.563\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.\"},{\"lang\":\"es\",\"value\":\"Se descubri\u00f3 un problema en libexpat anterior a 2.6.3. xmlparse.c no rechaza una longitud negativa para XML_ParseBuffer.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-611\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-190\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.6.3\",\"matchCriteriaId\":\"FDDF6E7A-AF1C-4370-B0B0-29A35C454FFB\"}]}]}],\"references\":[{\"url\":\"https://github.com/libexpat/libexpat/issues/887\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/libexpat/libexpat/pull/890\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://seclists.org/fulldisclosure/2024/Dec/10\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://seclists.org/fulldisclosure/2024/Dec/12\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://seclists.org/fulldisclosure/2024/Dec/6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://seclists.org/fulldisclosure/2024/Dec/7\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://seclists.org/fulldisclosure/2024/Dec/8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/09/msg00036.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20241018-0004/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-082556.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\"},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-613116.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://security.netapp.com/advisory/ntap-20241018-0004/\"}, {\"url\": \"http://seclists.org/fulldisclosure/2024/Dec/12\"}, {\"url\": \"http://seclists.org/fulldisclosure/2024/Dec/10\"}, {\"url\": \"http://seclists.org/fulldisclosure/2024/Dec/8\"}, {\"url\": \"http://seclists.org/fulldisclosure/2024/Dec/7\"}, {\"url\": \"http://seclists.org/fulldisclosure/2024/Dec/6\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/09/msg00036.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-04T16:15:47.407Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-45490\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-08-30T18:17:03.200505Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*\"], \"vendor\": \"libexpat_project\", \"product\": \"libexpat\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"2.6.3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-190\", \"description\": \"CWE-190 Integer Overflow or Wraparound\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-30T18:18:26.447Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://github.com/libexpat/libexpat/pull/890\"}, {\"url\": \"https://github.com/libexpat/libexpat/issues/887\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2024-08-30T02:10:04.584Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-45490\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-04T16:15:47.407Z\", \"dateReserved\": \"2024-08-30T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2024-08-30T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
SUSE-SU-2024:3538-1
Vulnerability from csaf_suse - Published: 2024-10-07 12:16 - Updated: 2024-10-07 12:16Summary
Security update for mozjs115
Severity
Moderate
Notes
Title of the patch: Security update for mozjs115
Description of the patch: This update for mozjs115 fixes the following issues:
- CVE-2024-45490: Fixed negative len for XML_ParseBuffer in embedded expat (bnc#1230036)
- CVE-2024-45491: Fixed integer overflow in dtdCopy in embedded expat (bnc#1230037)
- CVE-2024-45492: Fixed integer overflow in function nextScaffoldPart in embedded expat (bnc#1230038)
Patchnames: SUSE-2024-3538,SUSE-SLE-Module-Desktop-Applications-15-SP6-2024-3538,openSUSE-SLE-15.6-2024-3538
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.2 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libmozjs-115-0-115.4.0-150600.3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libmozjs-115-0-115.4.0-150600.3.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libmozjs-115-0-115.4.0-150600.3.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libmozjs-115-0-115.4.0-150600.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP6:mozjs115-devel-115.4.0-150600.3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP6:mozjs115-devel-115.4.0-150600.3.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP6:mozjs115-devel-115.4.0-150600.3.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP6:mozjs115-devel-115.4.0-150600.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libmozjs-115-0-115.4.0-150600.3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libmozjs-115-0-115.4.0-150600.3.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libmozjs-115-0-115.4.0-150600.3.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libmozjs-115-0-115.4.0-150600.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs115-115.4.0-150600.3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs115-115.4.0-150600.3.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs115-115.4.0-150600.3.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs115-115.4.0-150600.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs115-devel-115.4.0-150600.3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs115-devel-115.4.0-150600.3.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs115-devel-115.4.0-150600.3.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs115-devel-115.4.0-150600.3.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.2 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libmozjs-115-0-115.4.0-150600.3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libmozjs-115-0-115.4.0-150600.3.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libmozjs-115-0-115.4.0-150600.3.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libmozjs-115-0-115.4.0-150600.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP6:mozjs115-devel-115.4.0-150600.3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP6:mozjs115-devel-115.4.0-150600.3.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP6:mozjs115-devel-115.4.0-150600.3.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP6:mozjs115-devel-115.4.0-150600.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libmozjs-115-0-115.4.0-150600.3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libmozjs-115-0-115.4.0-150600.3.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libmozjs-115-0-115.4.0-150600.3.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libmozjs-115-0-115.4.0-150600.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs115-115.4.0-150600.3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs115-115.4.0-150600.3.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs115-115.4.0-150600.3.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs115-115.4.0-150600.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs115-devel-115.4.0-150600.3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs115-devel-115.4.0-150600.3.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs115-devel-115.4.0-150600.3.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs115-devel-115.4.0-150600.3.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.2 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libmozjs-115-0-115.4.0-150600.3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libmozjs-115-0-115.4.0-150600.3.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libmozjs-115-0-115.4.0-150600.3.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libmozjs-115-0-115.4.0-150600.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP6:mozjs115-devel-115.4.0-150600.3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP6:mozjs115-devel-115.4.0-150600.3.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP6:mozjs115-devel-115.4.0-150600.3.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP6:mozjs115-devel-115.4.0-150600.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libmozjs-115-0-115.4.0-150600.3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libmozjs-115-0-115.4.0-150600.3.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libmozjs-115-0-115.4.0-150600.3.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libmozjs-115-0-115.4.0-150600.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs115-115.4.0-150600.3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs115-115.4.0-150600.3.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs115-115.4.0-150600.3.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs115-115.4.0-150600.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs115-devel-115.4.0-150600.3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs115-devel-115.4.0-150600.3.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs115-devel-115.4.0-150600.3.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs115-devel-115.4.0-150600.3.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
20 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for mozjs115",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for mozjs115 fixes the following issues:\n\n- CVE-2024-45490: Fixed negative len for XML_ParseBuffer in embedded expat (bnc#1230036)\n- CVE-2024-45491: Fixed integer overflow in dtdCopy in embedded expat (bnc#1230037)\n- CVE-2024-45492: Fixed integer overflow in function nextScaffoldPart in embedded expat (bnc#1230038)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-3538,SUSE-SLE-Module-Desktop-Applications-15-SP6-2024-3538,openSUSE-SLE-15.6-2024-3538",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_3538-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:3538-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243538-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:3538-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-October/019556.html"
},
{
"category": "self",
"summary": "SUSE Bug 1230036",
"url": "https://bugzilla.suse.com/1230036"
},
{
"category": "self",
"summary": "SUSE Bug 1230037",
"url": "https://bugzilla.suse.com/1230037"
},
{
"category": "self",
"summary": "SUSE Bug 1230038",
"url": "https://bugzilla.suse.com/1230038"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45490 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45490/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45491 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45491/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45492 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45492/"
}
],
"title": "Security update for mozjs115",
"tracking": {
"current_release_date": "2024-10-07T12:16:34Z",
"generator": {
"date": "2024-10-07T12:16:34Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:3538-1",
"initial_release_date": "2024-10-07T12:16:34Z",
"revision_history": [
{
"date": "2024-10-07T12:16:34Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libmozjs-115-0-115.4.0-150600.3.3.1.aarch64",
"product": {
"name": "libmozjs-115-0-115.4.0-150600.3.3.1.aarch64",
"product_id": "libmozjs-115-0-115.4.0-150600.3.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "mozjs115-115.4.0-150600.3.3.1.aarch64",
"product": {
"name": "mozjs115-115.4.0-150600.3.3.1.aarch64",
"product_id": "mozjs115-115.4.0-150600.3.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "mozjs115-devel-115.4.0-150600.3.3.1.aarch64",
"product": {
"name": "mozjs115-devel-115.4.0-150600.3.3.1.aarch64",
"product_id": "mozjs115-devel-115.4.0-150600.3.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libmozjs-115-0-115.4.0-150600.3.3.1.i686",
"product": {
"name": "libmozjs-115-0-115.4.0-150600.3.3.1.i686",
"product_id": "libmozjs-115-0-115.4.0-150600.3.3.1.i686"
}
},
{
"category": "product_version",
"name": "mozjs115-115.4.0-150600.3.3.1.i686",
"product": {
"name": "mozjs115-115.4.0-150600.3.3.1.i686",
"product_id": "mozjs115-115.4.0-150600.3.3.1.i686"
}
},
{
"category": "product_version",
"name": "mozjs115-devel-115.4.0-150600.3.3.1.i686",
"product": {
"name": "mozjs115-devel-115.4.0-150600.3.3.1.i686",
"product_id": "mozjs115-devel-115.4.0-150600.3.3.1.i686"
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libmozjs-115-0-115.4.0-150600.3.3.1.ppc64le",
"product": {
"name": "libmozjs-115-0-115.4.0-150600.3.3.1.ppc64le",
"product_id": "libmozjs-115-0-115.4.0-150600.3.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "mozjs115-115.4.0-150600.3.3.1.ppc64le",
"product": {
"name": "mozjs115-115.4.0-150600.3.3.1.ppc64le",
"product_id": "mozjs115-115.4.0-150600.3.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "mozjs115-devel-115.4.0-150600.3.3.1.ppc64le",
"product": {
"name": "mozjs115-devel-115.4.0-150600.3.3.1.ppc64le",
"product_id": "mozjs115-devel-115.4.0-150600.3.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libmozjs-115-0-115.4.0-150600.3.3.1.s390x",
"product": {
"name": "libmozjs-115-0-115.4.0-150600.3.3.1.s390x",
"product_id": "libmozjs-115-0-115.4.0-150600.3.3.1.s390x"
}
},
{
"category": "product_version",
"name": "mozjs115-115.4.0-150600.3.3.1.s390x",
"product": {
"name": "mozjs115-115.4.0-150600.3.3.1.s390x",
"product_id": "mozjs115-115.4.0-150600.3.3.1.s390x"
}
},
{
"category": "product_version",
"name": "mozjs115-devel-115.4.0-150600.3.3.1.s390x",
"product": {
"name": "mozjs115-devel-115.4.0-150600.3.3.1.s390x",
"product_id": "mozjs115-devel-115.4.0-150600.3.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libmozjs-115-0-115.4.0-150600.3.3.1.x86_64",
"product": {
"name": "libmozjs-115-0-115.4.0-150600.3.3.1.x86_64",
"product_id": "libmozjs-115-0-115.4.0-150600.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "mozjs115-115.4.0-150600.3.3.1.x86_64",
"product": {
"name": "mozjs115-115.4.0-150600.3.3.1.x86_64",
"product_id": "mozjs115-115.4.0-150600.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "mozjs115-devel-115.4.0-150600.3.3.1.x86_64",
"product": {
"name": "mozjs115-devel-115.4.0-150600.3.3.1.x86_64",
"product_id": "mozjs115-devel-115.4.0-150600.3.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-desktop-applications:15:sp6"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libmozjs-115-0-115.4.0-150600.3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libmozjs-115-0-115.4.0-150600.3.3.1.aarch64"
},
"product_reference": "libmozjs-115-0-115.4.0-150600.3.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmozjs-115-0-115.4.0-150600.3.3.1.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libmozjs-115-0-115.4.0-150600.3.3.1.ppc64le"
},
"product_reference": "libmozjs-115-0-115.4.0-150600.3.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmozjs-115-0-115.4.0-150600.3.3.1.s390x as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libmozjs-115-0-115.4.0-150600.3.3.1.s390x"
},
"product_reference": "libmozjs-115-0-115.4.0-150600.3.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmozjs-115-0-115.4.0-150600.3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libmozjs-115-0-115.4.0-150600.3.3.1.x86_64"
},
"product_reference": "libmozjs-115-0-115.4.0-150600.3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozjs115-devel-115.4.0-150600.3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:mozjs115-devel-115.4.0-150600.3.3.1.aarch64"
},
"product_reference": "mozjs115-devel-115.4.0-150600.3.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozjs115-devel-115.4.0-150600.3.3.1.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:mozjs115-devel-115.4.0-150600.3.3.1.ppc64le"
},
"product_reference": "mozjs115-devel-115.4.0-150600.3.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozjs115-devel-115.4.0-150600.3.3.1.s390x as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:mozjs115-devel-115.4.0-150600.3.3.1.s390x"
},
"product_reference": "mozjs115-devel-115.4.0-150600.3.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozjs115-devel-115.4.0-150600.3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:mozjs115-devel-115.4.0-150600.3.3.1.x86_64"
},
"product_reference": "mozjs115-devel-115.4.0-150600.3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmozjs-115-0-115.4.0-150600.3.3.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libmozjs-115-0-115.4.0-150600.3.3.1.aarch64"
},
"product_reference": "libmozjs-115-0-115.4.0-150600.3.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmozjs-115-0-115.4.0-150600.3.3.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libmozjs-115-0-115.4.0-150600.3.3.1.ppc64le"
},
"product_reference": "libmozjs-115-0-115.4.0-150600.3.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmozjs-115-0-115.4.0-150600.3.3.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libmozjs-115-0-115.4.0-150600.3.3.1.s390x"
},
"product_reference": "libmozjs-115-0-115.4.0-150600.3.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmozjs-115-0-115.4.0-150600.3.3.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libmozjs-115-0-115.4.0-150600.3.3.1.x86_64"
},
"product_reference": "libmozjs-115-0-115.4.0-150600.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozjs115-115.4.0-150600.3.3.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:mozjs115-115.4.0-150600.3.3.1.aarch64"
},
"product_reference": "mozjs115-115.4.0-150600.3.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozjs115-115.4.0-150600.3.3.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:mozjs115-115.4.0-150600.3.3.1.ppc64le"
},
"product_reference": "mozjs115-115.4.0-150600.3.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozjs115-115.4.0-150600.3.3.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:mozjs115-115.4.0-150600.3.3.1.s390x"
},
"product_reference": "mozjs115-115.4.0-150600.3.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozjs115-115.4.0-150600.3.3.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:mozjs115-115.4.0-150600.3.3.1.x86_64"
},
"product_reference": "mozjs115-115.4.0-150600.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozjs115-devel-115.4.0-150600.3.3.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:mozjs115-devel-115.4.0-150600.3.3.1.aarch64"
},
"product_reference": "mozjs115-devel-115.4.0-150600.3.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozjs115-devel-115.4.0-150600.3.3.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:mozjs115-devel-115.4.0-150600.3.3.1.ppc64le"
},
"product_reference": "mozjs115-devel-115.4.0-150600.3.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozjs115-devel-115.4.0-150600.3.3.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:mozjs115-devel-115.4.0-150600.3.3.1.s390x"
},
"product_reference": "mozjs115-devel-115.4.0-150600.3.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozjs115-devel-115.4.0-150600.3.3.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:mozjs115-devel-115.4.0-150600.3.3.1.x86_64"
},
"product_reference": "mozjs115-devel-115.4.0-150600.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-45490",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45490"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libmozjs-115-0-115.4.0-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libmozjs-115-0-115.4.0-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libmozjs-115-0-115.4.0-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libmozjs-115-0-115.4.0-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:mozjs115-devel-115.4.0-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:mozjs115-devel-115.4.0-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:mozjs115-devel-115.4.0-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:mozjs115-devel-115.4.0-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libmozjs-115-0-115.4.0-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libmozjs-115-0-115.4.0-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libmozjs-115-0-115.4.0-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libmozjs-115-0-115.4.0-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:mozjs115-115.4.0-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:mozjs115-115.4.0-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:mozjs115-115.4.0-150600.3.3.1.s390x",
"openSUSE Leap 15.6:mozjs115-115.4.0-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:mozjs115-devel-115.4.0-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:mozjs115-devel-115.4.0-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:mozjs115-devel-115.4.0-150600.3.3.1.s390x",
"openSUSE Leap 15.6:mozjs115-devel-115.4.0-150600.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45490",
"url": "https://www.suse.com/security/cve/CVE-2024-45490"
},
{
"category": "external",
"summary": "SUSE Bug 1229930 for CVE-2024-45490",
"url": "https://bugzilla.suse.com/1229930"
},
{
"category": "external",
"summary": "SUSE Bug 1229962 for CVE-2024-45490",
"url": "https://bugzilla.suse.com/1229962"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libmozjs-115-0-115.4.0-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libmozjs-115-0-115.4.0-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libmozjs-115-0-115.4.0-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libmozjs-115-0-115.4.0-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:mozjs115-devel-115.4.0-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:mozjs115-devel-115.4.0-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:mozjs115-devel-115.4.0-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:mozjs115-devel-115.4.0-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libmozjs-115-0-115.4.0-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libmozjs-115-0-115.4.0-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libmozjs-115-0-115.4.0-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libmozjs-115-0-115.4.0-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:mozjs115-115.4.0-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:mozjs115-115.4.0-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:mozjs115-115.4.0-150600.3.3.1.s390x",
"openSUSE Leap 15.6:mozjs115-115.4.0-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:mozjs115-devel-115.4.0-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:mozjs115-devel-115.4.0-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:mozjs115-devel-115.4.0-150600.3.3.1.s390x",
"openSUSE Leap 15.6:mozjs115-devel-115.4.0-150600.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libmozjs-115-0-115.4.0-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libmozjs-115-0-115.4.0-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libmozjs-115-0-115.4.0-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libmozjs-115-0-115.4.0-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:mozjs115-devel-115.4.0-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:mozjs115-devel-115.4.0-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:mozjs115-devel-115.4.0-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:mozjs115-devel-115.4.0-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libmozjs-115-0-115.4.0-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libmozjs-115-0-115.4.0-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libmozjs-115-0-115.4.0-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libmozjs-115-0-115.4.0-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:mozjs115-115.4.0-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:mozjs115-115.4.0-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:mozjs115-115.4.0-150600.3.3.1.s390x",
"openSUSE Leap 15.6:mozjs115-115.4.0-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:mozjs115-devel-115.4.0-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:mozjs115-devel-115.4.0-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:mozjs115-devel-115.4.0-150600.3.3.1.s390x",
"openSUSE Leap 15.6:mozjs115-devel-115.4.0-150600.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-07T12:16:34Z",
"details": "moderate"
}
],
"title": "CVE-2024-45490"
},
{
"cve": "CVE-2024-45491",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45491"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libmozjs-115-0-115.4.0-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libmozjs-115-0-115.4.0-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libmozjs-115-0-115.4.0-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libmozjs-115-0-115.4.0-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:mozjs115-devel-115.4.0-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:mozjs115-devel-115.4.0-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:mozjs115-devel-115.4.0-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:mozjs115-devel-115.4.0-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libmozjs-115-0-115.4.0-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libmozjs-115-0-115.4.0-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libmozjs-115-0-115.4.0-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libmozjs-115-0-115.4.0-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:mozjs115-115.4.0-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:mozjs115-115.4.0-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:mozjs115-115.4.0-150600.3.3.1.s390x",
"openSUSE Leap 15.6:mozjs115-115.4.0-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:mozjs115-devel-115.4.0-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:mozjs115-devel-115.4.0-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:mozjs115-devel-115.4.0-150600.3.3.1.s390x",
"openSUSE Leap 15.6:mozjs115-devel-115.4.0-150600.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45491",
"url": "https://www.suse.com/security/cve/CVE-2024-45491"
},
{
"category": "external",
"summary": "SUSE Bug 1229930 for CVE-2024-45491",
"url": "https://bugzilla.suse.com/1229930"
},
{
"category": "external",
"summary": "SUSE Bug 1229931 for CVE-2024-45491",
"url": "https://bugzilla.suse.com/1229931"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libmozjs-115-0-115.4.0-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libmozjs-115-0-115.4.0-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libmozjs-115-0-115.4.0-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libmozjs-115-0-115.4.0-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:mozjs115-devel-115.4.0-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:mozjs115-devel-115.4.0-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:mozjs115-devel-115.4.0-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:mozjs115-devel-115.4.0-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libmozjs-115-0-115.4.0-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libmozjs-115-0-115.4.0-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libmozjs-115-0-115.4.0-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libmozjs-115-0-115.4.0-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:mozjs115-115.4.0-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:mozjs115-115.4.0-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:mozjs115-115.4.0-150600.3.3.1.s390x",
"openSUSE Leap 15.6:mozjs115-115.4.0-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:mozjs115-devel-115.4.0-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:mozjs115-devel-115.4.0-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:mozjs115-devel-115.4.0-150600.3.3.1.s390x",
"openSUSE Leap 15.6:mozjs115-devel-115.4.0-150600.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libmozjs-115-0-115.4.0-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libmozjs-115-0-115.4.0-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libmozjs-115-0-115.4.0-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libmozjs-115-0-115.4.0-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:mozjs115-devel-115.4.0-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:mozjs115-devel-115.4.0-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:mozjs115-devel-115.4.0-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:mozjs115-devel-115.4.0-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libmozjs-115-0-115.4.0-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libmozjs-115-0-115.4.0-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libmozjs-115-0-115.4.0-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libmozjs-115-0-115.4.0-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:mozjs115-115.4.0-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:mozjs115-115.4.0-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:mozjs115-115.4.0-150600.3.3.1.s390x",
"openSUSE Leap 15.6:mozjs115-115.4.0-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:mozjs115-devel-115.4.0-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:mozjs115-devel-115.4.0-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:mozjs115-devel-115.4.0-150600.3.3.1.s390x",
"openSUSE Leap 15.6:mozjs115-devel-115.4.0-150600.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-07T12:16:34Z",
"details": "moderate"
}
],
"title": "CVE-2024-45491"
},
{
"cve": "CVE-2024-45492",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45492"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libmozjs-115-0-115.4.0-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libmozjs-115-0-115.4.0-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libmozjs-115-0-115.4.0-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libmozjs-115-0-115.4.0-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:mozjs115-devel-115.4.0-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:mozjs115-devel-115.4.0-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:mozjs115-devel-115.4.0-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:mozjs115-devel-115.4.0-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libmozjs-115-0-115.4.0-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libmozjs-115-0-115.4.0-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libmozjs-115-0-115.4.0-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libmozjs-115-0-115.4.0-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:mozjs115-115.4.0-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:mozjs115-115.4.0-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:mozjs115-115.4.0-150600.3.3.1.s390x",
"openSUSE Leap 15.6:mozjs115-115.4.0-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:mozjs115-devel-115.4.0-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:mozjs115-devel-115.4.0-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:mozjs115-devel-115.4.0-150600.3.3.1.s390x",
"openSUSE Leap 15.6:mozjs115-devel-115.4.0-150600.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45492",
"url": "https://www.suse.com/security/cve/CVE-2024-45492"
},
{
"category": "external",
"summary": "SUSE Bug 1229930 for CVE-2024-45492",
"url": "https://bugzilla.suse.com/1229930"
},
{
"category": "external",
"summary": "SUSE Bug 1229932 for CVE-2024-45492",
"url": "https://bugzilla.suse.com/1229932"
},
{
"category": "external",
"summary": "SUSE Bug 1229964 for CVE-2024-45492",
"url": "https://bugzilla.suse.com/1229964"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libmozjs-115-0-115.4.0-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libmozjs-115-0-115.4.0-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libmozjs-115-0-115.4.0-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libmozjs-115-0-115.4.0-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:mozjs115-devel-115.4.0-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:mozjs115-devel-115.4.0-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:mozjs115-devel-115.4.0-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:mozjs115-devel-115.4.0-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libmozjs-115-0-115.4.0-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libmozjs-115-0-115.4.0-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libmozjs-115-0-115.4.0-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libmozjs-115-0-115.4.0-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:mozjs115-115.4.0-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:mozjs115-115.4.0-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:mozjs115-115.4.0-150600.3.3.1.s390x",
"openSUSE Leap 15.6:mozjs115-115.4.0-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:mozjs115-devel-115.4.0-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:mozjs115-devel-115.4.0-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:mozjs115-devel-115.4.0-150600.3.3.1.s390x",
"openSUSE Leap 15.6:mozjs115-devel-115.4.0-150600.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libmozjs-115-0-115.4.0-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libmozjs-115-0-115.4.0-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libmozjs-115-0-115.4.0-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libmozjs-115-0-115.4.0-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:mozjs115-devel-115.4.0-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:mozjs115-devel-115.4.0-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:mozjs115-devel-115.4.0-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:mozjs115-devel-115.4.0-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libmozjs-115-0-115.4.0-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libmozjs-115-0-115.4.0-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libmozjs-115-0-115.4.0-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libmozjs-115-0-115.4.0-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:mozjs115-115.4.0-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:mozjs115-115.4.0-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:mozjs115-115.4.0-150600.3.3.1.s390x",
"openSUSE Leap 15.6:mozjs115-115.4.0-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:mozjs115-devel-115.4.0-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:mozjs115-devel-115.4.0-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:mozjs115-devel-115.4.0-150600.3.3.1.s390x",
"openSUSE Leap 15.6:mozjs115-devel-115.4.0-150600.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-07T12:16:34Z",
"details": "moderate"
}
],
"title": "CVE-2024-45492"
}
]
}
SUSE-SU-2024:3554-1
Vulnerability from csaf_suse - Published: 2024-10-09 06:17 - Updated: 2024-10-09 06:17Summary
Security update for mozjs78
Severity
Moderate
Notes
Title of the patch: Security update for mozjs78
Description of the patch: This update for mozjs78 fixes the following issues:
- CVE-2024-45490: Fixed negative len for XML_ParseBuffer in embedded expat (bnc#1230036)
- CVE-2024-45491: Fixed integer overflow in dtdCopy in embedded expat (bnc#1230037)
- CVE-2024-45492: Fixed integer overflow in function nextScaffoldPart in embedded expat (bnc#1230038)
Patchnames: SUSE-2024-3554,SUSE-SLE-Module-Desktop-Applications-15-SP5-2024-3554,SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-3554,SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-3554,openSUSE-SLE-15.5-2024-3554,openSUSE-SLE-15.6-2024-3554
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.2 (Medium)
Affected products
Recommended
39 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP5:mozjs78-devel-78.15.0-150400.3.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP5:mozjs78-devel-78.15.0-150400.3.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP5:mozjs78-devel-78.15.0-150400.3.6.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP5:mozjs78-devel-78.15.0-150400.3.6.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:libmozjs-78-0-78.15.0-150400.3.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:libmozjs-78-0-78.15.0-150400.3.6.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:libmozjs-78-0-78.15.0-150400.3.6.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:libmozjs-78-0-78.15.0-150400.3.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:libmozjs-78-0-78.15.0-150400.3.6.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:libmozjs-78-0-78.15.0-150400.3.6.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:mozjs78-78.15.0-150400.3.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:mozjs78-78.15.0-150400.3.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:mozjs78-78.15.0-150400.3.6.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:mozjs78-78.15.0-150400.3.6.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:mozjs78-devel-78.15.0-150400.3.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:mozjs78-devel-78.15.0-150400.3.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:mozjs78-devel-78.15.0-150400.3.6.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:mozjs78-devel-78.15.0-150400.3.6.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libmozjs-78-0-78.15.0-150400.3.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libmozjs-78-0-78.15.0-150400.3.6.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libmozjs-78-0-78.15.0-150400.3.6.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs78-78.15.0-150400.3.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs78-78.15.0-150400.3.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs78-78.15.0-150400.3.6.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs78-78.15.0-150400.3.6.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs78-devel-78.15.0-150400.3.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs78-devel-78.15.0-150400.3.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs78-devel-78.15.0-150400.3.6.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs78-devel-78.15.0-150400.3.6.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.2 (Medium)
Affected products
Recommended
39 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP5:mozjs78-devel-78.15.0-150400.3.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP5:mozjs78-devel-78.15.0-150400.3.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP5:mozjs78-devel-78.15.0-150400.3.6.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP5:mozjs78-devel-78.15.0-150400.3.6.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:libmozjs-78-0-78.15.0-150400.3.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:libmozjs-78-0-78.15.0-150400.3.6.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:libmozjs-78-0-78.15.0-150400.3.6.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:libmozjs-78-0-78.15.0-150400.3.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:libmozjs-78-0-78.15.0-150400.3.6.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:libmozjs-78-0-78.15.0-150400.3.6.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:mozjs78-78.15.0-150400.3.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:mozjs78-78.15.0-150400.3.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:mozjs78-78.15.0-150400.3.6.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:mozjs78-78.15.0-150400.3.6.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:mozjs78-devel-78.15.0-150400.3.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:mozjs78-devel-78.15.0-150400.3.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:mozjs78-devel-78.15.0-150400.3.6.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:mozjs78-devel-78.15.0-150400.3.6.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libmozjs-78-0-78.15.0-150400.3.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libmozjs-78-0-78.15.0-150400.3.6.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libmozjs-78-0-78.15.0-150400.3.6.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs78-78.15.0-150400.3.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs78-78.15.0-150400.3.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs78-78.15.0-150400.3.6.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs78-78.15.0-150400.3.6.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs78-devel-78.15.0-150400.3.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs78-devel-78.15.0-150400.3.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs78-devel-78.15.0-150400.3.6.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs78-devel-78.15.0-150400.3.6.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.2 (Medium)
Affected products
Recommended
39 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP5:mozjs78-devel-78.15.0-150400.3.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP5:mozjs78-devel-78.15.0-150400.3.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP5:mozjs78-devel-78.15.0-150400.3.6.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP5:mozjs78-devel-78.15.0-150400.3.6.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:libmozjs-78-0-78.15.0-150400.3.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:libmozjs-78-0-78.15.0-150400.3.6.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:libmozjs-78-0-78.15.0-150400.3.6.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:libmozjs-78-0-78.15.0-150400.3.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:libmozjs-78-0-78.15.0-150400.3.6.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:libmozjs-78-0-78.15.0-150400.3.6.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:mozjs78-78.15.0-150400.3.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:mozjs78-78.15.0-150400.3.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:mozjs78-78.15.0-150400.3.6.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:mozjs78-78.15.0-150400.3.6.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:mozjs78-devel-78.15.0-150400.3.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:mozjs78-devel-78.15.0-150400.3.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:mozjs78-devel-78.15.0-150400.3.6.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:mozjs78-devel-78.15.0-150400.3.6.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libmozjs-78-0-78.15.0-150400.3.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libmozjs-78-0-78.15.0-150400.3.6.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libmozjs-78-0-78.15.0-150400.3.6.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs78-78.15.0-150400.3.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs78-78.15.0-150400.3.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs78-78.15.0-150400.3.6.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs78-78.15.0-150400.3.6.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs78-devel-78.15.0-150400.3.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs78-devel-78.15.0-150400.3.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs78-devel-78.15.0-150400.3.6.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs78-devel-78.15.0-150400.3.6.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
20 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for mozjs78",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for mozjs78 fixes the following issues:\n\n- CVE-2024-45490: Fixed negative len for XML_ParseBuffer in embedded expat (bnc#1230036)\n- CVE-2024-45491: Fixed integer overflow in dtdCopy in embedded expat (bnc#1230037)\n- CVE-2024-45492: Fixed integer overflow in function nextScaffoldPart in embedded expat (bnc#1230038)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-3554,SUSE-SLE-Module-Desktop-Applications-15-SP5-2024-3554,SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-3554,SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-3554,openSUSE-SLE-15.5-2024-3554,openSUSE-SLE-15.6-2024-3554",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_3554-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:3554-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243554-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:3554-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-October/019572.html"
},
{
"category": "self",
"summary": "SUSE Bug 1230036",
"url": "https://bugzilla.suse.com/1230036"
},
{
"category": "self",
"summary": "SUSE Bug 1230037",
"url": "https://bugzilla.suse.com/1230037"
},
{
"category": "self",
"summary": "SUSE Bug 1230038",
"url": "https://bugzilla.suse.com/1230038"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45490 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45490/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45491 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45491/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45492 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45492/"
}
],
"title": "Security update for mozjs78",
"tracking": {
"current_release_date": "2024-10-09T06:17:10Z",
"generator": {
"date": "2024-10-09T06:17:10Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:3554-1",
"initial_release_date": "2024-10-09T06:17:10Z",
"revision_history": [
{
"date": "2024-10-09T06:17:10Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libmozjs-78-0-78.15.0-150400.3.6.2.aarch64",
"product": {
"name": "libmozjs-78-0-78.15.0-150400.3.6.2.aarch64",
"product_id": "libmozjs-78-0-78.15.0-150400.3.6.2.aarch64"
}
},
{
"category": "product_version",
"name": "mozjs78-78.15.0-150400.3.6.2.aarch64",
"product": {
"name": "mozjs78-78.15.0-150400.3.6.2.aarch64",
"product_id": "mozjs78-78.15.0-150400.3.6.2.aarch64"
}
},
{
"category": "product_version",
"name": "mozjs78-devel-78.15.0-150400.3.6.2.aarch64",
"product": {
"name": "mozjs78-devel-78.15.0-150400.3.6.2.aarch64",
"product_id": "mozjs78-devel-78.15.0-150400.3.6.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libmozjs-78-0-78.15.0-150400.3.6.2.i686",
"product": {
"name": "libmozjs-78-0-78.15.0-150400.3.6.2.i686",
"product_id": "libmozjs-78-0-78.15.0-150400.3.6.2.i686"
}
},
{
"category": "product_version",
"name": "mozjs78-78.15.0-150400.3.6.2.i686",
"product": {
"name": "mozjs78-78.15.0-150400.3.6.2.i686",
"product_id": "mozjs78-78.15.0-150400.3.6.2.i686"
}
},
{
"category": "product_version",
"name": "mozjs78-devel-78.15.0-150400.3.6.2.i686",
"product": {
"name": "mozjs78-devel-78.15.0-150400.3.6.2.i686",
"product_id": "mozjs78-devel-78.15.0-150400.3.6.2.i686"
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le",
"product": {
"name": "libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le",
"product_id": "libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le"
}
},
{
"category": "product_version",
"name": "mozjs78-78.15.0-150400.3.6.2.ppc64le",
"product": {
"name": "mozjs78-78.15.0-150400.3.6.2.ppc64le",
"product_id": "mozjs78-78.15.0-150400.3.6.2.ppc64le"
}
},
{
"category": "product_version",
"name": "mozjs78-devel-78.15.0-150400.3.6.2.ppc64le",
"product": {
"name": "mozjs78-devel-78.15.0-150400.3.6.2.ppc64le",
"product_id": "mozjs78-devel-78.15.0-150400.3.6.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libmozjs-78-0-78.15.0-150400.3.6.2.s390x",
"product": {
"name": "libmozjs-78-0-78.15.0-150400.3.6.2.s390x",
"product_id": "libmozjs-78-0-78.15.0-150400.3.6.2.s390x"
}
},
{
"category": "product_version",
"name": "mozjs78-78.15.0-150400.3.6.2.s390x",
"product": {
"name": "mozjs78-78.15.0-150400.3.6.2.s390x",
"product_id": "mozjs78-78.15.0-150400.3.6.2.s390x"
}
},
{
"category": "product_version",
"name": "mozjs78-devel-78.15.0-150400.3.6.2.s390x",
"product": {
"name": "mozjs78-devel-78.15.0-150400.3.6.2.s390x",
"product_id": "mozjs78-devel-78.15.0-150400.3.6.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libmozjs-78-0-78.15.0-150400.3.6.2.x86_64",
"product": {
"name": "libmozjs-78-0-78.15.0-150400.3.6.2.x86_64",
"product_id": "libmozjs-78-0-78.15.0-150400.3.6.2.x86_64"
}
},
{
"category": "product_version",
"name": "mozjs78-78.15.0-150400.3.6.2.x86_64",
"product": {
"name": "mozjs78-78.15.0-150400.3.6.2.x86_64",
"product_id": "mozjs78-78.15.0-150400.3.6.2.x86_64"
}
},
{
"category": "product_version",
"name": "mozjs78-devel-78.15.0-150400.3.6.2.x86_64",
"product": {
"name": "mozjs78-devel-78.15.0-150400.3.6.2.x86_64",
"product_id": "mozjs78-devel-78.15.0-150400.3.6.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-desktop-applications:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:15:sp6"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.5",
"product": {
"name": "openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.5"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libmozjs-78-0-78.15.0-150400.3.6.2.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.aarch64"
},
"product_reference": "libmozjs-78-0-78.15.0-150400.3.6.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le"
},
"product_reference": "libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmozjs-78-0-78.15.0-150400.3.6.2.s390x as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.s390x"
},
"product_reference": "libmozjs-78-0-78.15.0-150400.3.6.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmozjs-78-0-78.15.0-150400.3.6.2.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.x86_64"
},
"product_reference": "libmozjs-78-0-78.15.0-150400.3.6.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozjs78-devel-78.15.0-150400.3.6.2.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5:mozjs78-devel-78.15.0-150400.3.6.2.aarch64"
},
"product_reference": "mozjs78-devel-78.15.0-150400.3.6.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozjs78-devel-78.15.0-150400.3.6.2.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5:mozjs78-devel-78.15.0-150400.3.6.2.ppc64le"
},
"product_reference": "mozjs78-devel-78.15.0-150400.3.6.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozjs78-devel-78.15.0-150400.3.6.2.s390x as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5:mozjs78-devel-78.15.0-150400.3.6.2.s390x"
},
"product_reference": "mozjs78-devel-78.15.0-150400.3.6.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozjs78-devel-78.15.0-150400.3.6.2.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5:mozjs78-devel-78.15.0-150400.3.6.2.x86_64"
},
"product_reference": "mozjs78-devel-78.15.0-150400.3.6.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmozjs-78-0-78.15.0-150400.3.6.2.aarch64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.aarch64"
},
"product_reference": "libmozjs-78-0-78.15.0-150400.3.6.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le"
},
"product_reference": "libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmozjs-78-0-78.15.0-150400.3.6.2.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.s390x"
},
"product_reference": "libmozjs-78-0-78.15.0-150400.3.6.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmozjs-78-0-78.15.0-150400.3.6.2.aarch64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:libmozjs-78-0-78.15.0-150400.3.6.2.aarch64"
},
"product_reference": "libmozjs-78-0-78.15.0-150400.3.6.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le"
},
"product_reference": "libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmozjs-78-0-78.15.0-150400.3.6.2.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:libmozjs-78-0-78.15.0-150400.3.6.2.s390x"
},
"product_reference": "libmozjs-78-0-78.15.0-150400.3.6.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmozjs-78-0-78.15.0-150400.3.6.2.x86_64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:libmozjs-78-0-78.15.0-150400.3.6.2.x86_64"
},
"product_reference": "libmozjs-78-0-78.15.0-150400.3.6.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmozjs-78-0-78.15.0-150400.3.6.2.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:libmozjs-78-0-78.15.0-150400.3.6.2.aarch64"
},
"product_reference": "libmozjs-78-0-78.15.0-150400.3.6.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le"
},
"product_reference": "libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmozjs-78-0-78.15.0-150400.3.6.2.s390x as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:libmozjs-78-0-78.15.0-150400.3.6.2.s390x"
},
"product_reference": "libmozjs-78-0-78.15.0-150400.3.6.2.s390x",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmozjs-78-0-78.15.0-150400.3.6.2.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:libmozjs-78-0-78.15.0-150400.3.6.2.x86_64"
},
"product_reference": "libmozjs-78-0-78.15.0-150400.3.6.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozjs78-78.15.0-150400.3.6.2.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:mozjs78-78.15.0-150400.3.6.2.aarch64"
},
"product_reference": "mozjs78-78.15.0-150400.3.6.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozjs78-78.15.0-150400.3.6.2.ppc64le as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:mozjs78-78.15.0-150400.3.6.2.ppc64le"
},
"product_reference": "mozjs78-78.15.0-150400.3.6.2.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozjs78-78.15.0-150400.3.6.2.s390x as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:mozjs78-78.15.0-150400.3.6.2.s390x"
},
"product_reference": "mozjs78-78.15.0-150400.3.6.2.s390x",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozjs78-78.15.0-150400.3.6.2.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:mozjs78-78.15.0-150400.3.6.2.x86_64"
},
"product_reference": "mozjs78-78.15.0-150400.3.6.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozjs78-devel-78.15.0-150400.3.6.2.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:mozjs78-devel-78.15.0-150400.3.6.2.aarch64"
},
"product_reference": "mozjs78-devel-78.15.0-150400.3.6.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozjs78-devel-78.15.0-150400.3.6.2.ppc64le as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:mozjs78-devel-78.15.0-150400.3.6.2.ppc64le"
},
"product_reference": "mozjs78-devel-78.15.0-150400.3.6.2.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozjs78-devel-78.15.0-150400.3.6.2.s390x as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:mozjs78-devel-78.15.0-150400.3.6.2.s390x"
},
"product_reference": "mozjs78-devel-78.15.0-150400.3.6.2.s390x",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozjs78-devel-78.15.0-150400.3.6.2.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:mozjs78-devel-78.15.0-150400.3.6.2.x86_64"
},
"product_reference": "mozjs78-devel-78.15.0-150400.3.6.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmozjs-78-0-78.15.0-150400.3.6.2.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libmozjs-78-0-78.15.0-150400.3.6.2.aarch64"
},
"product_reference": "libmozjs-78-0-78.15.0-150400.3.6.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le"
},
"product_reference": "libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmozjs-78-0-78.15.0-150400.3.6.2.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libmozjs-78-0-78.15.0-150400.3.6.2.s390x"
},
"product_reference": "libmozjs-78-0-78.15.0-150400.3.6.2.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmozjs-78-0-78.15.0-150400.3.6.2.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libmozjs-78-0-78.15.0-150400.3.6.2.x86_64"
},
"product_reference": "libmozjs-78-0-78.15.0-150400.3.6.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozjs78-78.15.0-150400.3.6.2.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:mozjs78-78.15.0-150400.3.6.2.aarch64"
},
"product_reference": "mozjs78-78.15.0-150400.3.6.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozjs78-78.15.0-150400.3.6.2.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:mozjs78-78.15.0-150400.3.6.2.ppc64le"
},
"product_reference": "mozjs78-78.15.0-150400.3.6.2.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozjs78-78.15.0-150400.3.6.2.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:mozjs78-78.15.0-150400.3.6.2.s390x"
},
"product_reference": "mozjs78-78.15.0-150400.3.6.2.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozjs78-78.15.0-150400.3.6.2.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:mozjs78-78.15.0-150400.3.6.2.x86_64"
},
"product_reference": "mozjs78-78.15.0-150400.3.6.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozjs78-devel-78.15.0-150400.3.6.2.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:mozjs78-devel-78.15.0-150400.3.6.2.aarch64"
},
"product_reference": "mozjs78-devel-78.15.0-150400.3.6.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozjs78-devel-78.15.0-150400.3.6.2.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:mozjs78-devel-78.15.0-150400.3.6.2.ppc64le"
},
"product_reference": "mozjs78-devel-78.15.0-150400.3.6.2.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozjs78-devel-78.15.0-150400.3.6.2.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:mozjs78-devel-78.15.0-150400.3.6.2.s390x"
},
"product_reference": "mozjs78-devel-78.15.0-150400.3.6.2.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozjs78-devel-78.15.0-150400.3.6.2.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:mozjs78-devel-78.15.0-150400.3.6.2.x86_64"
},
"product_reference": "mozjs78-devel-78.15.0-150400.3.6.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-45490",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45490"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:mozjs78-devel-78.15.0-150400.3.6.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:mozjs78-devel-78.15.0-150400.3.6.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:mozjs78-devel-78.15.0-150400.3.6.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:mozjs78-devel-78.15.0-150400.3.6.2.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libmozjs-78-0-78.15.0-150400.3.6.2.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libmozjs-78-0-78.15.0-150400.3.6.2.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libmozjs-78-0-78.15.0-150400.3.6.2.x86_64",
"openSUSE Leap 15.5:libmozjs-78-0-78.15.0-150400.3.6.2.aarch64",
"openSUSE Leap 15.5:libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le",
"openSUSE Leap 15.5:libmozjs-78-0-78.15.0-150400.3.6.2.s390x",
"openSUSE Leap 15.5:libmozjs-78-0-78.15.0-150400.3.6.2.x86_64",
"openSUSE Leap 15.5:mozjs78-78.15.0-150400.3.6.2.aarch64",
"openSUSE Leap 15.5:mozjs78-78.15.0-150400.3.6.2.ppc64le",
"openSUSE Leap 15.5:mozjs78-78.15.0-150400.3.6.2.s390x",
"openSUSE Leap 15.5:mozjs78-78.15.0-150400.3.6.2.x86_64",
"openSUSE Leap 15.5:mozjs78-devel-78.15.0-150400.3.6.2.aarch64",
"openSUSE Leap 15.5:mozjs78-devel-78.15.0-150400.3.6.2.ppc64le",
"openSUSE Leap 15.5:mozjs78-devel-78.15.0-150400.3.6.2.s390x",
"openSUSE Leap 15.5:mozjs78-devel-78.15.0-150400.3.6.2.x86_64",
"openSUSE Leap 15.6:libmozjs-78-0-78.15.0-150400.3.6.2.aarch64",
"openSUSE Leap 15.6:libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le",
"openSUSE Leap 15.6:libmozjs-78-0-78.15.0-150400.3.6.2.s390x",
"openSUSE Leap 15.6:libmozjs-78-0-78.15.0-150400.3.6.2.x86_64",
"openSUSE Leap 15.6:mozjs78-78.15.0-150400.3.6.2.aarch64",
"openSUSE Leap 15.6:mozjs78-78.15.0-150400.3.6.2.ppc64le",
"openSUSE Leap 15.6:mozjs78-78.15.0-150400.3.6.2.s390x",
"openSUSE Leap 15.6:mozjs78-78.15.0-150400.3.6.2.x86_64",
"openSUSE Leap 15.6:mozjs78-devel-78.15.0-150400.3.6.2.aarch64",
"openSUSE Leap 15.6:mozjs78-devel-78.15.0-150400.3.6.2.ppc64le",
"openSUSE Leap 15.6:mozjs78-devel-78.15.0-150400.3.6.2.s390x",
"openSUSE Leap 15.6:mozjs78-devel-78.15.0-150400.3.6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45490",
"url": "https://www.suse.com/security/cve/CVE-2024-45490"
},
{
"category": "external",
"summary": "SUSE Bug 1229930 for CVE-2024-45490",
"url": "https://bugzilla.suse.com/1229930"
},
{
"category": "external",
"summary": "SUSE Bug 1229962 for CVE-2024-45490",
"url": "https://bugzilla.suse.com/1229962"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:mozjs78-devel-78.15.0-150400.3.6.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:mozjs78-devel-78.15.0-150400.3.6.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:mozjs78-devel-78.15.0-150400.3.6.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:mozjs78-devel-78.15.0-150400.3.6.2.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libmozjs-78-0-78.15.0-150400.3.6.2.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libmozjs-78-0-78.15.0-150400.3.6.2.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libmozjs-78-0-78.15.0-150400.3.6.2.x86_64",
"openSUSE Leap 15.5:libmozjs-78-0-78.15.0-150400.3.6.2.aarch64",
"openSUSE Leap 15.5:libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le",
"openSUSE Leap 15.5:libmozjs-78-0-78.15.0-150400.3.6.2.s390x",
"openSUSE Leap 15.5:libmozjs-78-0-78.15.0-150400.3.6.2.x86_64",
"openSUSE Leap 15.5:mozjs78-78.15.0-150400.3.6.2.aarch64",
"openSUSE Leap 15.5:mozjs78-78.15.0-150400.3.6.2.ppc64le",
"openSUSE Leap 15.5:mozjs78-78.15.0-150400.3.6.2.s390x",
"openSUSE Leap 15.5:mozjs78-78.15.0-150400.3.6.2.x86_64",
"openSUSE Leap 15.5:mozjs78-devel-78.15.0-150400.3.6.2.aarch64",
"openSUSE Leap 15.5:mozjs78-devel-78.15.0-150400.3.6.2.ppc64le",
"openSUSE Leap 15.5:mozjs78-devel-78.15.0-150400.3.6.2.s390x",
"openSUSE Leap 15.5:mozjs78-devel-78.15.0-150400.3.6.2.x86_64",
"openSUSE Leap 15.6:libmozjs-78-0-78.15.0-150400.3.6.2.aarch64",
"openSUSE Leap 15.6:libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le",
"openSUSE Leap 15.6:libmozjs-78-0-78.15.0-150400.3.6.2.s390x",
"openSUSE Leap 15.6:libmozjs-78-0-78.15.0-150400.3.6.2.x86_64",
"openSUSE Leap 15.6:mozjs78-78.15.0-150400.3.6.2.aarch64",
"openSUSE Leap 15.6:mozjs78-78.15.0-150400.3.6.2.ppc64le",
"openSUSE Leap 15.6:mozjs78-78.15.0-150400.3.6.2.s390x",
"openSUSE Leap 15.6:mozjs78-78.15.0-150400.3.6.2.x86_64",
"openSUSE Leap 15.6:mozjs78-devel-78.15.0-150400.3.6.2.aarch64",
"openSUSE Leap 15.6:mozjs78-devel-78.15.0-150400.3.6.2.ppc64le",
"openSUSE Leap 15.6:mozjs78-devel-78.15.0-150400.3.6.2.s390x",
"openSUSE Leap 15.6:mozjs78-devel-78.15.0-150400.3.6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:mozjs78-devel-78.15.0-150400.3.6.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:mozjs78-devel-78.15.0-150400.3.6.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:mozjs78-devel-78.15.0-150400.3.6.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:mozjs78-devel-78.15.0-150400.3.6.2.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libmozjs-78-0-78.15.0-150400.3.6.2.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libmozjs-78-0-78.15.0-150400.3.6.2.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libmozjs-78-0-78.15.0-150400.3.6.2.x86_64",
"openSUSE Leap 15.5:libmozjs-78-0-78.15.0-150400.3.6.2.aarch64",
"openSUSE Leap 15.5:libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le",
"openSUSE Leap 15.5:libmozjs-78-0-78.15.0-150400.3.6.2.s390x",
"openSUSE Leap 15.5:libmozjs-78-0-78.15.0-150400.3.6.2.x86_64",
"openSUSE Leap 15.5:mozjs78-78.15.0-150400.3.6.2.aarch64",
"openSUSE Leap 15.5:mozjs78-78.15.0-150400.3.6.2.ppc64le",
"openSUSE Leap 15.5:mozjs78-78.15.0-150400.3.6.2.s390x",
"openSUSE Leap 15.5:mozjs78-78.15.0-150400.3.6.2.x86_64",
"openSUSE Leap 15.5:mozjs78-devel-78.15.0-150400.3.6.2.aarch64",
"openSUSE Leap 15.5:mozjs78-devel-78.15.0-150400.3.6.2.ppc64le",
"openSUSE Leap 15.5:mozjs78-devel-78.15.0-150400.3.6.2.s390x",
"openSUSE Leap 15.5:mozjs78-devel-78.15.0-150400.3.6.2.x86_64",
"openSUSE Leap 15.6:libmozjs-78-0-78.15.0-150400.3.6.2.aarch64",
"openSUSE Leap 15.6:libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le",
"openSUSE Leap 15.6:libmozjs-78-0-78.15.0-150400.3.6.2.s390x",
"openSUSE Leap 15.6:libmozjs-78-0-78.15.0-150400.3.6.2.x86_64",
"openSUSE Leap 15.6:mozjs78-78.15.0-150400.3.6.2.aarch64",
"openSUSE Leap 15.6:mozjs78-78.15.0-150400.3.6.2.ppc64le",
"openSUSE Leap 15.6:mozjs78-78.15.0-150400.3.6.2.s390x",
"openSUSE Leap 15.6:mozjs78-78.15.0-150400.3.6.2.x86_64",
"openSUSE Leap 15.6:mozjs78-devel-78.15.0-150400.3.6.2.aarch64",
"openSUSE Leap 15.6:mozjs78-devel-78.15.0-150400.3.6.2.ppc64le",
"openSUSE Leap 15.6:mozjs78-devel-78.15.0-150400.3.6.2.s390x",
"openSUSE Leap 15.6:mozjs78-devel-78.15.0-150400.3.6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-09T06:17:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-45490"
},
{
"cve": "CVE-2024-45491",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45491"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:mozjs78-devel-78.15.0-150400.3.6.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:mozjs78-devel-78.15.0-150400.3.6.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:mozjs78-devel-78.15.0-150400.3.6.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:mozjs78-devel-78.15.0-150400.3.6.2.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libmozjs-78-0-78.15.0-150400.3.6.2.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libmozjs-78-0-78.15.0-150400.3.6.2.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libmozjs-78-0-78.15.0-150400.3.6.2.x86_64",
"openSUSE Leap 15.5:libmozjs-78-0-78.15.0-150400.3.6.2.aarch64",
"openSUSE Leap 15.5:libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le",
"openSUSE Leap 15.5:libmozjs-78-0-78.15.0-150400.3.6.2.s390x",
"openSUSE Leap 15.5:libmozjs-78-0-78.15.0-150400.3.6.2.x86_64",
"openSUSE Leap 15.5:mozjs78-78.15.0-150400.3.6.2.aarch64",
"openSUSE Leap 15.5:mozjs78-78.15.0-150400.3.6.2.ppc64le",
"openSUSE Leap 15.5:mozjs78-78.15.0-150400.3.6.2.s390x",
"openSUSE Leap 15.5:mozjs78-78.15.0-150400.3.6.2.x86_64",
"openSUSE Leap 15.5:mozjs78-devel-78.15.0-150400.3.6.2.aarch64",
"openSUSE Leap 15.5:mozjs78-devel-78.15.0-150400.3.6.2.ppc64le",
"openSUSE Leap 15.5:mozjs78-devel-78.15.0-150400.3.6.2.s390x",
"openSUSE Leap 15.5:mozjs78-devel-78.15.0-150400.3.6.2.x86_64",
"openSUSE Leap 15.6:libmozjs-78-0-78.15.0-150400.3.6.2.aarch64",
"openSUSE Leap 15.6:libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le",
"openSUSE Leap 15.6:libmozjs-78-0-78.15.0-150400.3.6.2.s390x",
"openSUSE Leap 15.6:libmozjs-78-0-78.15.0-150400.3.6.2.x86_64",
"openSUSE Leap 15.6:mozjs78-78.15.0-150400.3.6.2.aarch64",
"openSUSE Leap 15.6:mozjs78-78.15.0-150400.3.6.2.ppc64le",
"openSUSE Leap 15.6:mozjs78-78.15.0-150400.3.6.2.s390x",
"openSUSE Leap 15.6:mozjs78-78.15.0-150400.3.6.2.x86_64",
"openSUSE Leap 15.6:mozjs78-devel-78.15.0-150400.3.6.2.aarch64",
"openSUSE Leap 15.6:mozjs78-devel-78.15.0-150400.3.6.2.ppc64le",
"openSUSE Leap 15.6:mozjs78-devel-78.15.0-150400.3.6.2.s390x",
"openSUSE Leap 15.6:mozjs78-devel-78.15.0-150400.3.6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45491",
"url": "https://www.suse.com/security/cve/CVE-2024-45491"
},
{
"category": "external",
"summary": "SUSE Bug 1229930 for CVE-2024-45491",
"url": "https://bugzilla.suse.com/1229930"
},
{
"category": "external",
"summary": "SUSE Bug 1229931 for CVE-2024-45491",
"url": "https://bugzilla.suse.com/1229931"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:mozjs78-devel-78.15.0-150400.3.6.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:mozjs78-devel-78.15.0-150400.3.6.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:mozjs78-devel-78.15.0-150400.3.6.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:mozjs78-devel-78.15.0-150400.3.6.2.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libmozjs-78-0-78.15.0-150400.3.6.2.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libmozjs-78-0-78.15.0-150400.3.6.2.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libmozjs-78-0-78.15.0-150400.3.6.2.x86_64",
"openSUSE Leap 15.5:libmozjs-78-0-78.15.0-150400.3.6.2.aarch64",
"openSUSE Leap 15.5:libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le",
"openSUSE Leap 15.5:libmozjs-78-0-78.15.0-150400.3.6.2.s390x",
"openSUSE Leap 15.5:libmozjs-78-0-78.15.0-150400.3.6.2.x86_64",
"openSUSE Leap 15.5:mozjs78-78.15.0-150400.3.6.2.aarch64",
"openSUSE Leap 15.5:mozjs78-78.15.0-150400.3.6.2.ppc64le",
"openSUSE Leap 15.5:mozjs78-78.15.0-150400.3.6.2.s390x",
"openSUSE Leap 15.5:mozjs78-78.15.0-150400.3.6.2.x86_64",
"openSUSE Leap 15.5:mozjs78-devel-78.15.0-150400.3.6.2.aarch64",
"openSUSE Leap 15.5:mozjs78-devel-78.15.0-150400.3.6.2.ppc64le",
"openSUSE Leap 15.5:mozjs78-devel-78.15.0-150400.3.6.2.s390x",
"openSUSE Leap 15.5:mozjs78-devel-78.15.0-150400.3.6.2.x86_64",
"openSUSE Leap 15.6:libmozjs-78-0-78.15.0-150400.3.6.2.aarch64",
"openSUSE Leap 15.6:libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le",
"openSUSE Leap 15.6:libmozjs-78-0-78.15.0-150400.3.6.2.s390x",
"openSUSE Leap 15.6:libmozjs-78-0-78.15.0-150400.3.6.2.x86_64",
"openSUSE Leap 15.6:mozjs78-78.15.0-150400.3.6.2.aarch64",
"openSUSE Leap 15.6:mozjs78-78.15.0-150400.3.6.2.ppc64le",
"openSUSE Leap 15.6:mozjs78-78.15.0-150400.3.6.2.s390x",
"openSUSE Leap 15.6:mozjs78-78.15.0-150400.3.6.2.x86_64",
"openSUSE Leap 15.6:mozjs78-devel-78.15.0-150400.3.6.2.aarch64",
"openSUSE Leap 15.6:mozjs78-devel-78.15.0-150400.3.6.2.ppc64le",
"openSUSE Leap 15.6:mozjs78-devel-78.15.0-150400.3.6.2.s390x",
"openSUSE Leap 15.6:mozjs78-devel-78.15.0-150400.3.6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:mozjs78-devel-78.15.0-150400.3.6.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:mozjs78-devel-78.15.0-150400.3.6.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:mozjs78-devel-78.15.0-150400.3.6.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:mozjs78-devel-78.15.0-150400.3.6.2.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libmozjs-78-0-78.15.0-150400.3.6.2.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libmozjs-78-0-78.15.0-150400.3.6.2.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libmozjs-78-0-78.15.0-150400.3.6.2.x86_64",
"openSUSE Leap 15.5:libmozjs-78-0-78.15.0-150400.3.6.2.aarch64",
"openSUSE Leap 15.5:libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le",
"openSUSE Leap 15.5:libmozjs-78-0-78.15.0-150400.3.6.2.s390x",
"openSUSE Leap 15.5:libmozjs-78-0-78.15.0-150400.3.6.2.x86_64",
"openSUSE Leap 15.5:mozjs78-78.15.0-150400.3.6.2.aarch64",
"openSUSE Leap 15.5:mozjs78-78.15.0-150400.3.6.2.ppc64le",
"openSUSE Leap 15.5:mozjs78-78.15.0-150400.3.6.2.s390x",
"openSUSE Leap 15.5:mozjs78-78.15.0-150400.3.6.2.x86_64",
"openSUSE Leap 15.5:mozjs78-devel-78.15.0-150400.3.6.2.aarch64",
"openSUSE Leap 15.5:mozjs78-devel-78.15.0-150400.3.6.2.ppc64le",
"openSUSE Leap 15.5:mozjs78-devel-78.15.0-150400.3.6.2.s390x",
"openSUSE Leap 15.5:mozjs78-devel-78.15.0-150400.3.6.2.x86_64",
"openSUSE Leap 15.6:libmozjs-78-0-78.15.0-150400.3.6.2.aarch64",
"openSUSE Leap 15.6:libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le",
"openSUSE Leap 15.6:libmozjs-78-0-78.15.0-150400.3.6.2.s390x",
"openSUSE Leap 15.6:libmozjs-78-0-78.15.0-150400.3.6.2.x86_64",
"openSUSE Leap 15.6:mozjs78-78.15.0-150400.3.6.2.aarch64",
"openSUSE Leap 15.6:mozjs78-78.15.0-150400.3.6.2.ppc64le",
"openSUSE Leap 15.6:mozjs78-78.15.0-150400.3.6.2.s390x",
"openSUSE Leap 15.6:mozjs78-78.15.0-150400.3.6.2.x86_64",
"openSUSE Leap 15.6:mozjs78-devel-78.15.0-150400.3.6.2.aarch64",
"openSUSE Leap 15.6:mozjs78-devel-78.15.0-150400.3.6.2.ppc64le",
"openSUSE Leap 15.6:mozjs78-devel-78.15.0-150400.3.6.2.s390x",
"openSUSE Leap 15.6:mozjs78-devel-78.15.0-150400.3.6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-09T06:17:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-45491"
},
{
"cve": "CVE-2024-45492",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45492"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:mozjs78-devel-78.15.0-150400.3.6.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:mozjs78-devel-78.15.0-150400.3.6.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:mozjs78-devel-78.15.0-150400.3.6.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:mozjs78-devel-78.15.0-150400.3.6.2.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libmozjs-78-0-78.15.0-150400.3.6.2.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libmozjs-78-0-78.15.0-150400.3.6.2.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libmozjs-78-0-78.15.0-150400.3.6.2.x86_64",
"openSUSE Leap 15.5:libmozjs-78-0-78.15.0-150400.3.6.2.aarch64",
"openSUSE Leap 15.5:libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le",
"openSUSE Leap 15.5:libmozjs-78-0-78.15.0-150400.3.6.2.s390x",
"openSUSE Leap 15.5:libmozjs-78-0-78.15.0-150400.3.6.2.x86_64",
"openSUSE Leap 15.5:mozjs78-78.15.0-150400.3.6.2.aarch64",
"openSUSE Leap 15.5:mozjs78-78.15.0-150400.3.6.2.ppc64le",
"openSUSE Leap 15.5:mozjs78-78.15.0-150400.3.6.2.s390x",
"openSUSE Leap 15.5:mozjs78-78.15.0-150400.3.6.2.x86_64",
"openSUSE Leap 15.5:mozjs78-devel-78.15.0-150400.3.6.2.aarch64",
"openSUSE Leap 15.5:mozjs78-devel-78.15.0-150400.3.6.2.ppc64le",
"openSUSE Leap 15.5:mozjs78-devel-78.15.0-150400.3.6.2.s390x",
"openSUSE Leap 15.5:mozjs78-devel-78.15.0-150400.3.6.2.x86_64",
"openSUSE Leap 15.6:libmozjs-78-0-78.15.0-150400.3.6.2.aarch64",
"openSUSE Leap 15.6:libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le",
"openSUSE Leap 15.6:libmozjs-78-0-78.15.0-150400.3.6.2.s390x",
"openSUSE Leap 15.6:libmozjs-78-0-78.15.0-150400.3.6.2.x86_64",
"openSUSE Leap 15.6:mozjs78-78.15.0-150400.3.6.2.aarch64",
"openSUSE Leap 15.6:mozjs78-78.15.0-150400.3.6.2.ppc64le",
"openSUSE Leap 15.6:mozjs78-78.15.0-150400.3.6.2.s390x",
"openSUSE Leap 15.6:mozjs78-78.15.0-150400.3.6.2.x86_64",
"openSUSE Leap 15.6:mozjs78-devel-78.15.0-150400.3.6.2.aarch64",
"openSUSE Leap 15.6:mozjs78-devel-78.15.0-150400.3.6.2.ppc64le",
"openSUSE Leap 15.6:mozjs78-devel-78.15.0-150400.3.6.2.s390x",
"openSUSE Leap 15.6:mozjs78-devel-78.15.0-150400.3.6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45492",
"url": "https://www.suse.com/security/cve/CVE-2024-45492"
},
{
"category": "external",
"summary": "SUSE Bug 1229930 for CVE-2024-45492",
"url": "https://bugzilla.suse.com/1229930"
},
{
"category": "external",
"summary": "SUSE Bug 1229932 for CVE-2024-45492",
"url": "https://bugzilla.suse.com/1229932"
},
{
"category": "external",
"summary": "SUSE Bug 1229964 for CVE-2024-45492",
"url": "https://bugzilla.suse.com/1229964"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:mozjs78-devel-78.15.0-150400.3.6.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:mozjs78-devel-78.15.0-150400.3.6.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:mozjs78-devel-78.15.0-150400.3.6.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:mozjs78-devel-78.15.0-150400.3.6.2.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libmozjs-78-0-78.15.0-150400.3.6.2.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libmozjs-78-0-78.15.0-150400.3.6.2.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libmozjs-78-0-78.15.0-150400.3.6.2.x86_64",
"openSUSE Leap 15.5:libmozjs-78-0-78.15.0-150400.3.6.2.aarch64",
"openSUSE Leap 15.5:libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le",
"openSUSE Leap 15.5:libmozjs-78-0-78.15.0-150400.3.6.2.s390x",
"openSUSE Leap 15.5:libmozjs-78-0-78.15.0-150400.3.6.2.x86_64",
"openSUSE Leap 15.5:mozjs78-78.15.0-150400.3.6.2.aarch64",
"openSUSE Leap 15.5:mozjs78-78.15.0-150400.3.6.2.ppc64le",
"openSUSE Leap 15.5:mozjs78-78.15.0-150400.3.6.2.s390x",
"openSUSE Leap 15.5:mozjs78-78.15.0-150400.3.6.2.x86_64",
"openSUSE Leap 15.5:mozjs78-devel-78.15.0-150400.3.6.2.aarch64",
"openSUSE Leap 15.5:mozjs78-devel-78.15.0-150400.3.6.2.ppc64le",
"openSUSE Leap 15.5:mozjs78-devel-78.15.0-150400.3.6.2.s390x",
"openSUSE Leap 15.5:mozjs78-devel-78.15.0-150400.3.6.2.x86_64",
"openSUSE Leap 15.6:libmozjs-78-0-78.15.0-150400.3.6.2.aarch64",
"openSUSE Leap 15.6:libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le",
"openSUSE Leap 15.6:libmozjs-78-0-78.15.0-150400.3.6.2.s390x",
"openSUSE Leap 15.6:libmozjs-78-0-78.15.0-150400.3.6.2.x86_64",
"openSUSE Leap 15.6:mozjs78-78.15.0-150400.3.6.2.aarch64",
"openSUSE Leap 15.6:mozjs78-78.15.0-150400.3.6.2.ppc64le",
"openSUSE Leap 15.6:mozjs78-78.15.0-150400.3.6.2.s390x",
"openSUSE Leap 15.6:mozjs78-78.15.0-150400.3.6.2.x86_64",
"openSUSE Leap 15.6:mozjs78-devel-78.15.0-150400.3.6.2.aarch64",
"openSUSE Leap 15.6:mozjs78-devel-78.15.0-150400.3.6.2.ppc64le",
"openSUSE Leap 15.6:mozjs78-devel-78.15.0-150400.3.6.2.s390x",
"openSUSE Leap 15.6:mozjs78-devel-78.15.0-150400.3.6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:mozjs78-devel-78.15.0-150400.3.6.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:mozjs78-devel-78.15.0-150400.3.6.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:mozjs78-devel-78.15.0-150400.3.6.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:mozjs78-devel-78.15.0-150400.3.6.2.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libmozjs-78-0-78.15.0-150400.3.6.2.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libmozjs-78-0-78.15.0-150400.3.6.2.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libmozjs-78-0-78.15.0-150400.3.6.2.x86_64",
"openSUSE Leap 15.5:libmozjs-78-0-78.15.0-150400.3.6.2.aarch64",
"openSUSE Leap 15.5:libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le",
"openSUSE Leap 15.5:libmozjs-78-0-78.15.0-150400.3.6.2.s390x",
"openSUSE Leap 15.5:libmozjs-78-0-78.15.0-150400.3.6.2.x86_64",
"openSUSE Leap 15.5:mozjs78-78.15.0-150400.3.6.2.aarch64",
"openSUSE Leap 15.5:mozjs78-78.15.0-150400.3.6.2.ppc64le",
"openSUSE Leap 15.5:mozjs78-78.15.0-150400.3.6.2.s390x",
"openSUSE Leap 15.5:mozjs78-78.15.0-150400.3.6.2.x86_64",
"openSUSE Leap 15.5:mozjs78-devel-78.15.0-150400.3.6.2.aarch64",
"openSUSE Leap 15.5:mozjs78-devel-78.15.0-150400.3.6.2.ppc64le",
"openSUSE Leap 15.5:mozjs78-devel-78.15.0-150400.3.6.2.s390x",
"openSUSE Leap 15.5:mozjs78-devel-78.15.0-150400.3.6.2.x86_64",
"openSUSE Leap 15.6:libmozjs-78-0-78.15.0-150400.3.6.2.aarch64",
"openSUSE Leap 15.6:libmozjs-78-0-78.15.0-150400.3.6.2.ppc64le",
"openSUSE Leap 15.6:libmozjs-78-0-78.15.0-150400.3.6.2.s390x",
"openSUSE Leap 15.6:libmozjs-78-0-78.15.0-150400.3.6.2.x86_64",
"openSUSE Leap 15.6:mozjs78-78.15.0-150400.3.6.2.aarch64",
"openSUSE Leap 15.6:mozjs78-78.15.0-150400.3.6.2.ppc64le",
"openSUSE Leap 15.6:mozjs78-78.15.0-150400.3.6.2.s390x",
"openSUSE Leap 15.6:mozjs78-78.15.0-150400.3.6.2.x86_64",
"openSUSE Leap 15.6:mozjs78-devel-78.15.0-150400.3.6.2.aarch64",
"openSUSE Leap 15.6:mozjs78-devel-78.15.0-150400.3.6.2.ppc64le",
"openSUSE Leap 15.6:mozjs78-devel-78.15.0-150400.3.6.2.s390x",
"openSUSE Leap 15.6:mozjs78-devel-78.15.0-150400.3.6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-09T06:17:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-45492"
}
]
}
SUSE-SU-2025:20045-1
Vulnerability from csaf_suse - Published: 2025-02-03 08:54 - Updated: 2025-02-03 08:54Summary
Security update for expat
Severity
Important
Notes
Title of the patch: Security update for expat
Description of the patch: This update for expat fixes the following issues:
- CVE-2024-45492: detect integer overflow in function nextScaffoldPart (bsc#1229932)
- CVE-2024-45491: detect integer overflow in dtdCopy (bsc#1229931)
- CVE-2024-45490: reject negative len for XML_ParseBuffer (bsc#1229930)
- CVE-2024-28757: XML Entity Expansion attack when there is isolated use of external parsers (bsc#1221289)
Patchnames: SUSE-SLE-Micro-6.0-44
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.2 (Medium)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.2 (Medium)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.2 (Medium)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
24 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for expat",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for expat fixes the following issues:\n\n- CVE-2024-45492: detect integer overflow in function nextScaffoldPart (bsc#1229932) \n- CVE-2024-45491: detect integer overflow in dtdCopy (bsc#1229931)\n- CVE-2024-45490: reject negative len for XML_ParseBuffer (bsc#1229930)\n- CVE-2024-28757: XML Entity Expansion attack when there is isolated use of external parsers (bsc#1221289) \n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-44",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20045-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:20045-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520045-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:20045-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021308.html"
},
{
"category": "self",
"summary": "SUSE Bug 1221289",
"url": "https://bugzilla.suse.com/1221289"
},
{
"category": "self",
"summary": "SUSE Bug 1229930",
"url": "https://bugzilla.suse.com/1229930"
},
{
"category": "self",
"summary": "SUSE Bug 1229931",
"url": "https://bugzilla.suse.com/1229931"
},
{
"category": "self",
"summary": "SUSE Bug 1229932",
"url": "https://bugzilla.suse.com/1229932"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-28757 page",
"url": "https://www.suse.com/security/cve/CVE-2024-28757/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45490 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45490/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45491 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45491/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45492 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45492/"
}
],
"title": "Security update for expat",
"tracking": {
"current_release_date": "2025-02-03T08:54:55Z",
"generator": {
"date": "2025-02-03T08:54:55Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:20045-1",
"initial_release_date": "2025-02-03T08:54:55Z",
"revision_history": [
{
"date": "2025-02-03T08:54:55Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libexpat1-2.5.0-3.1.aarch64",
"product": {
"name": "libexpat1-2.5.0-3.1.aarch64",
"product_id": "libexpat1-2.5.0-3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libexpat1-2.5.0-3.1.s390x",
"product": {
"name": "libexpat1-2.5.0-3.1.s390x",
"product_id": "libexpat1-2.5.0-3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libexpat1-2.5.0-3.1.x86_64",
"product": {
"name": "libexpat1-2.5.0-3.1.x86_64",
"product_id": "libexpat1-2.5.0-3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.5.0-3.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.aarch64"
},
"product_reference": "libexpat1-2.5.0-3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.5.0-3.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.s390x"
},
"product_reference": "libexpat1-2.5.0-3.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.5.0-3.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.x86_64"
},
"product_reference": "libexpat1-2.5.0-3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-28757",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-28757"
}
],
"notes": [
{
"category": "general",
"text": "libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-28757",
"url": "https://www.suse.com/security/cve/CVE-2024-28757"
},
{
"category": "external",
"summary": "SUSE Bug 1221289 for CVE-2024-28757",
"url": "https://bugzilla.suse.com/1221289"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:55Z",
"details": "important"
}
],
"title": "CVE-2024-28757"
},
{
"cve": "CVE-2024-45490",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45490"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45490",
"url": "https://www.suse.com/security/cve/CVE-2024-45490"
},
{
"category": "external",
"summary": "SUSE Bug 1229930 for CVE-2024-45490",
"url": "https://bugzilla.suse.com/1229930"
},
{
"category": "external",
"summary": "SUSE Bug 1229962 for CVE-2024-45490",
"url": "https://bugzilla.suse.com/1229962"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:55Z",
"details": "moderate"
}
],
"title": "CVE-2024-45490"
},
{
"cve": "CVE-2024-45491",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45491"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45491",
"url": "https://www.suse.com/security/cve/CVE-2024-45491"
},
{
"category": "external",
"summary": "SUSE Bug 1229930 for CVE-2024-45491",
"url": "https://bugzilla.suse.com/1229930"
},
{
"category": "external",
"summary": "SUSE Bug 1229931 for CVE-2024-45491",
"url": "https://bugzilla.suse.com/1229931"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:55Z",
"details": "moderate"
}
],
"title": "CVE-2024-45491"
},
{
"cve": "CVE-2024-45492",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45492"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45492",
"url": "https://www.suse.com/security/cve/CVE-2024-45492"
},
{
"category": "external",
"summary": "SUSE Bug 1229930 for CVE-2024-45492",
"url": "https://bugzilla.suse.com/1229930"
},
{
"category": "external",
"summary": "SUSE Bug 1229932 for CVE-2024-45492",
"url": "https://bugzilla.suse.com/1229932"
},
{
"category": "external",
"summary": "SUSE Bug 1229964 for CVE-2024-45492",
"url": "https://bugzilla.suse.com/1229964"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:55Z",
"details": "moderate"
}
],
"title": "CVE-2024-45492"
}
]
}
SUSE-SU-2025:20207-1
Vulnerability from csaf_suse - Published: 2025-04-29 11:07 - Updated: 2025-04-29 11:07Summary
Security update for expat
Severity
Important
Notes
Title of the patch: Security update for expat
Description of the patch: This update for expat fixes the following issues:
Version update to 2.7.1:
* Bug fixes:
* Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0);
affected API functions are:
- XML_GetCurrentByteCount
- XML_GetCurrentByteIndex
- XML_GetCurrentColumnNumber
- XML_GetCurrentLineNumber
- XML_GetInputContext
* Other changes:
#976 #977 Autotools: Integrate files "fuzz/xml_lpm_fuzzer.{cpp,proto}"
with Automake that were missing from 2.7.0 release tarballs
#983 #984 Fix printf format specifiers for 32bit Emscripten
#992 docs: Promote OpenSSF Best Practices self-certification
#978 tests/benchmark: Resolve mistaken double close
#986 Address compiler warnings
#990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1)
to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/
for what these numbers do
Infrastructure:
#982 CI: Start running Perl XML::Parser integration tests
#987 CI: Enforce Clang Static Analyzer clean code
#991 CI: Re-enable warning clang-analyzer-valist.Uninitialized
for clang-tidy
#981 CI: Cover compilation with musl
#983 #984 CI: Cover compilation with 32bit Emscripten
#976 #977 CI: Protect against fuzzer files missing from future
release archives
Version update to 2.7.0 (CVE-2024-8176 [bsc#1239618])
* Security fixes:
* CVE-2024-8176 -- Fix crash from chaining a large number
of entities caused by stack overflow by resolving use of
recursion, for all three uses of entities:
- general entities in character data ("<e>&g1;</e>")
- general entities in attribute values ("<e k1='&g1;'/>")
- parameter entities ("%p1;")
Known impact is (reliable and easy) denial of service:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:O/RC:C
(Base Score: 7.5, Temporal Score: 7.2)
Please note that a layer of compression around XML can
significantly reduce the minimum attack payload size.
* Other changes:
* Document changes since the previous release
* Version info bumped from 11:0:10 (libexpat*.so.1.10.0)
to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/
for what these numbers do
Version update to 2.6.4:
* Security fixes: [bsc#1232601][bsc#1232579]
* CVE-2024-50602 -- Fix crash within function XML_ResumeParser
from a NULL pointer dereference by disallowing function
XML_StopParser to (stop or) suspend an unstarted parser.
A new error code XML_ERROR_NOT_STARTED was introduced to
properly communicate this situation. // CWE-476 CWE-754
* Other changes:
* Version info bumped from 10:3:9 (libexpat*.so.1.9.3)
to 11:0:10 (libexpat*.so.1.10.0); see https://verbump.de/
for what these numbers do
Update to 2.6.3:
* Security fixes:
- CVE-2024-45490, bsc#1229930 -- Calling function XML_ParseBuffer with
len < 0 without noticing and then calling XML_GetBuffer
will have XML_ParseBuffer fail to recognize the problem
and XML_GetBuffer corrupt memory.
With the fix, XML_ParseBuffer now complains with error
XML_ERROR_INVALID_ARGUMENT just like sibling XML_Parse
has been doing since Expat 2.2.1, and now documented.
Impact is denial of service to potentially artitrary code
execution.
- CVE-2024-45491, bsc#1229931 -- Internal function dtdCopy can have an
integer overflow for nDefaultAtts on 32-bit platforms
(where UINT_MAX equals SIZE_MAX).
Impact is denial of service to potentially artitrary code
execution.
- CVE-2024-45492, bsc#1229932 -- Internal function nextScaffoldPart can
have an integer overflow for m_groupSize on 32-bit
platforms (where UINT_MAX equals SIZE_MAX).
Impact is denial of service to potentially artitrary code
execution.
* Other changes:
- Version info bumped from 10:2:9 (libexpat*.so.1.9.2)
to 10:3:9 (libexpat*.so.1.9.3); see https://verbump.de/
for what these numbers do
Update to 2.6.2:
* CVE-2024-28757 -- Prevent billion laughs attacks with isolated
use of external parsers (bsc#1221289)
* Reject direct parameter entity recursion and avoid the related
undefined behavior
Update to 2.6.1:
* Expose billion laughs API with XML_DTD defined and XML_GE
undefined, regression from 2.6.0
* Make tests independent of CPU speed, and thus more robust
Update to 2.6.0:
* Security fixes:
- CVE-2023-52425 (bsc#1219559)
Fix quadratic runtime issues with big tokens
that can cause denial of service, in partial where
dealing with compressed XML input. Applications
that parsed a document in one go -- a single call to
functions XML_Parse or XML_ParseBuffer -- were not affected.
The smaller the chunks/buffers you use for parsing
previously, the bigger the problem prior to the fix.
Backporters should be careful to no omit parts of
pull request #789 and to include earlier pull request #771,
in order to not break the fix.
- CVE-2023-52426 (bsc#1219561)
Fix billion laughs attacks for users
compiling *without* XML_DTD defined (which is not common).
Users with XML_DTD defined have been protected since
Expat >=2.4.0 (and that was CVE-2013-0340 back then).
* Bug fixes:
- Fix parse-size-dependent "invalid token" error for
external entities that start with a byte order mark
- Fix NULL pointer dereference in setContext via
XML_ExternalEntityParserCreate for compilation with
XML_DTD undefined
- Protect against closing entities out of order
* Other changes:
- Improve support for arc4random/arc4random_buf
- Improve buffer growth in XML_GetBuffer and XML_Parse
- xmlwf: Support --help and --version
- xmlwf: Support custom buffer size for XML_GetBuffer and read
- xmlwf: Improve language and URL clickability in help output
- examples: Add new example "element_declarations.c"
- Be stricter about macro XML_CONTEXT_BYTES at build time
- Make inclusion to expat_config.h consistent
- Autotools: configure.ac: Support --disable-maintainer-mode
- Autotools: Sync CMake templates with CMake 3.26
- Autotools: Make installation of shipped man page doc/xmlwf.1
independent of docbook2man availability
- Autotools|CMake: Add missing -DXML_STATIC to pkg-config file
section "Cflags.private" in order to fix compilation
against static libexpat using pkg-config on Windows
- Autotools|CMake: Require a C99 compiler
(a de-facto requirement already since Expat 2.2.2 of 2017)
- Autotools|CMake: Fix PACKAGE_BUGREPORT variable
- Autotools|CMake: Make test suite require a C++11 compiler
- CMake: Require CMake >=3.5.0
- CMake: Lowercase off_t and size_t to help a bug in Meson
- CMake: Sort xmlwf sources alphabetically
- CMake|Windows: Fix generation of DLL file version info
- CMake: Build tests/benchmark/benchmark.c as well for
a build with -DEXPAT_BUILD_TESTS=ON
- docs: Document the importance of isFinal + adjust tests
accordingly
- docs: Improve use of "NULL" and "null"
- docs: Be specific about version of XML (XML 1.0r4)
and version of C (C99); (XML 1.0r5 will need a sponsor.)
- docs: reference.html: Promote function XML_ParseBuffer more
- docs: reference.html: Add HTML anchors to XML_* macros
- docs: reference.html: Upgrade to OK.css 1.2.0
- docs: Fix typos
- docs|CI: Use HTTPS URLs instead of HTTP at various places
- Address compiler warnings
- Address clang-tidy warnings
- Version info bumped from 9:10:8 (libexpat*.so.1.8.10)
to 10:0:9 (libexpat*.so.1.9.0); see https://verbump.de/
for what these numbers do
Patchnames: SUSE-SLE-Micro-6.0-304
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.5 (Medium)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.2 (Medium)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.2 (Medium)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.2 (Medium)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.9 (Medium)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
49 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for expat",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for expat fixes the following issues:\n\nVersion update to 2.7.1:\n\n* Bug fixes:\n\n * Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0);\n affected API functions are:\n\n - XML_GetCurrentByteCount\n - XML_GetCurrentByteIndex\n - XML_GetCurrentColumnNumber\n - XML_GetCurrentLineNumber\n - XML_GetInputContext\n\n * Other changes:\n #976 #977 Autotools: Integrate files \"fuzz/xml_lpm_fuzzer.{cpp,proto}\"\n with Automake that were missing from 2.7.0 release tarballs\n #983 #984 Fix printf format specifiers for 32bit Emscripten\n #992 docs: Promote OpenSSF Best Practices self-certification\n #978 tests/benchmark: Resolve mistaken double close\n #986 Address compiler warnings\n #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1)\n to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/\n for what these numbers do\n\n Infrastructure:\n #982 CI: Start running Perl XML::Parser integration tests\n #987 CI: Enforce Clang Static Analyzer clean code\n #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized\n for clang-tidy\n #981 CI: Cover compilation with musl\n #983 #984 CI: Cover compilation with 32bit Emscripten\n #976 #977 CI: Protect against fuzzer files missing from future\n release archives\n\nVersion update to 2.7.0 (CVE-2024-8176 [bsc#1239618])\n\n* Security fixes:\n * CVE-2024-8176 -- Fix crash from chaining a large number\n of entities caused by stack overflow by resolving use of\n recursion, for all three uses of entities:\n - general entities in character data (\"\u003ce\u003e\u0026g1;\u003c/e\u003e\")\n - general entities in attribute values (\"\u003ce k1=\u0027\u0026g1;\u0027/\u003e\")\n - parameter entities (\"%p1;\")\n\n Known impact is (reliable and easy) denial of service:\n\n CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:O/RC:C\n\n (Base Score: 7.5, Temporal Score: 7.2)\n\n Please note that a layer of compression around XML can\n significantly reduce the minimum attack payload size.\n\n * Other changes:\n * Document changes since the previous release\n * Version info bumped from 11:0:10 (libexpat*.so.1.10.0)\n to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/\n for what these numbers do\n\nVersion update to 2.6.4:\n\n * Security fixes: [bsc#1232601][bsc#1232579]\n * CVE-2024-50602 -- Fix crash within function XML_ResumeParser\n from a NULL pointer dereference by disallowing function\n XML_StopParser to (stop or) suspend an unstarted parser.\n A new error code XML_ERROR_NOT_STARTED was introduced to\n properly communicate this situation. // CWE-476 CWE-754\n * Other changes:\n * Version info bumped from 10:3:9 (libexpat*.so.1.9.3)\n to 11:0:10 (libexpat*.so.1.10.0); see https://verbump.de/\n for what these numbers do\n\nUpdate to 2.6.3:\n\n * Security fixes:\n - CVE-2024-45490, bsc#1229930 -- Calling function XML_ParseBuffer with\n len \u003c 0 without noticing and then calling XML_GetBuffer\n will have XML_ParseBuffer fail to recognize the problem\n and XML_GetBuffer corrupt memory.\n With the fix, XML_ParseBuffer now complains with error\n XML_ERROR_INVALID_ARGUMENT just like sibling XML_Parse\n has been doing since Expat 2.2.1, and now documented.\n Impact is denial of service to potentially artitrary code\n execution.\n - CVE-2024-45491, bsc#1229931 -- Internal function dtdCopy can have an\n integer overflow for nDefaultAtts on 32-bit platforms\n (where UINT_MAX equals SIZE_MAX).\n Impact is denial of service to potentially artitrary code\n execution.\n - CVE-2024-45492, bsc#1229932 -- Internal function nextScaffoldPart can\n have an integer overflow for m_groupSize on 32-bit\n platforms (where UINT_MAX equals SIZE_MAX).\n Impact is denial of service to potentially artitrary code\n execution.\n\n * Other changes:\n\n - Version info bumped from 10:2:9 (libexpat*.so.1.9.2)\n to 10:3:9 (libexpat*.so.1.9.3); see https://verbump.de/\n for what these numbers do \n\nUpdate to 2.6.2:\n\n * CVE-2024-28757 -- Prevent billion laughs attacks with isolated\n use of external parsers (bsc#1221289)\n * Reject direct parameter entity recursion and avoid the related\n undefined behavior\n\nUpdate to 2.6.1:\n\n * Expose billion laughs API with XML_DTD defined and XML_GE\n undefined, regression from 2.6.0\n * Make tests independent of CPU speed, and thus more robust\n\nUpdate to 2.6.0: \n\n * Security fixes:\n - CVE-2023-52425 (bsc#1219559) \n Fix quadratic runtime issues with big tokens\n that can cause denial of service, in partial where\n dealing with compressed XML input. Applications\n that parsed a document in one go -- a single call to\n functions XML_Parse or XML_ParseBuffer -- were not affected.\n The smaller the chunks/buffers you use for parsing\n previously, the bigger the problem prior to the fix.\n Backporters should be careful to no omit parts of\n pull request #789 and to include earlier pull request #771,\n in order to not break the fix.\n - CVE-2023-52426 (bsc#1219561)\n Fix billion laughs attacks for users\n compiling *without* XML_DTD defined (which is not common).\n Users with XML_DTD defined have been protected since\n Expat \u003e=2.4.0 (and that was CVE-2013-0340 back then).\n * Bug fixes:\n - Fix parse-size-dependent \"invalid token\" error for\n external entities that start with a byte order mark\n - Fix NULL pointer dereference in setContext via\n XML_ExternalEntityParserCreate for compilation with\n XML_DTD undefined\n - Protect against closing entities out of order\n * Other changes:\n - Improve support for arc4random/arc4random_buf\n - Improve buffer growth in XML_GetBuffer and XML_Parse\n - xmlwf: Support --help and --version\n - xmlwf: Support custom buffer size for XML_GetBuffer and read\n - xmlwf: Improve language and URL clickability in help output\n - examples: Add new example \"element_declarations.c\"\n - Be stricter about macro XML_CONTEXT_BYTES at build time\n - Make inclusion to expat_config.h consistent\n - Autotools: configure.ac: Support --disable-maintainer-mode\n - Autotools: Sync CMake templates with CMake 3.26\n - Autotools: Make installation of shipped man page doc/xmlwf.1\n independent of docbook2man availability\n - Autotools|CMake: Add missing -DXML_STATIC to pkg-config file\n section \"Cflags.private\" in order to fix compilation\n against static libexpat using pkg-config on Windows\n - Autotools|CMake: Require a C99 compiler\n (a de-facto requirement already since Expat 2.2.2 of 2017)\n - Autotools|CMake: Fix PACKAGE_BUGREPORT variable\n - Autotools|CMake: Make test suite require a C++11 compiler\n - CMake: Require CMake \u003e=3.5.0\n - CMake: Lowercase off_t and size_t to help a bug in Meson\n - CMake: Sort xmlwf sources alphabetically\n - CMake|Windows: Fix generation of DLL file version info\n - CMake: Build tests/benchmark/benchmark.c as well for\n a build with -DEXPAT_BUILD_TESTS=ON\n - docs: Document the importance of isFinal + adjust tests\n accordingly\n - docs: Improve use of \"NULL\" and \"null\"\n - docs: Be specific about version of XML (XML 1.0r4)\n and version of C (C99); (XML 1.0r5 will need a sponsor.)\n - docs: reference.html: Promote function XML_ParseBuffer more\n - docs: reference.html: Add HTML anchors to XML_* macros\n - docs: reference.html: Upgrade to OK.css 1.2.0\n - docs: Fix typos\n - docs|CI: Use HTTPS URLs instead of HTTP at various places\n - Address compiler warnings\n - Address clang-tidy warnings\n - Version info bumped from 9:10:8 (libexpat*.so.1.8.10)\n to 10:0:9 (libexpat*.so.1.9.0); see https://verbump.de/\n for what these numbers do\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-304",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20207-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:20207-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520207-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:20207-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021128.html"
},
{
"category": "self",
"summary": "SUSE Bug 1219559",
"url": "https://bugzilla.suse.com/1219559"
},
{
"category": "self",
"summary": "SUSE Bug 1219561",
"url": "https://bugzilla.suse.com/1219561"
},
{
"category": "self",
"summary": "SUSE Bug 1221289",
"url": "https://bugzilla.suse.com/1221289"
},
{
"category": "self",
"summary": "SUSE Bug 1229930",
"url": "https://bugzilla.suse.com/1229930"
},
{
"category": "self",
"summary": "SUSE Bug 1229931",
"url": "https://bugzilla.suse.com/1229931"
},
{
"category": "self",
"summary": "SUSE Bug 1229932",
"url": "https://bugzilla.suse.com/1229932"
},
{
"category": "self",
"summary": "SUSE Bug 1232579",
"url": "https://bugzilla.suse.com/1232579"
},
{
"category": "self",
"summary": "SUSE Bug 1232601",
"url": "https://bugzilla.suse.com/1232601"
},
{
"category": "self",
"summary": "SUSE Bug 1239618",
"url": "https://bugzilla.suse.com/1239618"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-0340 page",
"url": "https://www.suse.com/security/cve/CVE-2013-0340/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-15903 page",
"url": "https://www.suse.com/security/cve/CVE-2019-15903/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52425 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52425/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52426 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52426/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-28757 page",
"url": "https://www.suse.com/security/cve/CVE-2024-28757/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45490 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45490/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45491 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45491/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45492 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45492/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50602 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50602/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-8176 page",
"url": "https://www.suse.com/security/cve/CVE-2024-8176/"
}
],
"title": "Security update for expat",
"tracking": {
"current_release_date": "2025-04-29T11:07:45Z",
"generator": {
"date": "2025-04-29T11:07:45Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:20207-1",
"initial_release_date": "2025-04-29T11:07:45Z",
"revision_history": [
{
"date": "2025-04-29T11:07:45Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libexpat1-2.7.1-1.1.aarch64",
"product": {
"name": "libexpat1-2.7.1-1.1.aarch64",
"product_id": "libexpat1-2.7.1-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libexpat1-2.7.1-1.1.s390x",
"product": {
"name": "libexpat1-2.7.1-1.1.s390x",
"product_id": "libexpat1-2.7.1-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libexpat1-2.7.1-1.1.x86_64",
"product": {
"name": "libexpat1-2.7.1-1.1.x86_64",
"product_id": "libexpat1-2.7.1-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.7.1-1.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64"
},
"product_reference": "libexpat1-2.7.1-1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.7.1-1.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x"
},
"product_reference": "libexpat1-2.7.1-1.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.7.1-1.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64"
},
"product_reference": "libexpat1-2.7.1-1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2013-0340",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-0340"
}
],
"notes": [
{
"category": "general",
"text": "expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-0340",
"url": "https://www.suse.com/security/cve/CVE-2013-0340"
},
{
"category": "external",
"summary": "SUSE Bug 805236 for CVE-2013-0340",
"url": "https://bugzilla.suse.com/805236"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-29T11:07:45Z",
"details": "moderate"
}
],
"title": "CVE-2013-0340"
},
{
"cve": "CVE-2019-15903",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-15903"
}
],
"notes": [
{
"category": "general",
"text": "In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-15903",
"url": "https://www.suse.com/security/cve/CVE-2019-15903"
},
{
"category": "external",
"summary": "SUSE Bug 1149429 for CVE-2019-15903",
"url": "https://bugzilla.suse.com/1149429"
},
{
"category": "external",
"summary": "SUSE Bug 1154738 for CVE-2019-15903",
"url": "https://bugzilla.suse.com/1154738"
},
{
"category": "external",
"summary": "SUSE Bug 1154806 for CVE-2019-15903",
"url": "https://bugzilla.suse.com/1154806"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-29T11:07:45Z",
"details": "important"
}
],
"title": "CVE-2019-15903"
},
{
"cve": "CVE-2023-52425",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52425"
}
],
"notes": [
{
"category": "general",
"text": "libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52425",
"url": "https://www.suse.com/security/cve/CVE-2023-52425"
},
{
"category": "external",
"summary": "SUSE Bug 1219559 for CVE-2023-52425",
"url": "https://bugzilla.suse.com/1219559"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-29T11:07:45Z",
"details": "moderate"
}
],
"title": "CVE-2023-52425"
},
{
"cve": "CVE-2023-52426",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52426"
}
],
"notes": [
{
"category": "general",
"text": "libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52426",
"url": "https://www.suse.com/security/cve/CVE-2023-52426"
},
{
"category": "external",
"summary": "SUSE Bug 1219561 for CVE-2023-52426",
"url": "https://bugzilla.suse.com/1219561"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-29T11:07:45Z",
"details": "moderate"
}
],
"title": "CVE-2023-52426"
},
{
"cve": "CVE-2024-28757",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-28757"
}
],
"notes": [
{
"category": "general",
"text": "libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-28757",
"url": "https://www.suse.com/security/cve/CVE-2024-28757"
},
{
"category": "external",
"summary": "SUSE Bug 1221289 for CVE-2024-28757",
"url": "https://bugzilla.suse.com/1221289"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-29T11:07:45Z",
"details": "important"
}
],
"title": "CVE-2024-28757"
},
{
"cve": "CVE-2024-45490",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45490"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45490",
"url": "https://www.suse.com/security/cve/CVE-2024-45490"
},
{
"category": "external",
"summary": "SUSE Bug 1229930 for CVE-2024-45490",
"url": "https://bugzilla.suse.com/1229930"
},
{
"category": "external",
"summary": "SUSE Bug 1229962 for CVE-2024-45490",
"url": "https://bugzilla.suse.com/1229962"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-29T11:07:45Z",
"details": "moderate"
}
],
"title": "CVE-2024-45490"
},
{
"cve": "CVE-2024-45491",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45491"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45491",
"url": "https://www.suse.com/security/cve/CVE-2024-45491"
},
{
"category": "external",
"summary": "SUSE Bug 1229930 for CVE-2024-45491",
"url": "https://bugzilla.suse.com/1229930"
},
{
"category": "external",
"summary": "SUSE Bug 1229931 for CVE-2024-45491",
"url": "https://bugzilla.suse.com/1229931"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-29T11:07:45Z",
"details": "moderate"
}
],
"title": "CVE-2024-45491"
},
{
"cve": "CVE-2024-45492",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45492"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45492",
"url": "https://www.suse.com/security/cve/CVE-2024-45492"
},
{
"category": "external",
"summary": "SUSE Bug 1229930 for CVE-2024-45492",
"url": "https://bugzilla.suse.com/1229930"
},
{
"category": "external",
"summary": "SUSE Bug 1229932 for CVE-2024-45492",
"url": "https://bugzilla.suse.com/1229932"
},
{
"category": "external",
"summary": "SUSE Bug 1229964 for CVE-2024-45492",
"url": "https://bugzilla.suse.com/1229964"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-29T11:07:45Z",
"details": "moderate"
}
],
"title": "CVE-2024-45492"
},
{
"cve": "CVE-2024-50602",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50602"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50602",
"url": "https://www.suse.com/security/cve/CVE-2024-50602"
},
{
"category": "external",
"summary": "SUSE Bug 1232579 for CVE-2024-50602",
"url": "https://bugzilla.suse.com/1232579"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-29T11:07:45Z",
"details": "moderate"
}
],
"title": "CVE-2024-50602"
},
{
"cve": "CVE-2024-8176",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-8176"
}
],
"notes": [
{
"category": "general",
"text": "A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-8176",
"url": "https://www.suse.com/security/cve/CVE-2024-8176"
},
{
"category": "external",
"summary": "SUSE Bug 1239618 for CVE-2024-8176",
"url": "https://bugzilla.suse.com/1239618"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-29T11:07:45Z",
"details": "important"
}
],
"title": "CVE-2024-8176"
}
]
}
SUSE-SU-2025:20311-1
Vulnerability from csaf_suse - Published: 2025-05-13 13:37 - Updated: 2025-05-13 13:37Summary
Security update for expat
Severity
Important
Notes
Title of the patch: Security update for expat
Description of the patch: This update for expat fixes the following issues:
Version update to 2.7.1:
Bug fixes:
#980 #989 Restore event pointer behavior from Expat 2.6.4
(that the fix to CVE-2024-8176 changed in 2.7.0);
affected API functions are:
- XML_GetCurrentByteCount
- XML_GetCurrentByteIndex
- XML_GetCurrentColumnNumber
- XML_GetCurrentLineNumber
- XML_GetInputContext
Other changes:
#976 #977 Autotools: Integrate files "fuzz/xml_lpm_fuzzer.{cpp,proto}"
with Automake that were missing from 2.7.0 release tarballs
#983 #984 Fix printf format specifiers for 32bit Emscripten
#992 docs: Promote OpenSSF Best Practices self-certification
#978 tests/benchmark: Resolve mistaken double close
#986 Address compiler warnings
#990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1)
to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/
for what these numbers do
Infrastructure:
#982 CI: Start running Perl XML::Parser integration tests
#987 CI: Enforce Clang Static Analyzer clean code
#991 CI: Re-enable warning clang-analyzer-valist.Uninitialized
for clang-tidy
#981 CI: Cover compilation with musl
#983 #984 CI: Cover compilation with 32bit Emscripten
#976 #977 CI: Protect against fuzzer files missing from future
release archives
version update to 2.7.0 (CVE-2024-8176 [bsc#1239618]):
* Security fixes:
#893 #973 CVE-2024-8176 -- Fix crash from chaining a large number
of entities caused by stack overflow by resolving use of
recursion, for all three uses of entities:
- general entities in character data ("<e>&g1;</e>")
- general entities in attribute values ("<e k1='&g1;'/>")
- parameter entities ("%p1;")
Known impact is (reliable and easy) denial of service:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:O/RC:C
(Base Score: 7.5, Temporal Score: 7.2)
Please note that a layer of compression around XML can
significantly reduce the minimum attack payload size.
* Other changes:
#935 #937 Autotools: Make generated CMake files look for
libexpat.@SO_MAJOR@.dylib on macOS
#925 Autotools: Sync CMake templates with CMake 3.29
#945 #962 #966 CMake: Drop support for CMake <3.13
#942 CMake: Small fuzzing related improvements
#921 docs: Add missing documentation of error code
XML_ERROR_NOT_STARTED that was introduced with 2.6.4
#941 docs: Document need for C++11 compiler for use from C++
#959 tests/benchmark: Fix a (harmless) TOCTTOU
#944 Windows: Fix installer target location of file xmlwf.xml
for CMake
#953 Windows: Address warning -Wunknown-warning-option
about -Wno-pedantic-ms-format from LLVM MinGW
#971 Address Cppcheck warnings
#969 #970 Mass-migrate links from http:// to https://
#947 #958 ..
#974 #975 Document changes since the previous release
#974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0)
to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/
for what these numbers do
- no source changes, just adding jira reference: jsc#SLE-21253
Version update to 2.6.4
* Security fixes: [bsc#1232601][bsc#1232579]
#915 CVE-2024-50602 -- Fix crash within function XML_ResumeParser
from a NULL pointer dereference by disallowing function
XML_StopParser to (stop or) suspend an unstarted parser.
A new error code XML_ERROR_NOT_STARTED was introduced to
properly communicate this situation. // CWE-476 CWE-754
* Other changes:
#903 CMake: Add alias target "expat::expat"
#905 docs: Document use via CMake >=3.18 with FetchContent
and SOURCE_SUBDIR and its consequences
#902 tests: Reduce use of global parser instance
#904 tests: Resolve duplicate handler
#317 #918 tests: Improve tests on doctype closing (ex CVE-2019-15903)
#914 Fix signedness of format strings
#919 #920 Version info bumped from 10:3:9 (libexpat*.so.1.9.3)
to 11:0:10 (libexpat*.so.1.10.0); see https://verbump.de/
for what these numbers do
Update to 2.6.3:
* Security fixes:
- CVE-2024-45490, bsc#1229930 -- Calling function XML_ParseBuffer with
len < 0 without noticing and then calling XML_GetBuffer
will have XML_ParseBuffer fail to recognize the problem
and XML_GetBuffer corrupt memory.
With the fix, XML_ParseBuffer now complains with error
XML_ERROR_INVALID_ARGUMENT just like sibling XML_Parse
has been doing since Expat 2.2.1, and now documented.
Impact is denial of service to potentially artitrary code
execution.
- CVE-2024-45491, bsc#1229931 -- Internal function dtdCopy can have an
integer overflow for nDefaultAtts on 32-bit platforms
(where UINT_MAX equals SIZE_MAX).
Impact is denial of service to potentially artitrary code
execution.
- CVE-2024-45492, bsc#1229932 -- Internal function nextScaffoldPart can
have an integer overflow for m_groupSize on 32-bit
platforms (where UINT_MAX equals SIZE_MAX).
Impact is denial of service to potentially artitrary code
execution.
Update to 2.6.2:
* CVE-2024-28757 -- Prevent billion laughs attacks with isolated
use of external parsers (bsc#1221289)
* Reject direct parameter entity recursion and avoid the related
undefined behavior
Update to 2.6.1:
* Expose billion laughs API with XML_DTD defined and XML_GE
undefined, regression from 2.6.0
* Make tests independent of CPU speed, and thus more robust
Update to 2.6.0:
* Security fixes:
- CVE-2023-52425 (bsc#1219559)
-- Fix quadratic runtime issues with big tokens
that can cause denial of service, in partial where
dealing with compressed XML input. Applications
that parsed a document in one go -- a single call to
functions XML_Parse or XML_ParseBuffer -- were not affected.
The smaller the chunks/buffers you use for parsing
previously, the bigger the problem prior to the fix.
Backporters should be careful to no omit parts of
pull request #789 and to include earlier pull request #771,
in order to not break the fix.
- CVE-2023-52426 (bsc#1219561)
-- Fix billion laughs attacks for users
compiling *without* XML_DTD defined (which is not common).
Users with XML_DTD defined have been protected since
Expat >=2.4.0 (and that was CVE-2013-0340 back then).
* Bug fixes:
- Fix parse-size-dependent "invalid token" error for
external entities that start with a byte order mark
- Fix NULL pointer dereference in setContext via
XML_ExternalEntityParserCreate for compilation with
XML_DTD undefined
- Protect against closing entities out of order
* Other changes:
- Improve support for arc4random/arc4random_buf
- Improve buffer growth in XML_GetBuffer and XML_Parse
- xmlwf: Support --help and --version
- xmlwf: Support custom buffer size for XML_GetBuffer and read
- xmlwf: Improve language and URL clickability in help output
- examples: Add new example "element_declarations.c"
- Be stricter about macro XML_CONTEXT_BYTES at build time
- Make inclusion to expat_config.h consistent
- Autotools: configure.ac: Support --disable-maintainer-mode
- Autotools: Sync CMake templates with CMake 3.26
- Autotools: Make installation of shipped man page doc/xmlwf.1
independent of docbook2man availability
- Autotools|CMake: Add missing -DXML_STATIC to pkg-config file
section "Cflags.private" in order to fix compilation
against static libexpat using pkg-config on Windows
- Autotools|CMake: Require a C99 compiler
(a de-facto requirement already since Expat 2.2.2 of 2017)
- Autotools|CMake: Fix PACKAGE_BUGREPORT variable
- Autotools|CMake: Make test suite require a C++11 compiler
- CMake: Require CMake >=3.5.0
- CMake: Lowercase off_t and size_t to help a bug in Meson
- CMake: Sort xmlwf sources alphabetically
- CMake|Windows: Fix generation of DLL file version info
- CMake: Build tests/benchmark/benchmark.c as well for
a build with -DEXPAT_BUILD_TESTS=ON
- docs: Document the importance of isFinal + adjust tests
accordingly
- docs: Improve use of "NULL" and "null"
- docs: Be specific about version of XML (XML 1.0r4)
and version of C (C99); (XML 1.0r5 will need a sponsor.)
- docs: reference.html: Promote function XML_ParseBuffer more
- docs: reference.html: Add HTML anchors to XML_* macros
- docs: reference.html: Upgrade to OK.css 1.2.0
- docs: Fix typos
- docs|CI: Use HTTPS URLs instead of HTTP at various places
- Address compiler warnings
- Address clang-tidy warnings
- Version info bumped from 9:10:8 (libexpat*.so.1.8.10)
to 10:0:9 (libexpat*.so.1.9.0); see https://verbump.de/
for what these numbers do
Patchnames: SUSE-SLE-Micro-6.1-108
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.2 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.2 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.2 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.9 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
49 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for expat",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for expat fixes the following issues:\n\nVersion update to 2.7.1:\n\n Bug fixes:\n\n #980 #989 Restore event pointer behavior from Expat 2.6.4\n (that the fix to CVE-2024-8176 changed in 2.7.0);\n affected API functions are:\n - XML_GetCurrentByteCount\n - XML_GetCurrentByteIndex\n - XML_GetCurrentColumnNumber\n - XML_GetCurrentLineNumber\n - XML_GetInputContext\n\n Other changes:\n\n #976 #977 Autotools: Integrate files \"fuzz/xml_lpm_fuzzer.{cpp,proto}\"\n with Automake that were missing from 2.7.0 release tarballs\n #983 #984 Fix printf format specifiers for 32bit Emscripten\n #992 docs: Promote OpenSSF Best Practices self-certification\n #978 tests/benchmark: Resolve mistaken double close\n #986 Address compiler warnings\n #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1)\n to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/\n for what these numbers do\n\n Infrastructure:\n\n #982 CI: Start running Perl XML::Parser integration tests\n #987 CI: Enforce Clang Static Analyzer clean code\n #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized\n for clang-tidy\n #981 CI: Cover compilation with musl\n #983 #984 CI: Cover compilation with 32bit Emscripten\n #976 #977 CI: Protect against fuzzer files missing from future\n release archives\n\nversion update to 2.7.0 (CVE-2024-8176 [bsc#1239618]):\n\n * Security fixes:\n\n #893 #973 CVE-2024-8176 -- Fix crash from chaining a large number\n of entities caused by stack overflow by resolving use of\n recursion, for all three uses of entities:\n - general entities in character data (\"\u003ce\u003e\u0026g1;\u003c/e\u003e\")\n - general entities in attribute values (\"\u003ce k1=\u0027\u0026g1;\u0027/\u003e\")\n - parameter entities (\"%p1;\")\n Known impact is (reliable and easy) denial of service:\n CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:O/RC:C\n (Base Score: 7.5, Temporal Score: 7.2)\n Please note that a layer of compression around XML can\n significantly reduce the minimum attack payload size.\n\n * Other changes:\n #935 #937 Autotools: Make generated CMake files look for\n libexpat.@SO_MAJOR@.dylib on macOS\n #925 Autotools: Sync CMake templates with CMake 3.29\n #945 #962 #966 CMake: Drop support for CMake \u003c3.13\n #942 CMake: Small fuzzing related improvements\n #921 docs: Add missing documentation of error code\n XML_ERROR_NOT_STARTED that was introduced with 2.6.4\n #941 docs: Document need for C++11 compiler for use from C++\n #959 tests/benchmark: Fix a (harmless) TOCTTOU\n #944 Windows: Fix installer target location of file xmlwf.xml\n for CMake\n #953 Windows: Address warning -Wunknown-warning-option\n about -Wno-pedantic-ms-format from LLVM MinGW\n #971 Address Cppcheck warnings\n #969 #970 Mass-migrate links from http:// to https://\n #947 #958 ..\n #974 #975 Document changes since the previous release\n #974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0)\n to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/\n for what these numbers do\n\n- no source changes, just adding jira reference: jsc#SLE-21253\n\nVersion update to 2.6.4 \n\n * Security fixes: [bsc#1232601][bsc#1232579]\n #915 CVE-2024-50602 -- Fix crash within function XML_ResumeParser\n from a NULL pointer dereference by disallowing function\n XML_StopParser to (stop or) suspend an unstarted parser.\n A new error code XML_ERROR_NOT_STARTED was introduced to\n properly communicate this situation. // CWE-476 CWE-754\n * Other changes:\n #903 CMake: Add alias target \"expat::expat\"\n #905 docs: Document use via CMake \u003e=3.18 with FetchContent\n and SOURCE_SUBDIR and its consequences\n #902 tests: Reduce use of global parser instance\n #904 tests: Resolve duplicate handler\n #317 #918 tests: Improve tests on doctype closing (ex CVE-2019-15903)\n #914 Fix signedness of format strings\n #919 #920 Version info bumped from 10:3:9 (libexpat*.so.1.9.3)\n to 11:0:10 (libexpat*.so.1.10.0); see https://verbump.de/\n for what these numbers do\n\nUpdate to 2.6.3: \n\n * Security fixes:\n\n - CVE-2024-45490, bsc#1229930 -- Calling function XML_ParseBuffer with\n len \u003c 0 without noticing and then calling XML_GetBuffer\n will have XML_ParseBuffer fail to recognize the problem\n and XML_GetBuffer corrupt memory.\n With the fix, XML_ParseBuffer now complains with error\n XML_ERROR_INVALID_ARGUMENT just like sibling XML_Parse\n has been doing since Expat 2.2.1, and now documented.\n Impact is denial of service to potentially artitrary code\n execution.\n - CVE-2024-45491, bsc#1229931 -- Internal function dtdCopy can have an\n integer overflow for nDefaultAtts on 32-bit platforms\n (where UINT_MAX equals SIZE_MAX).\n Impact is denial of service to potentially artitrary code\n execution.\n - CVE-2024-45492, bsc#1229932 -- Internal function nextScaffoldPart can\n have an integer overflow for m_groupSize on 32-bit\n platforms (where UINT_MAX equals SIZE_MAX).\n Impact is denial of service to potentially artitrary code\n execution.\n\nUpdate to 2.6.2:\n\n * CVE-2024-28757 -- Prevent billion laughs attacks with isolated\n use of external parsers (bsc#1221289)\n * Reject direct parameter entity recursion and avoid the related\n undefined behavior\n\nUpdate to 2.6.1:\n\n * Expose billion laughs API with XML_DTD defined and XML_GE\n undefined, regression from 2.6.0\n * Make tests independent of CPU speed, and thus more robust\n\nUpdate to 2.6.0: \n\n * Security fixes:\n - CVE-2023-52425 (bsc#1219559) \n -- Fix quadratic runtime issues with big tokens\n that can cause denial of service, in partial where\n dealing with compressed XML input. Applications\n that parsed a document in one go -- a single call to\n functions XML_Parse or XML_ParseBuffer -- were not affected.\n The smaller the chunks/buffers you use for parsing\n previously, the bigger the problem prior to the fix.\n Backporters should be careful to no omit parts of\n pull request #789 and to include earlier pull request #771,\n in order to not break the fix.\n - CVE-2023-52426 (bsc#1219561)\n -- Fix billion laughs attacks for users\n compiling *without* XML_DTD defined (which is not common).\n Users with XML_DTD defined have been protected since\n Expat \u003e=2.4.0 (and that was CVE-2013-0340 back then).\n * Bug fixes:\n - Fix parse-size-dependent \"invalid token\" error for\n external entities that start with a byte order mark\n - Fix NULL pointer dereference in setContext via\n XML_ExternalEntityParserCreate for compilation with\n XML_DTD undefined\n - Protect against closing entities out of order\n * Other changes:\n - Improve support for arc4random/arc4random_buf\n - Improve buffer growth in XML_GetBuffer and XML_Parse\n - xmlwf: Support --help and --version\n - xmlwf: Support custom buffer size for XML_GetBuffer and read\n - xmlwf: Improve language and URL clickability in help output\n - examples: Add new example \"element_declarations.c\"\n - Be stricter about macro XML_CONTEXT_BYTES at build time\n - Make inclusion to expat_config.h consistent\n - Autotools: configure.ac: Support --disable-maintainer-mode\n - Autotools: Sync CMake templates with CMake 3.26\n - Autotools: Make installation of shipped man page doc/xmlwf.1\n independent of docbook2man availability\n - Autotools|CMake: Add missing -DXML_STATIC to pkg-config file\n section \"Cflags.private\" in order to fix compilation\n against static libexpat using pkg-config on Windows\n - Autotools|CMake: Require a C99 compiler\n (a de-facto requirement already since Expat 2.2.2 of 2017)\n - Autotools|CMake: Fix PACKAGE_BUGREPORT variable\n - Autotools|CMake: Make test suite require a C++11 compiler\n - CMake: Require CMake \u003e=3.5.0\n - CMake: Lowercase off_t and size_t to help a bug in Meson\n - CMake: Sort xmlwf sources alphabetically\n - CMake|Windows: Fix generation of DLL file version info\n - CMake: Build tests/benchmark/benchmark.c as well for\n a build with -DEXPAT_BUILD_TESTS=ON\n - docs: Document the importance of isFinal + adjust tests\n accordingly\n - docs: Improve use of \"NULL\" and \"null\"\n - docs: Be specific about version of XML (XML 1.0r4)\n and version of C (C99); (XML 1.0r5 will need a sponsor.)\n - docs: reference.html: Promote function XML_ParseBuffer more\n - docs: reference.html: Add HTML anchors to XML_* macros\n - docs: reference.html: Upgrade to OK.css 1.2.0\n - docs: Fix typos\n - docs|CI: Use HTTPS URLs instead of HTTP at various places\n - Address compiler warnings\n - Address clang-tidy warnings\n - Version info bumped from 9:10:8 (libexpat*.so.1.8.10)\n to 10:0:9 (libexpat*.so.1.9.0); see https://verbump.de/\n for what these numbers do\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.1-108",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20311-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:20311-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520311-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:20311-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021027.html"
},
{
"category": "self",
"summary": "SUSE Bug 1219559",
"url": "https://bugzilla.suse.com/1219559"
},
{
"category": "self",
"summary": "SUSE Bug 1219561",
"url": "https://bugzilla.suse.com/1219561"
},
{
"category": "self",
"summary": "SUSE Bug 1221289",
"url": "https://bugzilla.suse.com/1221289"
},
{
"category": "self",
"summary": "SUSE Bug 1229930",
"url": "https://bugzilla.suse.com/1229930"
},
{
"category": "self",
"summary": "SUSE Bug 1229931",
"url": "https://bugzilla.suse.com/1229931"
},
{
"category": "self",
"summary": "SUSE Bug 1229932",
"url": "https://bugzilla.suse.com/1229932"
},
{
"category": "self",
"summary": "SUSE Bug 1232579",
"url": "https://bugzilla.suse.com/1232579"
},
{
"category": "self",
"summary": "SUSE Bug 1232601",
"url": "https://bugzilla.suse.com/1232601"
},
{
"category": "self",
"summary": "SUSE Bug 1239618",
"url": "https://bugzilla.suse.com/1239618"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-0340 page",
"url": "https://www.suse.com/security/cve/CVE-2013-0340/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-15903 page",
"url": "https://www.suse.com/security/cve/CVE-2019-15903/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52425 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52425/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52426 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52426/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-28757 page",
"url": "https://www.suse.com/security/cve/CVE-2024-28757/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45490 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45490/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45491 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45491/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45492 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45492/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50602 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50602/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-8176 page",
"url": "https://www.suse.com/security/cve/CVE-2024-8176/"
}
],
"title": "Security update for expat",
"tracking": {
"current_release_date": "2025-05-13T13:37:27Z",
"generator": {
"date": "2025-05-13T13:37:27Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:20311-1",
"initial_release_date": "2025-05-13T13:37:27Z",
"revision_history": [
{
"date": "2025-05-13T13:37:27Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libexpat1-2.7.1-slfo.1.1_1.1.aarch64",
"product": {
"name": "libexpat1-2.7.1-slfo.1.1_1.1.aarch64",
"product_id": "libexpat1-2.7.1-slfo.1.1_1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libexpat1-2.7.1-slfo.1.1_1.1.ppc64le",
"product": {
"name": "libexpat1-2.7.1-slfo.1.1_1.1.ppc64le",
"product_id": "libexpat1-2.7.1-slfo.1.1_1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libexpat1-2.7.1-slfo.1.1_1.1.s390x",
"product": {
"name": "libexpat1-2.7.1-slfo.1.1_1.1.s390x",
"product_id": "libexpat1-2.7.1-slfo.1.1_1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libexpat1-2.7.1-slfo.1.1_1.1.x86_64",
"product": {
"name": "libexpat1-2.7.1-slfo.1.1_1.1.x86_64",
"product_id": "libexpat1-2.7.1-slfo.1.1_1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.1",
"product": {
"name": "SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.7.1-slfo.1.1_1.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64"
},
"product_reference": "libexpat1-2.7.1-slfo.1.1_1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.7.1-slfo.1.1_1.1.ppc64le as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le"
},
"product_reference": "libexpat1-2.7.1-slfo.1.1_1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.7.1-slfo.1.1_1.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x"
},
"product_reference": "libexpat1-2.7.1-slfo.1.1_1.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.7.1-slfo.1.1_1.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64"
},
"product_reference": "libexpat1-2.7.1-slfo.1.1_1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2013-0340",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-0340"
}
],
"notes": [
{
"category": "general",
"text": "expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-0340",
"url": "https://www.suse.com/security/cve/CVE-2013-0340"
},
{
"category": "external",
"summary": "SUSE Bug 805236 for CVE-2013-0340",
"url": "https://bugzilla.suse.com/805236"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-13T13:37:27Z",
"details": "moderate"
}
],
"title": "CVE-2013-0340"
},
{
"cve": "CVE-2019-15903",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-15903"
}
],
"notes": [
{
"category": "general",
"text": "In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-15903",
"url": "https://www.suse.com/security/cve/CVE-2019-15903"
},
{
"category": "external",
"summary": "SUSE Bug 1149429 for CVE-2019-15903",
"url": "https://bugzilla.suse.com/1149429"
},
{
"category": "external",
"summary": "SUSE Bug 1154738 for CVE-2019-15903",
"url": "https://bugzilla.suse.com/1154738"
},
{
"category": "external",
"summary": "SUSE Bug 1154806 for CVE-2019-15903",
"url": "https://bugzilla.suse.com/1154806"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-13T13:37:27Z",
"details": "important"
}
],
"title": "CVE-2019-15903"
},
{
"cve": "CVE-2023-52425",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52425"
}
],
"notes": [
{
"category": "general",
"text": "libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52425",
"url": "https://www.suse.com/security/cve/CVE-2023-52425"
},
{
"category": "external",
"summary": "SUSE Bug 1219559 for CVE-2023-52425",
"url": "https://bugzilla.suse.com/1219559"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-13T13:37:27Z",
"details": "moderate"
}
],
"title": "CVE-2023-52425"
},
{
"cve": "CVE-2023-52426",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52426"
}
],
"notes": [
{
"category": "general",
"text": "libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52426",
"url": "https://www.suse.com/security/cve/CVE-2023-52426"
},
{
"category": "external",
"summary": "SUSE Bug 1219561 for CVE-2023-52426",
"url": "https://bugzilla.suse.com/1219561"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-13T13:37:27Z",
"details": "moderate"
}
],
"title": "CVE-2023-52426"
},
{
"cve": "CVE-2024-28757",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-28757"
}
],
"notes": [
{
"category": "general",
"text": "libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-28757",
"url": "https://www.suse.com/security/cve/CVE-2024-28757"
},
{
"category": "external",
"summary": "SUSE Bug 1221289 for CVE-2024-28757",
"url": "https://bugzilla.suse.com/1221289"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-13T13:37:27Z",
"details": "important"
}
],
"title": "CVE-2024-28757"
},
{
"cve": "CVE-2024-45490",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45490"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45490",
"url": "https://www.suse.com/security/cve/CVE-2024-45490"
},
{
"category": "external",
"summary": "SUSE Bug 1229930 for CVE-2024-45490",
"url": "https://bugzilla.suse.com/1229930"
},
{
"category": "external",
"summary": "SUSE Bug 1229962 for CVE-2024-45490",
"url": "https://bugzilla.suse.com/1229962"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-13T13:37:27Z",
"details": "moderate"
}
],
"title": "CVE-2024-45490"
},
{
"cve": "CVE-2024-45491",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45491"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45491",
"url": "https://www.suse.com/security/cve/CVE-2024-45491"
},
{
"category": "external",
"summary": "SUSE Bug 1229930 for CVE-2024-45491",
"url": "https://bugzilla.suse.com/1229930"
},
{
"category": "external",
"summary": "SUSE Bug 1229931 for CVE-2024-45491",
"url": "https://bugzilla.suse.com/1229931"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-13T13:37:27Z",
"details": "moderate"
}
],
"title": "CVE-2024-45491"
},
{
"cve": "CVE-2024-45492",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45492"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45492",
"url": "https://www.suse.com/security/cve/CVE-2024-45492"
},
{
"category": "external",
"summary": "SUSE Bug 1229930 for CVE-2024-45492",
"url": "https://bugzilla.suse.com/1229930"
},
{
"category": "external",
"summary": "SUSE Bug 1229932 for CVE-2024-45492",
"url": "https://bugzilla.suse.com/1229932"
},
{
"category": "external",
"summary": "SUSE Bug 1229964 for CVE-2024-45492",
"url": "https://bugzilla.suse.com/1229964"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-13T13:37:27Z",
"details": "moderate"
}
],
"title": "CVE-2024-45492"
},
{
"cve": "CVE-2024-50602",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50602"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50602",
"url": "https://www.suse.com/security/cve/CVE-2024-50602"
},
{
"category": "external",
"summary": "SUSE Bug 1232579 for CVE-2024-50602",
"url": "https://bugzilla.suse.com/1232579"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-13T13:37:27Z",
"details": "moderate"
}
],
"title": "CVE-2024-50602"
},
{
"cve": "CVE-2024-8176",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-8176"
}
],
"notes": [
{
"category": "general",
"text": "A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-8176",
"url": "https://www.suse.com/security/cve/CVE-2024-8176"
},
{
"category": "external",
"summary": "SUSE Bug 1239618 for CVE-2024-8176",
"url": "https://bugzilla.suse.com/1239618"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-13T13:37:27Z",
"details": "important"
}
],
"title": "CVE-2024-8176"
}
]
}
SUSE-SU-2025:4512-1
Vulnerability from csaf_suse - Published: 2025-12-23 12:23 - Updated: 2025-12-23 12:23Summary
Security update for mozjs52
Severity
Moderate
Notes
Title of the patch: Security update for mozjs52
Description of the patch: This update for mozjs52 fixes the following issues:
- CVE-2024-45491: Fixed integer overflow in dtdCopy (bsc#1230037)
- CVE-2024-50602: Fixed DoS via XML_ResumeParser (bsc#1232599)
- CVE-2024-45492: Fixed integer overflow in function nextScaffoldPart (bsc#1230038)
- CVE-2024-45490: Fixed negative len for XML_ParseBuffer (bsc#1230036)
Patchnames: SUSE-2025-4512,SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-4512,openSUSE-SLE-15.6-2025-4512
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.2 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:libmozjs-52-52.6.0-150000.3.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:libmozjs-52-52.6.0-150000.3.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:libmozjs-52-52.6.0-150000.3.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:libmozjs-52-52.6.0-150000.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libmozjs-52-52.6.0-150000.3.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libmozjs-52-52.6.0-150000.3.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libmozjs-52-52.6.0-150000.3.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libmozjs-52-52.6.0-150000.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs52-52.6.0-150000.3.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs52-52.6.0-150000.3.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs52-52.6.0-150000.3.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs52-52.6.0-150000.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs52-devel-52.6.0-150000.3.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs52-devel-52.6.0-150000.3.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs52-devel-52.6.0-150000.3.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs52-devel-52.6.0-150000.3.9.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.2 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:libmozjs-52-52.6.0-150000.3.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:libmozjs-52-52.6.0-150000.3.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:libmozjs-52-52.6.0-150000.3.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:libmozjs-52-52.6.0-150000.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libmozjs-52-52.6.0-150000.3.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libmozjs-52-52.6.0-150000.3.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libmozjs-52-52.6.0-150000.3.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libmozjs-52-52.6.0-150000.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs52-52.6.0-150000.3.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs52-52.6.0-150000.3.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs52-52.6.0-150000.3.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs52-52.6.0-150000.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs52-devel-52.6.0-150000.3.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs52-devel-52.6.0-150000.3.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs52-devel-52.6.0-150000.3.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs52-devel-52.6.0-150000.3.9.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.2 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:libmozjs-52-52.6.0-150000.3.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:libmozjs-52-52.6.0-150000.3.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:libmozjs-52-52.6.0-150000.3.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:libmozjs-52-52.6.0-150000.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libmozjs-52-52.6.0-150000.3.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libmozjs-52-52.6.0-150000.3.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libmozjs-52-52.6.0-150000.3.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libmozjs-52-52.6.0-150000.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs52-52.6.0-150000.3.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs52-52.6.0-150000.3.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs52-52.6.0-150000.3.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs52-52.6.0-150000.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs52-devel-52.6.0-150000.3.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs52-devel-52.6.0-150000.3.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs52-devel-52.6.0-150000.3.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs52-devel-52.6.0-150000.3.9.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.9 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:libmozjs-52-52.6.0-150000.3.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:libmozjs-52-52.6.0-150000.3.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:libmozjs-52-52.6.0-150000.3.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:libmozjs-52-52.6.0-150000.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libmozjs-52-52.6.0-150000.3.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libmozjs-52-52.6.0-150000.3.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libmozjs-52-52.6.0-150000.3.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libmozjs-52-52.6.0-150000.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs52-52.6.0-150000.3.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs52-52.6.0-150000.3.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs52-52.6.0-150000.3.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs52-52.6.0-150000.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs52-devel-52.6.0-150000.3.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs52-devel-52.6.0-150000.3.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs52-devel-52.6.0-150000.3.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs52-devel-52.6.0-150000.3.9.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
24 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for mozjs52",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for mozjs52 fixes the following issues:\n\n- CVE-2024-45491: Fixed integer overflow in dtdCopy (bsc#1230037)\n- CVE-2024-50602: Fixed DoS via XML_ResumeParser (bsc#1232599)\n- CVE-2024-45492: Fixed integer overflow in function nextScaffoldPart (bsc#1230038)\n- CVE-2024-45490: Fixed negative len for XML_ParseBuffer (bsc#1230036)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-4512,SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-4512,openSUSE-SLE-15.6-2025-4512",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_4512-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:4512-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20254512-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:4512-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-December/023644.html"
},
{
"category": "self",
"summary": "SUSE Bug 1230036",
"url": "https://bugzilla.suse.com/1230036"
},
{
"category": "self",
"summary": "SUSE Bug 1230037",
"url": "https://bugzilla.suse.com/1230037"
},
{
"category": "self",
"summary": "SUSE Bug 1230038",
"url": "https://bugzilla.suse.com/1230038"
},
{
"category": "self",
"summary": "SUSE Bug 1232599",
"url": "https://bugzilla.suse.com/1232599"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45490 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45490/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45491 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45491/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45492 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45492/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50602 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50602/"
}
],
"title": "Security update for mozjs52",
"tracking": {
"current_release_date": "2025-12-23T12:23:19Z",
"generator": {
"date": "2025-12-23T12:23:19Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:4512-1",
"initial_release_date": "2025-12-23T12:23:19Z",
"revision_history": [
{
"date": "2025-12-23T12:23:19Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libmozjs-52-52.6.0-150000.3.9.1.aarch64",
"product": {
"name": "libmozjs-52-52.6.0-150000.3.9.1.aarch64",
"product_id": "libmozjs-52-52.6.0-150000.3.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "mozjs52-52.6.0-150000.3.9.1.aarch64",
"product": {
"name": "mozjs52-52.6.0-150000.3.9.1.aarch64",
"product_id": "mozjs52-52.6.0-150000.3.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "mozjs52-devel-52.6.0-150000.3.9.1.aarch64",
"product": {
"name": "mozjs52-devel-52.6.0-150000.3.9.1.aarch64",
"product_id": "mozjs52-devel-52.6.0-150000.3.9.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libmozjs-52-52.6.0-150000.3.9.1.i586",
"product": {
"name": "libmozjs-52-52.6.0-150000.3.9.1.i586",
"product_id": "libmozjs-52-52.6.0-150000.3.9.1.i586"
}
},
{
"category": "product_version",
"name": "mozjs52-52.6.0-150000.3.9.1.i586",
"product": {
"name": "mozjs52-52.6.0-150000.3.9.1.i586",
"product_id": "mozjs52-52.6.0-150000.3.9.1.i586"
}
},
{
"category": "product_version",
"name": "mozjs52-devel-52.6.0-150000.3.9.1.i586",
"product": {
"name": "mozjs52-devel-52.6.0-150000.3.9.1.i586",
"product_id": "mozjs52-devel-52.6.0-150000.3.9.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libmozjs-52-52.6.0-150000.3.9.1.ppc64le",
"product": {
"name": "libmozjs-52-52.6.0-150000.3.9.1.ppc64le",
"product_id": "libmozjs-52-52.6.0-150000.3.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "mozjs52-52.6.0-150000.3.9.1.ppc64le",
"product": {
"name": "mozjs52-52.6.0-150000.3.9.1.ppc64le",
"product_id": "mozjs52-52.6.0-150000.3.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "mozjs52-devel-52.6.0-150000.3.9.1.ppc64le",
"product": {
"name": "mozjs52-devel-52.6.0-150000.3.9.1.ppc64le",
"product_id": "mozjs52-devel-52.6.0-150000.3.9.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libmozjs-52-52.6.0-150000.3.9.1.s390x",
"product": {
"name": "libmozjs-52-52.6.0-150000.3.9.1.s390x",
"product_id": "libmozjs-52-52.6.0-150000.3.9.1.s390x"
}
},
{
"category": "product_version",
"name": "mozjs52-52.6.0-150000.3.9.1.s390x",
"product": {
"name": "mozjs52-52.6.0-150000.3.9.1.s390x",
"product_id": "mozjs52-52.6.0-150000.3.9.1.s390x"
}
},
{
"category": "product_version",
"name": "mozjs52-devel-52.6.0-150000.3.9.1.s390x",
"product": {
"name": "mozjs52-devel-52.6.0-150000.3.9.1.s390x",
"product_id": "mozjs52-devel-52.6.0-150000.3.9.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libmozjs-52-52.6.0-150000.3.9.1.x86_64",
"product": {
"name": "libmozjs-52-52.6.0-150000.3.9.1.x86_64",
"product_id": "libmozjs-52-52.6.0-150000.3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "mozjs52-52.6.0-150000.3.9.1.x86_64",
"product": {
"name": "mozjs52-52.6.0-150000.3.9.1.x86_64",
"product_id": "mozjs52-52.6.0-150000.3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "mozjs52-devel-52.6.0-150000.3.9.1.x86_64",
"product": {
"name": "mozjs52-devel-52.6.0-150000.3.9.1.x86_64",
"product_id": "mozjs52-devel-52.6.0-150000.3.9.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:15:sp7"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libmozjs-52-52.6.0-150000.3.9.1.aarch64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:libmozjs-52-52.6.0-150000.3.9.1.aarch64"
},
"product_reference": "libmozjs-52-52.6.0-150000.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmozjs-52-52.6.0-150000.3.9.1.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:libmozjs-52-52.6.0-150000.3.9.1.ppc64le"
},
"product_reference": "libmozjs-52-52.6.0-150000.3.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmozjs-52-52.6.0-150000.3.9.1.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:libmozjs-52-52.6.0-150000.3.9.1.s390x"
},
"product_reference": "libmozjs-52-52.6.0-150000.3.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmozjs-52-52.6.0-150000.3.9.1.x86_64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:libmozjs-52-52.6.0-150000.3.9.1.x86_64"
},
"product_reference": "libmozjs-52-52.6.0-150000.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmozjs-52-52.6.0-150000.3.9.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libmozjs-52-52.6.0-150000.3.9.1.aarch64"
},
"product_reference": "libmozjs-52-52.6.0-150000.3.9.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmozjs-52-52.6.0-150000.3.9.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libmozjs-52-52.6.0-150000.3.9.1.ppc64le"
},
"product_reference": "libmozjs-52-52.6.0-150000.3.9.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmozjs-52-52.6.0-150000.3.9.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libmozjs-52-52.6.0-150000.3.9.1.s390x"
},
"product_reference": "libmozjs-52-52.6.0-150000.3.9.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmozjs-52-52.6.0-150000.3.9.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libmozjs-52-52.6.0-150000.3.9.1.x86_64"
},
"product_reference": "libmozjs-52-52.6.0-150000.3.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozjs52-52.6.0-150000.3.9.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:mozjs52-52.6.0-150000.3.9.1.aarch64"
},
"product_reference": "mozjs52-52.6.0-150000.3.9.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozjs52-52.6.0-150000.3.9.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:mozjs52-52.6.0-150000.3.9.1.ppc64le"
},
"product_reference": "mozjs52-52.6.0-150000.3.9.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozjs52-52.6.0-150000.3.9.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:mozjs52-52.6.0-150000.3.9.1.s390x"
},
"product_reference": "mozjs52-52.6.0-150000.3.9.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozjs52-52.6.0-150000.3.9.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:mozjs52-52.6.0-150000.3.9.1.x86_64"
},
"product_reference": "mozjs52-52.6.0-150000.3.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozjs52-devel-52.6.0-150000.3.9.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:mozjs52-devel-52.6.0-150000.3.9.1.aarch64"
},
"product_reference": "mozjs52-devel-52.6.0-150000.3.9.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozjs52-devel-52.6.0-150000.3.9.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:mozjs52-devel-52.6.0-150000.3.9.1.ppc64le"
},
"product_reference": "mozjs52-devel-52.6.0-150000.3.9.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozjs52-devel-52.6.0-150000.3.9.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:mozjs52-devel-52.6.0-150000.3.9.1.s390x"
},
"product_reference": "mozjs52-devel-52.6.0-150000.3.9.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozjs52-devel-52.6.0-150000.3.9.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:mozjs52-devel-52.6.0-150000.3.9.1.x86_64"
},
"product_reference": "mozjs52-devel-52.6.0-150000.3.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-45490",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45490"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libmozjs-52-52.6.0-150000.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libmozjs-52-52.6.0-150000.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libmozjs-52-52.6.0-150000.3.9.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libmozjs-52-52.6.0-150000.3.9.1.x86_64",
"openSUSE Leap 15.6:libmozjs-52-52.6.0-150000.3.9.1.aarch64",
"openSUSE Leap 15.6:libmozjs-52-52.6.0-150000.3.9.1.ppc64le",
"openSUSE Leap 15.6:libmozjs-52-52.6.0-150000.3.9.1.s390x",
"openSUSE Leap 15.6:libmozjs-52-52.6.0-150000.3.9.1.x86_64",
"openSUSE Leap 15.6:mozjs52-52.6.0-150000.3.9.1.aarch64",
"openSUSE Leap 15.6:mozjs52-52.6.0-150000.3.9.1.ppc64le",
"openSUSE Leap 15.6:mozjs52-52.6.0-150000.3.9.1.s390x",
"openSUSE Leap 15.6:mozjs52-52.6.0-150000.3.9.1.x86_64",
"openSUSE Leap 15.6:mozjs52-devel-52.6.0-150000.3.9.1.aarch64",
"openSUSE Leap 15.6:mozjs52-devel-52.6.0-150000.3.9.1.ppc64le",
"openSUSE Leap 15.6:mozjs52-devel-52.6.0-150000.3.9.1.s390x",
"openSUSE Leap 15.6:mozjs52-devel-52.6.0-150000.3.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45490",
"url": "https://www.suse.com/security/cve/CVE-2024-45490"
},
{
"category": "external",
"summary": "SUSE Bug 1229930 for CVE-2024-45490",
"url": "https://bugzilla.suse.com/1229930"
},
{
"category": "external",
"summary": "SUSE Bug 1229962 for CVE-2024-45490",
"url": "https://bugzilla.suse.com/1229962"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libmozjs-52-52.6.0-150000.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libmozjs-52-52.6.0-150000.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libmozjs-52-52.6.0-150000.3.9.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libmozjs-52-52.6.0-150000.3.9.1.x86_64",
"openSUSE Leap 15.6:libmozjs-52-52.6.0-150000.3.9.1.aarch64",
"openSUSE Leap 15.6:libmozjs-52-52.6.0-150000.3.9.1.ppc64le",
"openSUSE Leap 15.6:libmozjs-52-52.6.0-150000.3.9.1.s390x",
"openSUSE Leap 15.6:libmozjs-52-52.6.0-150000.3.9.1.x86_64",
"openSUSE Leap 15.6:mozjs52-52.6.0-150000.3.9.1.aarch64",
"openSUSE Leap 15.6:mozjs52-52.6.0-150000.3.9.1.ppc64le",
"openSUSE Leap 15.6:mozjs52-52.6.0-150000.3.9.1.s390x",
"openSUSE Leap 15.6:mozjs52-52.6.0-150000.3.9.1.x86_64",
"openSUSE Leap 15.6:mozjs52-devel-52.6.0-150000.3.9.1.aarch64",
"openSUSE Leap 15.6:mozjs52-devel-52.6.0-150000.3.9.1.ppc64le",
"openSUSE Leap 15.6:mozjs52-devel-52.6.0-150000.3.9.1.s390x",
"openSUSE Leap 15.6:mozjs52-devel-52.6.0-150000.3.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libmozjs-52-52.6.0-150000.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libmozjs-52-52.6.0-150000.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libmozjs-52-52.6.0-150000.3.9.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libmozjs-52-52.6.0-150000.3.9.1.x86_64",
"openSUSE Leap 15.6:libmozjs-52-52.6.0-150000.3.9.1.aarch64",
"openSUSE Leap 15.6:libmozjs-52-52.6.0-150000.3.9.1.ppc64le",
"openSUSE Leap 15.6:libmozjs-52-52.6.0-150000.3.9.1.s390x",
"openSUSE Leap 15.6:libmozjs-52-52.6.0-150000.3.9.1.x86_64",
"openSUSE Leap 15.6:mozjs52-52.6.0-150000.3.9.1.aarch64",
"openSUSE Leap 15.6:mozjs52-52.6.0-150000.3.9.1.ppc64le",
"openSUSE Leap 15.6:mozjs52-52.6.0-150000.3.9.1.s390x",
"openSUSE Leap 15.6:mozjs52-52.6.0-150000.3.9.1.x86_64",
"openSUSE Leap 15.6:mozjs52-devel-52.6.0-150000.3.9.1.aarch64",
"openSUSE Leap 15.6:mozjs52-devel-52.6.0-150000.3.9.1.ppc64le",
"openSUSE Leap 15.6:mozjs52-devel-52.6.0-150000.3.9.1.s390x",
"openSUSE Leap 15.6:mozjs52-devel-52.6.0-150000.3.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-12-23T12:23:19Z",
"details": "moderate"
}
],
"title": "CVE-2024-45490"
},
{
"cve": "CVE-2024-45491",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45491"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libmozjs-52-52.6.0-150000.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libmozjs-52-52.6.0-150000.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libmozjs-52-52.6.0-150000.3.9.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libmozjs-52-52.6.0-150000.3.9.1.x86_64",
"openSUSE Leap 15.6:libmozjs-52-52.6.0-150000.3.9.1.aarch64",
"openSUSE Leap 15.6:libmozjs-52-52.6.0-150000.3.9.1.ppc64le",
"openSUSE Leap 15.6:libmozjs-52-52.6.0-150000.3.9.1.s390x",
"openSUSE Leap 15.6:libmozjs-52-52.6.0-150000.3.9.1.x86_64",
"openSUSE Leap 15.6:mozjs52-52.6.0-150000.3.9.1.aarch64",
"openSUSE Leap 15.6:mozjs52-52.6.0-150000.3.9.1.ppc64le",
"openSUSE Leap 15.6:mozjs52-52.6.0-150000.3.9.1.s390x",
"openSUSE Leap 15.6:mozjs52-52.6.0-150000.3.9.1.x86_64",
"openSUSE Leap 15.6:mozjs52-devel-52.6.0-150000.3.9.1.aarch64",
"openSUSE Leap 15.6:mozjs52-devel-52.6.0-150000.3.9.1.ppc64le",
"openSUSE Leap 15.6:mozjs52-devel-52.6.0-150000.3.9.1.s390x",
"openSUSE Leap 15.6:mozjs52-devel-52.6.0-150000.3.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45491",
"url": "https://www.suse.com/security/cve/CVE-2024-45491"
},
{
"category": "external",
"summary": "SUSE Bug 1229930 for CVE-2024-45491",
"url": "https://bugzilla.suse.com/1229930"
},
{
"category": "external",
"summary": "SUSE Bug 1229931 for CVE-2024-45491",
"url": "https://bugzilla.suse.com/1229931"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libmozjs-52-52.6.0-150000.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libmozjs-52-52.6.0-150000.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libmozjs-52-52.6.0-150000.3.9.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libmozjs-52-52.6.0-150000.3.9.1.x86_64",
"openSUSE Leap 15.6:libmozjs-52-52.6.0-150000.3.9.1.aarch64",
"openSUSE Leap 15.6:libmozjs-52-52.6.0-150000.3.9.1.ppc64le",
"openSUSE Leap 15.6:libmozjs-52-52.6.0-150000.3.9.1.s390x",
"openSUSE Leap 15.6:libmozjs-52-52.6.0-150000.3.9.1.x86_64",
"openSUSE Leap 15.6:mozjs52-52.6.0-150000.3.9.1.aarch64",
"openSUSE Leap 15.6:mozjs52-52.6.0-150000.3.9.1.ppc64le",
"openSUSE Leap 15.6:mozjs52-52.6.0-150000.3.9.1.s390x",
"openSUSE Leap 15.6:mozjs52-52.6.0-150000.3.9.1.x86_64",
"openSUSE Leap 15.6:mozjs52-devel-52.6.0-150000.3.9.1.aarch64",
"openSUSE Leap 15.6:mozjs52-devel-52.6.0-150000.3.9.1.ppc64le",
"openSUSE Leap 15.6:mozjs52-devel-52.6.0-150000.3.9.1.s390x",
"openSUSE Leap 15.6:mozjs52-devel-52.6.0-150000.3.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libmozjs-52-52.6.0-150000.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libmozjs-52-52.6.0-150000.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libmozjs-52-52.6.0-150000.3.9.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libmozjs-52-52.6.0-150000.3.9.1.x86_64",
"openSUSE Leap 15.6:libmozjs-52-52.6.0-150000.3.9.1.aarch64",
"openSUSE Leap 15.6:libmozjs-52-52.6.0-150000.3.9.1.ppc64le",
"openSUSE Leap 15.6:libmozjs-52-52.6.0-150000.3.9.1.s390x",
"openSUSE Leap 15.6:libmozjs-52-52.6.0-150000.3.9.1.x86_64",
"openSUSE Leap 15.6:mozjs52-52.6.0-150000.3.9.1.aarch64",
"openSUSE Leap 15.6:mozjs52-52.6.0-150000.3.9.1.ppc64le",
"openSUSE Leap 15.6:mozjs52-52.6.0-150000.3.9.1.s390x",
"openSUSE Leap 15.6:mozjs52-52.6.0-150000.3.9.1.x86_64",
"openSUSE Leap 15.6:mozjs52-devel-52.6.0-150000.3.9.1.aarch64",
"openSUSE Leap 15.6:mozjs52-devel-52.6.0-150000.3.9.1.ppc64le",
"openSUSE Leap 15.6:mozjs52-devel-52.6.0-150000.3.9.1.s390x",
"openSUSE Leap 15.6:mozjs52-devel-52.6.0-150000.3.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-12-23T12:23:19Z",
"details": "moderate"
}
],
"title": "CVE-2024-45491"
},
{
"cve": "CVE-2024-45492",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45492"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libmozjs-52-52.6.0-150000.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libmozjs-52-52.6.0-150000.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libmozjs-52-52.6.0-150000.3.9.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libmozjs-52-52.6.0-150000.3.9.1.x86_64",
"openSUSE Leap 15.6:libmozjs-52-52.6.0-150000.3.9.1.aarch64",
"openSUSE Leap 15.6:libmozjs-52-52.6.0-150000.3.9.1.ppc64le",
"openSUSE Leap 15.6:libmozjs-52-52.6.0-150000.3.9.1.s390x",
"openSUSE Leap 15.6:libmozjs-52-52.6.0-150000.3.9.1.x86_64",
"openSUSE Leap 15.6:mozjs52-52.6.0-150000.3.9.1.aarch64",
"openSUSE Leap 15.6:mozjs52-52.6.0-150000.3.9.1.ppc64le",
"openSUSE Leap 15.6:mozjs52-52.6.0-150000.3.9.1.s390x",
"openSUSE Leap 15.6:mozjs52-52.6.0-150000.3.9.1.x86_64",
"openSUSE Leap 15.6:mozjs52-devel-52.6.0-150000.3.9.1.aarch64",
"openSUSE Leap 15.6:mozjs52-devel-52.6.0-150000.3.9.1.ppc64le",
"openSUSE Leap 15.6:mozjs52-devel-52.6.0-150000.3.9.1.s390x",
"openSUSE Leap 15.6:mozjs52-devel-52.6.0-150000.3.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45492",
"url": "https://www.suse.com/security/cve/CVE-2024-45492"
},
{
"category": "external",
"summary": "SUSE Bug 1229930 for CVE-2024-45492",
"url": "https://bugzilla.suse.com/1229930"
},
{
"category": "external",
"summary": "SUSE Bug 1229932 for CVE-2024-45492",
"url": "https://bugzilla.suse.com/1229932"
},
{
"category": "external",
"summary": "SUSE Bug 1229964 for CVE-2024-45492",
"url": "https://bugzilla.suse.com/1229964"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libmozjs-52-52.6.0-150000.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libmozjs-52-52.6.0-150000.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libmozjs-52-52.6.0-150000.3.9.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libmozjs-52-52.6.0-150000.3.9.1.x86_64",
"openSUSE Leap 15.6:libmozjs-52-52.6.0-150000.3.9.1.aarch64",
"openSUSE Leap 15.6:libmozjs-52-52.6.0-150000.3.9.1.ppc64le",
"openSUSE Leap 15.6:libmozjs-52-52.6.0-150000.3.9.1.s390x",
"openSUSE Leap 15.6:libmozjs-52-52.6.0-150000.3.9.1.x86_64",
"openSUSE Leap 15.6:mozjs52-52.6.0-150000.3.9.1.aarch64",
"openSUSE Leap 15.6:mozjs52-52.6.0-150000.3.9.1.ppc64le",
"openSUSE Leap 15.6:mozjs52-52.6.0-150000.3.9.1.s390x",
"openSUSE Leap 15.6:mozjs52-52.6.0-150000.3.9.1.x86_64",
"openSUSE Leap 15.6:mozjs52-devel-52.6.0-150000.3.9.1.aarch64",
"openSUSE Leap 15.6:mozjs52-devel-52.6.0-150000.3.9.1.ppc64le",
"openSUSE Leap 15.6:mozjs52-devel-52.6.0-150000.3.9.1.s390x",
"openSUSE Leap 15.6:mozjs52-devel-52.6.0-150000.3.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libmozjs-52-52.6.0-150000.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libmozjs-52-52.6.0-150000.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libmozjs-52-52.6.0-150000.3.9.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libmozjs-52-52.6.0-150000.3.9.1.x86_64",
"openSUSE Leap 15.6:libmozjs-52-52.6.0-150000.3.9.1.aarch64",
"openSUSE Leap 15.6:libmozjs-52-52.6.0-150000.3.9.1.ppc64le",
"openSUSE Leap 15.6:libmozjs-52-52.6.0-150000.3.9.1.s390x",
"openSUSE Leap 15.6:libmozjs-52-52.6.0-150000.3.9.1.x86_64",
"openSUSE Leap 15.6:mozjs52-52.6.0-150000.3.9.1.aarch64",
"openSUSE Leap 15.6:mozjs52-52.6.0-150000.3.9.1.ppc64le",
"openSUSE Leap 15.6:mozjs52-52.6.0-150000.3.9.1.s390x",
"openSUSE Leap 15.6:mozjs52-52.6.0-150000.3.9.1.x86_64",
"openSUSE Leap 15.6:mozjs52-devel-52.6.0-150000.3.9.1.aarch64",
"openSUSE Leap 15.6:mozjs52-devel-52.6.0-150000.3.9.1.ppc64le",
"openSUSE Leap 15.6:mozjs52-devel-52.6.0-150000.3.9.1.s390x",
"openSUSE Leap 15.6:mozjs52-devel-52.6.0-150000.3.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-12-23T12:23:19Z",
"details": "moderate"
}
],
"title": "CVE-2024-45492"
},
{
"cve": "CVE-2024-50602",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50602"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libmozjs-52-52.6.0-150000.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libmozjs-52-52.6.0-150000.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libmozjs-52-52.6.0-150000.3.9.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libmozjs-52-52.6.0-150000.3.9.1.x86_64",
"openSUSE Leap 15.6:libmozjs-52-52.6.0-150000.3.9.1.aarch64",
"openSUSE Leap 15.6:libmozjs-52-52.6.0-150000.3.9.1.ppc64le",
"openSUSE Leap 15.6:libmozjs-52-52.6.0-150000.3.9.1.s390x",
"openSUSE Leap 15.6:libmozjs-52-52.6.0-150000.3.9.1.x86_64",
"openSUSE Leap 15.6:mozjs52-52.6.0-150000.3.9.1.aarch64",
"openSUSE Leap 15.6:mozjs52-52.6.0-150000.3.9.1.ppc64le",
"openSUSE Leap 15.6:mozjs52-52.6.0-150000.3.9.1.s390x",
"openSUSE Leap 15.6:mozjs52-52.6.0-150000.3.9.1.x86_64",
"openSUSE Leap 15.6:mozjs52-devel-52.6.0-150000.3.9.1.aarch64",
"openSUSE Leap 15.6:mozjs52-devel-52.6.0-150000.3.9.1.ppc64le",
"openSUSE Leap 15.6:mozjs52-devel-52.6.0-150000.3.9.1.s390x",
"openSUSE Leap 15.6:mozjs52-devel-52.6.0-150000.3.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50602",
"url": "https://www.suse.com/security/cve/CVE-2024-50602"
},
{
"category": "external",
"summary": "SUSE Bug 1232579 for CVE-2024-50602",
"url": "https://bugzilla.suse.com/1232579"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libmozjs-52-52.6.0-150000.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libmozjs-52-52.6.0-150000.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libmozjs-52-52.6.0-150000.3.9.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libmozjs-52-52.6.0-150000.3.9.1.x86_64",
"openSUSE Leap 15.6:libmozjs-52-52.6.0-150000.3.9.1.aarch64",
"openSUSE Leap 15.6:libmozjs-52-52.6.0-150000.3.9.1.ppc64le",
"openSUSE Leap 15.6:libmozjs-52-52.6.0-150000.3.9.1.s390x",
"openSUSE Leap 15.6:libmozjs-52-52.6.0-150000.3.9.1.x86_64",
"openSUSE Leap 15.6:mozjs52-52.6.0-150000.3.9.1.aarch64",
"openSUSE Leap 15.6:mozjs52-52.6.0-150000.3.9.1.ppc64le",
"openSUSE Leap 15.6:mozjs52-52.6.0-150000.3.9.1.s390x",
"openSUSE Leap 15.6:mozjs52-52.6.0-150000.3.9.1.x86_64",
"openSUSE Leap 15.6:mozjs52-devel-52.6.0-150000.3.9.1.aarch64",
"openSUSE Leap 15.6:mozjs52-devel-52.6.0-150000.3.9.1.ppc64le",
"openSUSE Leap 15.6:mozjs52-devel-52.6.0-150000.3.9.1.s390x",
"openSUSE Leap 15.6:mozjs52-devel-52.6.0-150000.3.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libmozjs-52-52.6.0-150000.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libmozjs-52-52.6.0-150000.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libmozjs-52-52.6.0-150000.3.9.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libmozjs-52-52.6.0-150000.3.9.1.x86_64",
"openSUSE Leap 15.6:libmozjs-52-52.6.0-150000.3.9.1.aarch64",
"openSUSE Leap 15.6:libmozjs-52-52.6.0-150000.3.9.1.ppc64le",
"openSUSE Leap 15.6:libmozjs-52-52.6.0-150000.3.9.1.s390x",
"openSUSE Leap 15.6:libmozjs-52-52.6.0-150000.3.9.1.x86_64",
"openSUSE Leap 15.6:mozjs52-52.6.0-150000.3.9.1.aarch64",
"openSUSE Leap 15.6:mozjs52-52.6.0-150000.3.9.1.ppc64le",
"openSUSE Leap 15.6:mozjs52-52.6.0-150000.3.9.1.s390x",
"openSUSE Leap 15.6:mozjs52-52.6.0-150000.3.9.1.x86_64",
"openSUSE Leap 15.6:mozjs52-devel-52.6.0-150000.3.9.1.aarch64",
"openSUSE Leap 15.6:mozjs52-devel-52.6.0-150000.3.9.1.ppc64le",
"openSUSE Leap 15.6:mozjs52-devel-52.6.0-150000.3.9.1.s390x",
"openSUSE Leap 15.6:mozjs52-devel-52.6.0-150000.3.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-12-23T12:23:19Z",
"details": "moderate"
}
],
"title": "CVE-2024-50602"
}
]
}
SUSE-SU-2026:0044-1
Vulnerability from csaf_suse - Published: 2026-01-06 16:10 - Updated: 2026-01-06 16:10Summary
Security update for mozjs60
Severity
Moderate
Notes
Title of the patch: Security update for mozjs60
Description of the patch: This update for mozjs60 fixes the following issues:
- CVE-2024-45492: embedded expat: detect integer overflow in function nextScaffoldPart (bsc#1230038)
- CVE-2024-45491: embedded expat: detect integer overflow in dtdCopy (bsc#1230037)
- CVE-2024-45490: embedded expat: reject negative len for XML_ParseBuffer (bsc#1230036)
- CVE-2024-50602: libexpat: DoS via XML_ResumeParser (bsc#1232602)
Patchnames: SUSE-2026-44,SUSE-SLE-Micro-5.3-2026-44,SUSE-SLE-Micro-5.4-2026-44,SUSE-SLE-Module-Basesystem-15-SP7-2026-44,SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-44,SUSE-SUSE-MicroOS-5.2-2026-44,openSUSE-SLE-15.6-2026-44
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.2 (Medium)
Affected products
Recommended
29 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:libmozjs-60-60.9.0-150200.6.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:libmozjs-60-60.9.0-150200.6.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:libmozjs-60-60.9.0-150200.6.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:libmozjs-60-60.9.0-150200.6.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:libmozjs-60-60.9.0-150200.6.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:libmozjs-60-60.9.0-150200.6.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:libmozjs-60-60.9.0-150200.6.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:libmozjs-60-60.9.0-150200.6.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:libmozjs-60-60.9.0-150200.6.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:libmozjs-60-60.9.0-150200.6.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:libmozjs-60-60.9.0-150200.6.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:libmozjs-60-60.9.0-150200.6.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:libmozjs-60-60.9.0-150200.6.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP7:mozjs60-devel-60.9.0-150200.6.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP7:mozjs60-devel-60.9.0-150200.6.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP7:mozjs60-devel-60.9.0-150200.6.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP7:mozjs60-devel-60.9.0-150200.6.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libmozjs-60-60.9.0-150200.6.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libmozjs-60-60.9.0-150200.6.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libmozjs-60-60.9.0-150200.6.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libmozjs-60-60.9.0-150200.6.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs60-60.9.0-150200.6.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs60-60.9.0-150200.6.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs60-60.9.0-150200.6.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs60-60.9.0-150200.6.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs60-devel-60.9.0-150200.6.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs60-devel-60.9.0-150200.6.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs60-devel-60.9.0-150200.6.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs60-devel-60.9.0-150200.6.8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.2 (Medium)
Affected products
Recommended
29 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:libmozjs-60-60.9.0-150200.6.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:libmozjs-60-60.9.0-150200.6.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:libmozjs-60-60.9.0-150200.6.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:libmozjs-60-60.9.0-150200.6.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:libmozjs-60-60.9.0-150200.6.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:libmozjs-60-60.9.0-150200.6.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:libmozjs-60-60.9.0-150200.6.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:libmozjs-60-60.9.0-150200.6.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:libmozjs-60-60.9.0-150200.6.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:libmozjs-60-60.9.0-150200.6.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:libmozjs-60-60.9.0-150200.6.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:libmozjs-60-60.9.0-150200.6.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:libmozjs-60-60.9.0-150200.6.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP7:mozjs60-devel-60.9.0-150200.6.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP7:mozjs60-devel-60.9.0-150200.6.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP7:mozjs60-devel-60.9.0-150200.6.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP7:mozjs60-devel-60.9.0-150200.6.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libmozjs-60-60.9.0-150200.6.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libmozjs-60-60.9.0-150200.6.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libmozjs-60-60.9.0-150200.6.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libmozjs-60-60.9.0-150200.6.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs60-60.9.0-150200.6.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs60-60.9.0-150200.6.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs60-60.9.0-150200.6.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs60-60.9.0-150200.6.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs60-devel-60.9.0-150200.6.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs60-devel-60.9.0-150200.6.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs60-devel-60.9.0-150200.6.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs60-devel-60.9.0-150200.6.8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.2 (Medium)
Affected products
Recommended
29 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:libmozjs-60-60.9.0-150200.6.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:libmozjs-60-60.9.0-150200.6.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:libmozjs-60-60.9.0-150200.6.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:libmozjs-60-60.9.0-150200.6.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:libmozjs-60-60.9.0-150200.6.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:libmozjs-60-60.9.0-150200.6.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:libmozjs-60-60.9.0-150200.6.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:libmozjs-60-60.9.0-150200.6.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:libmozjs-60-60.9.0-150200.6.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:libmozjs-60-60.9.0-150200.6.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:libmozjs-60-60.9.0-150200.6.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:libmozjs-60-60.9.0-150200.6.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:libmozjs-60-60.9.0-150200.6.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP7:mozjs60-devel-60.9.0-150200.6.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP7:mozjs60-devel-60.9.0-150200.6.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP7:mozjs60-devel-60.9.0-150200.6.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP7:mozjs60-devel-60.9.0-150200.6.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libmozjs-60-60.9.0-150200.6.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libmozjs-60-60.9.0-150200.6.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libmozjs-60-60.9.0-150200.6.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libmozjs-60-60.9.0-150200.6.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs60-60.9.0-150200.6.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs60-60.9.0-150200.6.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs60-60.9.0-150200.6.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs60-60.9.0-150200.6.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs60-devel-60.9.0-150200.6.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs60-devel-60.9.0-150200.6.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs60-devel-60.9.0-150200.6.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs60-devel-60.9.0-150200.6.8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.9 (Medium)
Affected products
Recommended
29 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:libmozjs-60-60.9.0-150200.6.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:libmozjs-60-60.9.0-150200.6.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:libmozjs-60-60.9.0-150200.6.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:libmozjs-60-60.9.0-150200.6.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:libmozjs-60-60.9.0-150200.6.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:libmozjs-60-60.9.0-150200.6.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:libmozjs-60-60.9.0-150200.6.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:libmozjs-60-60.9.0-150200.6.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:libmozjs-60-60.9.0-150200.6.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:libmozjs-60-60.9.0-150200.6.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:libmozjs-60-60.9.0-150200.6.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:libmozjs-60-60.9.0-150200.6.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:libmozjs-60-60.9.0-150200.6.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP7:mozjs60-devel-60.9.0-150200.6.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP7:mozjs60-devel-60.9.0-150200.6.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP7:mozjs60-devel-60.9.0-150200.6.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP7:mozjs60-devel-60.9.0-150200.6.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libmozjs-60-60.9.0-150200.6.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libmozjs-60-60.9.0-150200.6.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libmozjs-60-60.9.0-150200.6.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libmozjs-60-60.9.0-150200.6.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs60-60.9.0-150200.6.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs60-60.9.0-150200.6.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs60-60.9.0-150200.6.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs60-60.9.0-150200.6.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs60-devel-60.9.0-150200.6.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs60-devel-60.9.0-150200.6.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs60-devel-60.9.0-150200.6.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:mozjs60-devel-60.9.0-150200.6.8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
24 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for mozjs60",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for mozjs60 fixes the following issues:\n\n- CVE-2024-45492: embedded expat: detect integer overflow in function nextScaffoldPart (bsc#1230038)\n- CVE-2024-45491: embedded expat: detect integer overflow in dtdCopy (bsc#1230037)\n- CVE-2024-45490: embedded expat: reject negative len for XML_ParseBuffer (bsc#1230036)\n- CVE-2024-50602: libexpat: DoS via XML_ResumeParser (bsc#1232602)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-44,SUSE-SLE-Micro-5.3-2026-44,SUSE-SLE-Micro-5.4-2026-44,SUSE-SLE-Module-Basesystem-15-SP7-2026-44,SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-44,SUSE-SUSE-MicroOS-5.2-2026-44,openSUSE-SLE-15.6-2026-44",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_0044-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:0044-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20260044-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:0044-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023693.html"
},
{
"category": "self",
"summary": "SUSE Bug 1230036",
"url": "https://bugzilla.suse.com/1230036"
},
{
"category": "self",
"summary": "SUSE Bug 1230037",
"url": "https://bugzilla.suse.com/1230037"
},
{
"category": "self",
"summary": "SUSE Bug 1230038",
"url": "https://bugzilla.suse.com/1230038"
},
{
"category": "self",
"summary": "SUSE Bug 1232602",
"url": "https://bugzilla.suse.com/1232602"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45490 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45490/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45491 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45491/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45492 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45492/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50602 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50602/"
}
],
"title": "Security update for mozjs60",
"tracking": {
"current_release_date": "2026-01-06T16:10:16Z",
"generator": {
"date": "2026-01-06T16:10:16Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:0044-1",
"initial_release_date": "2026-01-06T16:10:16Z",
"revision_history": [
{
"date": "2026-01-06T16:10:16Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libmozjs-60-60.9.0-150200.6.8.1.aarch64",
"product": {
"name": "libmozjs-60-60.9.0-150200.6.8.1.aarch64",
"product_id": "libmozjs-60-60.9.0-150200.6.8.1.aarch64"
}
},
{
"category": "product_version",
"name": "mozjs60-60.9.0-150200.6.8.1.aarch64",
"product": {
"name": "mozjs60-60.9.0-150200.6.8.1.aarch64",
"product_id": "mozjs60-60.9.0-150200.6.8.1.aarch64"
}
},
{
"category": "product_version",
"name": "mozjs60-devel-60.9.0-150200.6.8.1.aarch64",
"product": {
"name": "mozjs60-devel-60.9.0-150200.6.8.1.aarch64",
"product_id": "mozjs60-devel-60.9.0-150200.6.8.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libmozjs-60-60.9.0-150200.6.8.1.i686",
"product": {
"name": "libmozjs-60-60.9.0-150200.6.8.1.i686",
"product_id": "libmozjs-60-60.9.0-150200.6.8.1.i686"
}
},
{
"category": "product_version",
"name": "mozjs60-60.9.0-150200.6.8.1.i686",
"product": {
"name": "mozjs60-60.9.0-150200.6.8.1.i686",
"product_id": "mozjs60-60.9.0-150200.6.8.1.i686"
}
},
{
"category": "product_version",
"name": "mozjs60-devel-60.9.0-150200.6.8.1.i686",
"product": {
"name": "mozjs60-devel-60.9.0-150200.6.8.1.i686",
"product_id": "mozjs60-devel-60.9.0-150200.6.8.1.i686"
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libmozjs-60-60.9.0-150200.6.8.1.ppc64le",
"product": {
"name": "libmozjs-60-60.9.0-150200.6.8.1.ppc64le",
"product_id": "libmozjs-60-60.9.0-150200.6.8.1.ppc64le"
}
},
{
"category": "product_version",
"name": "mozjs60-60.9.0-150200.6.8.1.ppc64le",
"product": {
"name": "mozjs60-60.9.0-150200.6.8.1.ppc64le",
"product_id": "mozjs60-60.9.0-150200.6.8.1.ppc64le"
}
},
{
"category": "product_version",
"name": "mozjs60-devel-60.9.0-150200.6.8.1.ppc64le",
"product": {
"name": "mozjs60-devel-60.9.0-150200.6.8.1.ppc64le",
"product_id": "mozjs60-devel-60.9.0-150200.6.8.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libmozjs-60-60.9.0-150200.6.8.1.s390x",
"product": {
"name": "libmozjs-60-60.9.0-150200.6.8.1.s390x",
"product_id": "libmozjs-60-60.9.0-150200.6.8.1.s390x"
}
},
{
"category": "product_version",
"name": "mozjs60-60.9.0-150200.6.8.1.s390x",
"product": {
"name": "mozjs60-60.9.0-150200.6.8.1.s390x",
"product_id": "mozjs60-60.9.0-150200.6.8.1.s390x"
}
},
{
"category": "product_version",
"name": "mozjs60-devel-60.9.0-150200.6.8.1.s390x",
"product": {
"name": "mozjs60-devel-60.9.0-150200.6.8.1.s390x",
"product_id": "mozjs60-devel-60.9.0-150200.6.8.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libmozjs-60-60.9.0-150200.6.8.1.x86_64",
"product": {
"name": "libmozjs-60-60.9.0-150200.6.8.1.x86_64",
"product_id": "libmozjs-60-60.9.0-150200.6.8.1.x86_64"
}
},
{
"category": "product_version",
"name": "mozjs60-60.9.0-150200.6.8.1.x86_64",
"product": {
"name": "mozjs60-60.9.0-150200.6.8.1.x86_64",
"product_id": "mozjs60-60.9.0-150200.6.8.1.x86_64"
}
},
{
"category": "product_version",
"name": "mozjs60-devel-60.9.0-150200.6.8.1.x86_64",
"product": {
"name": "mozjs60-devel-60.9.0-150200.6.8.1.x86_64",
"product_id": "mozjs60-devel-60.9.0-150200.6.8.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.3",
"product": {
"name": "SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.4",
"product": {
"name": "SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Desktop Applications 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Desktop Applications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-desktop-applications:15:sp7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.2",
"product": {
"name": "SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.2"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libmozjs-60-60.9.0-150200.6.8.1.aarch64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:libmozjs-60-60.9.0-150200.6.8.1.aarch64"
},
"product_reference": "libmozjs-60-60.9.0-150200.6.8.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmozjs-60-60.9.0-150200.6.8.1.s390x as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:libmozjs-60-60.9.0-150200.6.8.1.s390x"
},
"product_reference": "libmozjs-60-60.9.0-150200.6.8.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmozjs-60-60.9.0-150200.6.8.1.x86_64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:libmozjs-60-60.9.0-150200.6.8.1.x86_64"
},
"product_reference": "libmozjs-60-60.9.0-150200.6.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmozjs-60-60.9.0-150200.6.8.1.aarch64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:libmozjs-60-60.9.0-150200.6.8.1.aarch64"
},
"product_reference": "libmozjs-60-60.9.0-150200.6.8.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmozjs-60-60.9.0-150200.6.8.1.s390x as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:libmozjs-60-60.9.0-150200.6.8.1.s390x"
},
"product_reference": "libmozjs-60-60.9.0-150200.6.8.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmozjs-60-60.9.0-150200.6.8.1.x86_64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:libmozjs-60-60.9.0-150200.6.8.1.x86_64"
},
"product_reference": "libmozjs-60-60.9.0-150200.6.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmozjs-60-60.9.0-150200.6.8.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libmozjs-60-60.9.0-150200.6.8.1.aarch64"
},
"product_reference": "libmozjs-60-60.9.0-150200.6.8.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmozjs-60-60.9.0-150200.6.8.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libmozjs-60-60.9.0-150200.6.8.1.ppc64le"
},
"product_reference": "libmozjs-60-60.9.0-150200.6.8.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmozjs-60-60.9.0-150200.6.8.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libmozjs-60-60.9.0-150200.6.8.1.s390x"
},
"product_reference": "libmozjs-60-60.9.0-150200.6.8.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmozjs-60-60.9.0-150200.6.8.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libmozjs-60-60.9.0-150200.6.8.1.x86_64"
},
"product_reference": "libmozjs-60-60.9.0-150200.6.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozjs60-devel-60.9.0-150200.6.8.1.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP7:mozjs60-devel-60.9.0-150200.6.8.1.aarch64"
},
"product_reference": "mozjs60-devel-60.9.0-150200.6.8.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozjs60-devel-60.9.0-150200.6.8.1.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP7:mozjs60-devel-60.9.0-150200.6.8.1.ppc64le"
},
"product_reference": "mozjs60-devel-60.9.0-150200.6.8.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozjs60-devel-60.9.0-150200.6.8.1.s390x as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP7:mozjs60-devel-60.9.0-150200.6.8.1.s390x"
},
"product_reference": "mozjs60-devel-60.9.0-150200.6.8.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozjs60-devel-60.9.0-150200.6.8.1.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP7:mozjs60-devel-60.9.0-150200.6.8.1.x86_64"
},
"product_reference": "mozjs60-devel-60.9.0-150200.6.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmozjs-60-60.9.0-150200.6.8.1.aarch64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:libmozjs-60-60.9.0-150200.6.8.1.aarch64"
},
"product_reference": "libmozjs-60-60.9.0-150200.6.8.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmozjs-60-60.9.0-150200.6.8.1.s390x as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:libmozjs-60-60.9.0-150200.6.8.1.s390x"
},
"product_reference": "libmozjs-60-60.9.0-150200.6.8.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmozjs-60-60.9.0-150200.6.8.1.x86_64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:libmozjs-60-60.9.0-150200.6.8.1.x86_64"
},
"product_reference": "libmozjs-60-60.9.0-150200.6.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmozjs-60-60.9.0-150200.6.8.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libmozjs-60-60.9.0-150200.6.8.1.aarch64"
},
"product_reference": "libmozjs-60-60.9.0-150200.6.8.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmozjs-60-60.9.0-150200.6.8.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libmozjs-60-60.9.0-150200.6.8.1.ppc64le"
},
"product_reference": "libmozjs-60-60.9.0-150200.6.8.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmozjs-60-60.9.0-150200.6.8.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libmozjs-60-60.9.0-150200.6.8.1.s390x"
},
"product_reference": "libmozjs-60-60.9.0-150200.6.8.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmozjs-60-60.9.0-150200.6.8.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libmozjs-60-60.9.0-150200.6.8.1.x86_64"
},
"product_reference": "libmozjs-60-60.9.0-150200.6.8.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozjs60-60.9.0-150200.6.8.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:mozjs60-60.9.0-150200.6.8.1.aarch64"
},
"product_reference": "mozjs60-60.9.0-150200.6.8.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozjs60-60.9.0-150200.6.8.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:mozjs60-60.9.0-150200.6.8.1.ppc64le"
},
"product_reference": "mozjs60-60.9.0-150200.6.8.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozjs60-60.9.0-150200.6.8.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:mozjs60-60.9.0-150200.6.8.1.s390x"
},
"product_reference": "mozjs60-60.9.0-150200.6.8.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozjs60-60.9.0-150200.6.8.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:mozjs60-60.9.0-150200.6.8.1.x86_64"
},
"product_reference": "mozjs60-60.9.0-150200.6.8.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozjs60-devel-60.9.0-150200.6.8.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:mozjs60-devel-60.9.0-150200.6.8.1.aarch64"
},
"product_reference": "mozjs60-devel-60.9.0-150200.6.8.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozjs60-devel-60.9.0-150200.6.8.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:mozjs60-devel-60.9.0-150200.6.8.1.ppc64le"
},
"product_reference": "mozjs60-devel-60.9.0-150200.6.8.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozjs60-devel-60.9.0-150200.6.8.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:mozjs60-devel-60.9.0-150200.6.8.1.s390x"
},
"product_reference": "mozjs60-devel-60.9.0-150200.6.8.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozjs60-devel-60.9.0-150200.6.8.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:mozjs60-devel-60.9.0-150200.6.8.1.x86_64"
},
"product_reference": "mozjs60-devel-60.9.0-150200.6.8.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-45490",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45490"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.2:libmozjs-60-60.9.0-150200.6.8.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libmozjs-60-60.9.0-150200.6.8.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libmozjs-60-60.9.0-150200.6.8.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libmozjs-60-60.9.0-150200.6.8.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libmozjs-60-60.9.0-150200.6.8.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libmozjs-60-60.9.0-150200.6.8.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libmozjs-60-60.9.0-150200.6.8.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libmozjs-60-60.9.0-150200.6.8.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libmozjs-60-60.9.0-150200.6.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libmozjs-60-60.9.0-150200.6.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libmozjs-60-60.9.0-150200.6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libmozjs-60-60.9.0-150200.6.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libmozjs-60-60.9.0-150200.6.8.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:mozjs60-devel-60.9.0-150200.6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:mozjs60-devel-60.9.0-150200.6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:mozjs60-devel-60.9.0-150200.6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:mozjs60-devel-60.9.0-150200.6.8.1.x86_64",
"openSUSE Leap 15.6:libmozjs-60-60.9.0-150200.6.8.1.aarch64",
"openSUSE Leap 15.6:libmozjs-60-60.9.0-150200.6.8.1.ppc64le",
"openSUSE Leap 15.6:libmozjs-60-60.9.0-150200.6.8.1.s390x",
"openSUSE Leap 15.6:libmozjs-60-60.9.0-150200.6.8.1.x86_64",
"openSUSE Leap 15.6:mozjs60-60.9.0-150200.6.8.1.aarch64",
"openSUSE Leap 15.6:mozjs60-60.9.0-150200.6.8.1.ppc64le",
"openSUSE Leap 15.6:mozjs60-60.9.0-150200.6.8.1.s390x",
"openSUSE Leap 15.6:mozjs60-60.9.0-150200.6.8.1.x86_64",
"openSUSE Leap 15.6:mozjs60-devel-60.9.0-150200.6.8.1.aarch64",
"openSUSE Leap 15.6:mozjs60-devel-60.9.0-150200.6.8.1.ppc64le",
"openSUSE Leap 15.6:mozjs60-devel-60.9.0-150200.6.8.1.s390x",
"openSUSE Leap 15.6:mozjs60-devel-60.9.0-150200.6.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45490",
"url": "https://www.suse.com/security/cve/CVE-2024-45490"
},
{
"category": "external",
"summary": "SUSE Bug 1229930 for CVE-2024-45490",
"url": "https://bugzilla.suse.com/1229930"
},
{
"category": "external",
"summary": "SUSE Bug 1229962 for CVE-2024-45490",
"url": "https://bugzilla.suse.com/1229962"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.2:libmozjs-60-60.9.0-150200.6.8.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libmozjs-60-60.9.0-150200.6.8.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libmozjs-60-60.9.0-150200.6.8.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libmozjs-60-60.9.0-150200.6.8.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libmozjs-60-60.9.0-150200.6.8.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libmozjs-60-60.9.0-150200.6.8.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libmozjs-60-60.9.0-150200.6.8.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libmozjs-60-60.9.0-150200.6.8.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libmozjs-60-60.9.0-150200.6.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libmozjs-60-60.9.0-150200.6.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libmozjs-60-60.9.0-150200.6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libmozjs-60-60.9.0-150200.6.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libmozjs-60-60.9.0-150200.6.8.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:mozjs60-devel-60.9.0-150200.6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:mozjs60-devel-60.9.0-150200.6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:mozjs60-devel-60.9.0-150200.6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:mozjs60-devel-60.9.0-150200.6.8.1.x86_64",
"openSUSE Leap 15.6:libmozjs-60-60.9.0-150200.6.8.1.aarch64",
"openSUSE Leap 15.6:libmozjs-60-60.9.0-150200.6.8.1.ppc64le",
"openSUSE Leap 15.6:libmozjs-60-60.9.0-150200.6.8.1.s390x",
"openSUSE Leap 15.6:libmozjs-60-60.9.0-150200.6.8.1.x86_64",
"openSUSE Leap 15.6:mozjs60-60.9.0-150200.6.8.1.aarch64",
"openSUSE Leap 15.6:mozjs60-60.9.0-150200.6.8.1.ppc64le",
"openSUSE Leap 15.6:mozjs60-60.9.0-150200.6.8.1.s390x",
"openSUSE Leap 15.6:mozjs60-60.9.0-150200.6.8.1.x86_64",
"openSUSE Leap 15.6:mozjs60-devel-60.9.0-150200.6.8.1.aarch64",
"openSUSE Leap 15.6:mozjs60-devel-60.9.0-150200.6.8.1.ppc64le",
"openSUSE Leap 15.6:mozjs60-devel-60.9.0-150200.6.8.1.s390x",
"openSUSE Leap 15.6:mozjs60-devel-60.9.0-150200.6.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.2:libmozjs-60-60.9.0-150200.6.8.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libmozjs-60-60.9.0-150200.6.8.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libmozjs-60-60.9.0-150200.6.8.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libmozjs-60-60.9.0-150200.6.8.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libmozjs-60-60.9.0-150200.6.8.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libmozjs-60-60.9.0-150200.6.8.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libmozjs-60-60.9.0-150200.6.8.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libmozjs-60-60.9.0-150200.6.8.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libmozjs-60-60.9.0-150200.6.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libmozjs-60-60.9.0-150200.6.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libmozjs-60-60.9.0-150200.6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libmozjs-60-60.9.0-150200.6.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libmozjs-60-60.9.0-150200.6.8.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:mozjs60-devel-60.9.0-150200.6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:mozjs60-devel-60.9.0-150200.6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:mozjs60-devel-60.9.0-150200.6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:mozjs60-devel-60.9.0-150200.6.8.1.x86_64",
"openSUSE Leap 15.6:libmozjs-60-60.9.0-150200.6.8.1.aarch64",
"openSUSE Leap 15.6:libmozjs-60-60.9.0-150200.6.8.1.ppc64le",
"openSUSE Leap 15.6:libmozjs-60-60.9.0-150200.6.8.1.s390x",
"openSUSE Leap 15.6:libmozjs-60-60.9.0-150200.6.8.1.x86_64",
"openSUSE Leap 15.6:mozjs60-60.9.0-150200.6.8.1.aarch64",
"openSUSE Leap 15.6:mozjs60-60.9.0-150200.6.8.1.ppc64le",
"openSUSE Leap 15.6:mozjs60-60.9.0-150200.6.8.1.s390x",
"openSUSE Leap 15.6:mozjs60-60.9.0-150200.6.8.1.x86_64",
"openSUSE Leap 15.6:mozjs60-devel-60.9.0-150200.6.8.1.aarch64",
"openSUSE Leap 15.6:mozjs60-devel-60.9.0-150200.6.8.1.ppc64le",
"openSUSE Leap 15.6:mozjs60-devel-60.9.0-150200.6.8.1.s390x",
"openSUSE Leap 15.6:mozjs60-devel-60.9.0-150200.6.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-06T16:10:16Z",
"details": "moderate"
}
],
"title": "CVE-2024-45490"
},
{
"cve": "CVE-2024-45491",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45491"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.2:libmozjs-60-60.9.0-150200.6.8.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libmozjs-60-60.9.0-150200.6.8.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libmozjs-60-60.9.0-150200.6.8.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libmozjs-60-60.9.0-150200.6.8.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libmozjs-60-60.9.0-150200.6.8.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libmozjs-60-60.9.0-150200.6.8.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libmozjs-60-60.9.0-150200.6.8.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libmozjs-60-60.9.0-150200.6.8.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libmozjs-60-60.9.0-150200.6.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libmozjs-60-60.9.0-150200.6.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libmozjs-60-60.9.0-150200.6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libmozjs-60-60.9.0-150200.6.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libmozjs-60-60.9.0-150200.6.8.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:mozjs60-devel-60.9.0-150200.6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:mozjs60-devel-60.9.0-150200.6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:mozjs60-devel-60.9.0-150200.6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:mozjs60-devel-60.9.0-150200.6.8.1.x86_64",
"openSUSE Leap 15.6:libmozjs-60-60.9.0-150200.6.8.1.aarch64",
"openSUSE Leap 15.6:libmozjs-60-60.9.0-150200.6.8.1.ppc64le",
"openSUSE Leap 15.6:libmozjs-60-60.9.0-150200.6.8.1.s390x",
"openSUSE Leap 15.6:libmozjs-60-60.9.0-150200.6.8.1.x86_64",
"openSUSE Leap 15.6:mozjs60-60.9.0-150200.6.8.1.aarch64",
"openSUSE Leap 15.6:mozjs60-60.9.0-150200.6.8.1.ppc64le",
"openSUSE Leap 15.6:mozjs60-60.9.0-150200.6.8.1.s390x",
"openSUSE Leap 15.6:mozjs60-60.9.0-150200.6.8.1.x86_64",
"openSUSE Leap 15.6:mozjs60-devel-60.9.0-150200.6.8.1.aarch64",
"openSUSE Leap 15.6:mozjs60-devel-60.9.0-150200.6.8.1.ppc64le",
"openSUSE Leap 15.6:mozjs60-devel-60.9.0-150200.6.8.1.s390x",
"openSUSE Leap 15.6:mozjs60-devel-60.9.0-150200.6.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45491",
"url": "https://www.suse.com/security/cve/CVE-2024-45491"
},
{
"category": "external",
"summary": "SUSE Bug 1229930 for CVE-2024-45491",
"url": "https://bugzilla.suse.com/1229930"
},
{
"category": "external",
"summary": "SUSE Bug 1229931 for CVE-2024-45491",
"url": "https://bugzilla.suse.com/1229931"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.2:libmozjs-60-60.9.0-150200.6.8.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libmozjs-60-60.9.0-150200.6.8.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libmozjs-60-60.9.0-150200.6.8.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libmozjs-60-60.9.0-150200.6.8.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libmozjs-60-60.9.0-150200.6.8.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libmozjs-60-60.9.0-150200.6.8.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libmozjs-60-60.9.0-150200.6.8.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libmozjs-60-60.9.0-150200.6.8.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libmozjs-60-60.9.0-150200.6.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libmozjs-60-60.9.0-150200.6.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libmozjs-60-60.9.0-150200.6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libmozjs-60-60.9.0-150200.6.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libmozjs-60-60.9.0-150200.6.8.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:mozjs60-devel-60.9.0-150200.6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:mozjs60-devel-60.9.0-150200.6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:mozjs60-devel-60.9.0-150200.6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:mozjs60-devel-60.9.0-150200.6.8.1.x86_64",
"openSUSE Leap 15.6:libmozjs-60-60.9.0-150200.6.8.1.aarch64",
"openSUSE Leap 15.6:libmozjs-60-60.9.0-150200.6.8.1.ppc64le",
"openSUSE Leap 15.6:libmozjs-60-60.9.0-150200.6.8.1.s390x",
"openSUSE Leap 15.6:libmozjs-60-60.9.0-150200.6.8.1.x86_64",
"openSUSE Leap 15.6:mozjs60-60.9.0-150200.6.8.1.aarch64",
"openSUSE Leap 15.6:mozjs60-60.9.0-150200.6.8.1.ppc64le",
"openSUSE Leap 15.6:mozjs60-60.9.0-150200.6.8.1.s390x",
"openSUSE Leap 15.6:mozjs60-60.9.0-150200.6.8.1.x86_64",
"openSUSE Leap 15.6:mozjs60-devel-60.9.0-150200.6.8.1.aarch64",
"openSUSE Leap 15.6:mozjs60-devel-60.9.0-150200.6.8.1.ppc64le",
"openSUSE Leap 15.6:mozjs60-devel-60.9.0-150200.6.8.1.s390x",
"openSUSE Leap 15.6:mozjs60-devel-60.9.0-150200.6.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.2:libmozjs-60-60.9.0-150200.6.8.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libmozjs-60-60.9.0-150200.6.8.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libmozjs-60-60.9.0-150200.6.8.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libmozjs-60-60.9.0-150200.6.8.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libmozjs-60-60.9.0-150200.6.8.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libmozjs-60-60.9.0-150200.6.8.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libmozjs-60-60.9.0-150200.6.8.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libmozjs-60-60.9.0-150200.6.8.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libmozjs-60-60.9.0-150200.6.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libmozjs-60-60.9.0-150200.6.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libmozjs-60-60.9.0-150200.6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libmozjs-60-60.9.0-150200.6.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libmozjs-60-60.9.0-150200.6.8.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:mozjs60-devel-60.9.0-150200.6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:mozjs60-devel-60.9.0-150200.6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:mozjs60-devel-60.9.0-150200.6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:mozjs60-devel-60.9.0-150200.6.8.1.x86_64",
"openSUSE Leap 15.6:libmozjs-60-60.9.0-150200.6.8.1.aarch64",
"openSUSE Leap 15.6:libmozjs-60-60.9.0-150200.6.8.1.ppc64le",
"openSUSE Leap 15.6:libmozjs-60-60.9.0-150200.6.8.1.s390x",
"openSUSE Leap 15.6:libmozjs-60-60.9.0-150200.6.8.1.x86_64",
"openSUSE Leap 15.6:mozjs60-60.9.0-150200.6.8.1.aarch64",
"openSUSE Leap 15.6:mozjs60-60.9.0-150200.6.8.1.ppc64le",
"openSUSE Leap 15.6:mozjs60-60.9.0-150200.6.8.1.s390x",
"openSUSE Leap 15.6:mozjs60-60.9.0-150200.6.8.1.x86_64",
"openSUSE Leap 15.6:mozjs60-devel-60.9.0-150200.6.8.1.aarch64",
"openSUSE Leap 15.6:mozjs60-devel-60.9.0-150200.6.8.1.ppc64le",
"openSUSE Leap 15.6:mozjs60-devel-60.9.0-150200.6.8.1.s390x",
"openSUSE Leap 15.6:mozjs60-devel-60.9.0-150200.6.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-06T16:10:16Z",
"details": "moderate"
}
],
"title": "CVE-2024-45491"
},
{
"cve": "CVE-2024-45492",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45492"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.2:libmozjs-60-60.9.0-150200.6.8.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libmozjs-60-60.9.0-150200.6.8.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libmozjs-60-60.9.0-150200.6.8.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libmozjs-60-60.9.0-150200.6.8.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libmozjs-60-60.9.0-150200.6.8.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libmozjs-60-60.9.0-150200.6.8.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libmozjs-60-60.9.0-150200.6.8.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libmozjs-60-60.9.0-150200.6.8.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libmozjs-60-60.9.0-150200.6.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libmozjs-60-60.9.0-150200.6.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libmozjs-60-60.9.0-150200.6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libmozjs-60-60.9.0-150200.6.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libmozjs-60-60.9.0-150200.6.8.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:mozjs60-devel-60.9.0-150200.6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:mozjs60-devel-60.9.0-150200.6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:mozjs60-devel-60.9.0-150200.6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:mozjs60-devel-60.9.0-150200.6.8.1.x86_64",
"openSUSE Leap 15.6:libmozjs-60-60.9.0-150200.6.8.1.aarch64",
"openSUSE Leap 15.6:libmozjs-60-60.9.0-150200.6.8.1.ppc64le",
"openSUSE Leap 15.6:libmozjs-60-60.9.0-150200.6.8.1.s390x",
"openSUSE Leap 15.6:libmozjs-60-60.9.0-150200.6.8.1.x86_64",
"openSUSE Leap 15.6:mozjs60-60.9.0-150200.6.8.1.aarch64",
"openSUSE Leap 15.6:mozjs60-60.9.0-150200.6.8.1.ppc64le",
"openSUSE Leap 15.6:mozjs60-60.9.0-150200.6.8.1.s390x",
"openSUSE Leap 15.6:mozjs60-60.9.0-150200.6.8.1.x86_64",
"openSUSE Leap 15.6:mozjs60-devel-60.9.0-150200.6.8.1.aarch64",
"openSUSE Leap 15.6:mozjs60-devel-60.9.0-150200.6.8.1.ppc64le",
"openSUSE Leap 15.6:mozjs60-devel-60.9.0-150200.6.8.1.s390x",
"openSUSE Leap 15.6:mozjs60-devel-60.9.0-150200.6.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45492",
"url": "https://www.suse.com/security/cve/CVE-2024-45492"
},
{
"category": "external",
"summary": "SUSE Bug 1229930 for CVE-2024-45492",
"url": "https://bugzilla.suse.com/1229930"
},
{
"category": "external",
"summary": "SUSE Bug 1229932 for CVE-2024-45492",
"url": "https://bugzilla.suse.com/1229932"
},
{
"category": "external",
"summary": "SUSE Bug 1229964 for CVE-2024-45492",
"url": "https://bugzilla.suse.com/1229964"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.2:libmozjs-60-60.9.0-150200.6.8.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libmozjs-60-60.9.0-150200.6.8.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libmozjs-60-60.9.0-150200.6.8.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libmozjs-60-60.9.0-150200.6.8.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libmozjs-60-60.9.0-150200.6.8.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libmozjs-60-60.9.0-150200.6.8.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libmozjs-60-60.9.0-150200.6.8.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libmozjs-60-60.9.0-150200.6.8.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libmozjs-60-60.9.0-150200.6.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libmozjs-60-60.9.0-150200.6.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libmozjs-60-60.9.0-150200.6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libmozjs-60-60.9.0-150200.6.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libmozjs-60-60.9.0-150200.6.8.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:mozjs60-devel-60.9.0-150200.6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:mozjs60-devel-60.9.0-150200.6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:mozjs60-devel-60.9.0-150200.6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:mozjs60-devel-60.9.0-150200.6.8.1.x86_64",
"openSUSE Leap 15.6:libmozjs-60-60.9.0-150200.6.8.1.aarch64",
"openSUSE Leap 15.6:libmozjs-60-60.9.0-150200.6.8.1.ppc64le",
"openSUSE Leap 15.6:libmozjs-60-60.9.0-150200.6.8.1.s390x",
"openSUSE Leap 15.6:libmozjs-60-60.9.0-150200.6.8.1.x86_64",
"openSUSE Leap 15.6:mozjs60-60.9.0-150200.6.8.1.aarch64",
"openSUSE Leap 15.6:mozjs60-60.9.0-150200.6.8.1.ppc64le",
"openSUSE Leap 15.6:mozjs60-60.9.0-150200.6.8.1.s390x",
"openSUSE Leap 15.6:mozjs60-60.9.0-150200.6.8.1.x86_64",
"openSUSE Leap 15.6:mozjs60-devel-60.9.0-150200.6.8.1.aarch64",
"openSUSE Leap 15.6:mozjs60-devel-60.9.0-150200.6.8.1.ppc64le",
"openSUSE Leap 15.6:mozjs60-devel-60.9.0-150200.6.8.1.s390x",
"openSUSE Leap 15.6:mozjs60-devel-60.9.0-150200.6.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.2:libmozjs-60-60.9.0-150200.6.8.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libmozjs-60-60.9.0-150200.6.8.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libmozjs-60-60.9.0-150200.6.8.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libmozjs-60-60.9.0-150200.6.8.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libmozjs-60-60.9.0-150200.6.8.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libmozjs-60-60.9.0-150200.6.8.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libmozjs-60-60.9.0-150200.6.8.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libmozjs-60-60.9.0-150200.6.8.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libmozjs-60-60.9.0-150200.6.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libmozjs-60-60.9.0-150200.6.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libmozjs-60-60.9.0-150200.6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libmozjs-60-60.9.0-150200.6.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libmozjs-60-60.9.0-150200.6.8.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:mozjs60-devel-60.9.0-150200.6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:mozjs60-devel-60.9.0-150200.6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:mozjs60-devel-60.9.0-150200.6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:mozjs60-devel-60.9.0-150200.6.8.1.x86_64",
"openSUSE Leap 15.6:libmozjs-60-60.9.0-150200.6.8.1.aarch64",
"openSUSE Leap 15.6:libmozjs-60-60.9.0-150200.6.8.1.ppc64le",
"openSUSE Leap 15.6:libmozjs-60-60.9.0-150200.6.8.1.s390x",
"openSUSE Leap 15.6:libmozjs-60-60.9.0-150200.6.8.1.x86_64",
"openSUSE Leap 15.6:mozjs60-60.9.0-150200.6.8.1.aarch64",
"openSUSE Leap 15.6:mozjs60-60.9.0-150200.6.8.1.ppc64le",
"openSUSE Leap 15.6:mozjs60-60.9.0-150200.6.8.1.s390x",
"openSUSE Leap 15.6:mozjs60-60.9.0-150200.6.8.1.x86_64",
"openSUSE Leap 15.6:mozjs60-devel-60.9.0-150200.6.8.1.aarch64",
"openSUSE Leap 15.6:mozjs60-devel-60.9.0-150200.6.8.1.ppc64le",
"openSUSE Leap 15.6:mozjs60-devel-60.9.0-150200.6.8.1.s390x",
"openSUSE Leap 15.6:mozjs60-devel-60.9.0-150200.6.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-06T16:10:16Z",
"details": "moderate"
}
],
"title": "CVE-2024-45492"
},
{
"cve": "CVE-2024-50602",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50602"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.2:libmozjs-60-60.9.0-150200.6.8.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libmozjs-60-60.9.0-150200.6.8.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libmozjs-60-60.9.0-150200.6.8.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libmozjs-60-60.9.0-150200.6.8.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libmozjs-60-60.9.0-150200.6.8.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libmozjs-60-60.9.0-150200.6.8.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libmozjs-60-60.9.0-150200.6.8.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libmozjs-60-60.9.0-150200.6.8.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libmozjs-60-60.9.0-150200.6.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libmozjs-60-60.9.0-150200.6.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libmozjs-60-60.9.0-150200.6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libmozjs-60-60.9.0-150200.6.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libmozjs-60-60.9.0-150200.6.8.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:mozjs60-devel-60.9.0-150200.6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:mozjs60-devel-60.9.0-150200.6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:mozjs60-devel-60.9.0-150200.6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:mozjs60-devel-60.9.0-150200.6.8.1.x86_64",
"openSUSE Leap 15.6:libmozjs-60-60.9.0-150200.6.8.1.aarch64",
"openSUSE Leap 15.6:libmozjs-60-60.9.0-150200.6.8.1.ppc64le",
"openSUSE Leap 15.6:libmozjs-60-60.9.0-150200.6.8.1.s390x",
"openSUSE Leap 15.6:libmozjs-60-60.9.0-150200.6.8.1.x86_64",
"openSUSE Leap 15.6:mozjs60-60.9.0-150200.6.8.1.aarch64",
"openSUSE Leap 15.6:mozjs60-60.9.0-150200.6.8.1.ppc64le",
"openSUSE Leap 15.6:mozjs60-60.9.0-150200.6.8.1.s390x",
"openSUSE Leap 15.6:mozjs60-60.9.0-150200.6.8.1.x86_64",
"openSUSE Leap 15.6:mozjs60-devel-60.9.0-150200.6.8.1.aarch64",
"openSUSE Leap 15.6:mozjs60-devel-60.9.0-150200.6.8.1.ppc64le",
"openSUSE Leap 15.6:mozjs60-devel-60.9.0-150200.6.8.1.s390x",
"openSUSE Leap 15.6:mozjs60-devel-60.9.0-150200.6.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50602",
"url": "https://www.suse.com/security/cve/CVE-2024-50602"
},
{
"category": "external",
"summary": "SUSE Bug 1232579 for CVE-2024-50602",
"url": "https://bugzilla.suse.com/1232579"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.2:libmozjs-60-60.9.0-150200.6.8.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libmozjs-60-60.9.0-150200.6.8.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libmozjs-60-60.9.0-150200.6.8.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libmozjs-60-60.9.0-150200.6.8.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libmozjs-60-60.9.0-150200.6.8.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libmozjs-60-60.9.0-150200.6.8.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libmozjs-60-60.9.0-150200.6.8.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libmozjs-60-60.9.0-150200.6.8.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libmozjs-60-60.9.0-150200.6.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libmozjs-60-60.9.0-150200.6.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libmozjs-60-60.9.0-150200.6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libmozjs-60-60.9.0-150200.6.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libmozjs-60-60.9.0-150200.6.8.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:mozjs60-devel-60.9.0-150200.6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:mozjs60-devel-60.9.0-150200.6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:mozjs60-devel-60.9.0-150200.6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:mozjs60-devel-60.9.0-150200.6.8.1.x86_64",
"openSUSE Leap 15.6:libmozjs-60-60.9.0-150200.6.8.1.aarch64",
"openSUSE Leap 15.6:libmozjs-60-60.9.0-150200.6.8.1.ppc64le",
"openSUSE Leap 15.6:libmozjs-60-60.9.0-150200.6.8.1.s390x",
"openSUSE Leap 15.6:libmozjs-60-60.9.0-150200.6.8.1.x86_64",
"openSUSE Leap 15.6:mozjs60-60.9.0-150200.6.8.1.aarch64",
"openSUSE Leap 15.6:mozjs60-60.9.0-150200.6.8.1.ppc64le",
"openSUSE Leap 15.6:mozjs60-60.9.0-150200.6.8.1.s390x",
"openSUSE Leap 15.6:mozjs60-60.9.0-150200.6.8.1.x86_64",
"openSUSE Leap 15.6:mozjs60-devel-60.9.0-150200.6.8.1.aarch64",
"openSUSE Leap 15.6:mozjs60-devel-60.9.0-150200.6.8.1.ppc64le",
"openSUSE Leap 15.6:mozjs60-devel-60.9.0-150200.6.8.1.s390x",
"openSUSE Leap 15.6:mozjs60-devel-60.9.0-150200.6.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.2:libmozjs-60-60.9.0-150200.6.8.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libmozjs-60-60.9.0-150200.6.8.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libmozjs-60-60.9.0-150200.6.8.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libmozjs-60-60.9.0-150200.6.8.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libmozjs-60-60.9.0-150200.6.8.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libmozjs-60-60.9.0-150200.6.8.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libmozjs-60-60.9.0-150200.6.8.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libmozjs-60-60.9.0-150200.6.8.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libmozjs-60-60.9.0-150200.6.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libmozjs-60-60.9.0-150200.6.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libmozjs-60-60.9.0-150200.6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libmozjs-60-60.9.0-150200.6.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libmozjs-60-60.9.0-150200.6.8.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:mozjs60-devel-60.9.0-150200.6.8.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:mozjs60-devel-60.9.0-150200.6.8.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:mozjs60-devel-60.9.0-150200.6.8.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:mozjs60-devel-60.9.0-150200.6.8.1.x86_64",
"openSUSE Leap 15.6:libmozjs-60-60.9.0-150200.6.8.1.aarch64",
"openSUSE Leap 15.6:libmozjs-60-60.9.0-150200.6.8.1.ppc64le",
"openSUSE Leap 15.6:libmozjs-60-60.9.0-150200.6.8.1.s390x",
"openSUSE Leap 15.6:libmozjs-60-60.9.0-150200.6.8.1.x86_64",
"openSUSE Leap 15.6:mozjs60-60.9.0-150200.6.8.1.aarch64",
"openSUSE Leap 15.6:mozjs60-60.9.0-150200.6.8.1.ppc64le",
"openSUSE Leap 15.6:mozjs60-60.9.0-150200.6.8.1.s390x",
"openSUSE Leap 15.6:mozjs60-60.9.0-150200.6.8.1.x86_64",
"openSUSE Leap 15.6:mozjs60-devel-60.9.0-150200.6.8.1.aarch64",
"openSUSE Leap 15.6:mozjs60-devel-60.9.0-150200.6.8.1.ppc64le",
"openSUSE Leap 15.6:mozjs60-devel-60.9.0-150200.6.8.1.s390x",
"openSUSE Leap 15.6:mozjs60-devel-60.9.0-150200.6.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-06T16:10:16Z",
"details": "moderate"
}
],
"title": "CVE-2024-50602"
}
]
}
WID-SEC-W-2024-1951
Vulnerability from csaf_certbund - Published: 2024-08-29 22:00 - Updated: 2026-01-06 23:00Summary
expat: Mehrere Schwachstellen ermöglichen Denial of Service
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Expat ist ein XML Parser, der in der Programmiersprache-C geschrieben ist.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in expat ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme: - Sonstiges
- UNIX
Affected products
Known affected
42 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
NetApp ActiveIQ Unified Manager for VMware vSphere
NetApp / ActiveIQ Unified Manager
|
cpe:/a:netapp:active_iq_unified_manager:for_vmware_vsphere
|
for VMware vSphere | |
|
OpenBSD OpenBSD 7.4
OpenBSD / OpenBSD
|
cpe:/a:openbsd:openbsd:7.4
|
7.4 | |
|
Red Hat OpenShift Logging Subsystem 5.9.7
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:logging_subsystem_5.9.7
|
Logging Subsystem 5.9.7 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM Tivoli Network Manager
IBM
|
cpe:/a:ibm:tivoli_network_manager:ip_edition
|
— | |
|
HCL Commerce
HCL
|
cpe:/a:hcltechsw:commerce:-
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Tenable Security Nessus <10.8.3
Tenable Security / Nessus
|
<10.8.3 | ||
|
IBM QRadar SIEM <7.5.0 UP10 IF01
IBM / QRadar SIEM
|
<7.5.0 UP10 IF01 | ||
|
IBM AIX 7.3
IBM / AIX
|
cpe:/o:ibm:aix:7.3
|
7.3 | |
|
Open Source expat <2.6.3
Open Source / expat
|
<2.6.3 | ||
|
Juniper Junos Space <24.1R2
Juniper / Junos Space
|
<24.1R2 | ||
|
Dell PowerScale OneFS OneFS <9.5.1.2
Dell / PowerScale OneFS
|
OneFS <9.5.1.2 | ||
|
Dell integrated Dell Remote Access Controller <7.00.00.181
Dell / integrated Dell Remote Access Controller
|
<7.00.00.181 | ||
|
Red Hat JBoss Core Services <2.4.62
Red Hat / JBoss Core Services
|
<2.4.62 | ||
|
Dell integrated Dell Remote Access Controller <7.20.30.50
Dell / integrated Dell Remote Access Controller
|
<7.20.30.50 | ||
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Siemens SIMATIC S7 1500 CPU
Siemens / SIMATIC S7
|
cpe:/h:siemens:simatic_s7:1500_cpu
|
1500 CPU | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 | ||
|
Dell PowerScale OneFS OneFS
Dell / PowerScale OneFS
|
cpe:/a:dell:powerscale_onefs:onefs
|
OneFS | |
|
Tenable Security Nessus Network Monitor <6.5.0
Tenable Security / Nessus Network Monitor
|
<6.5.0 | ||
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Tenable Security Nessus Agent <10.7.2
Tenable Security / Nessus
|
Agent <10.7.2 | ||
|
Tenable Security Nessus <10.7.6
Tenable Security / Nessus
|
<10.7.6 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.17.5
Red Hat / OpenShift
|
Container Platform <4.17.5 | ||
|
NetApp Data ONTAP 9
NetApp / Data ONTAP
|
cpe:/a:netapp:data_ontap:9
|
9 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— | |
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Broadcom Brocade SANnav
Broadcom
|
cpe:/a:broadcom:brocade_sannav:-
|
— | |
|
IBM DB2 10.5
IBM / DB2
|
cpe:/a:ibm:db2:10.5
|
10.5 | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Hitachi Energy RTU500
Hitachi Energy
|
cpe:/h:abb:rtu500:-
|
— |
Affected products
Known affected
42 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
NetApp ActiveIQ Unified Manager for VMware vSphere
NetApp / ActiveIQ Unified Manager
|
cpe:/a:netapp:active_iq_unified_manager:for_vmware_vsphere
|
for VMware vSphere | |
|
OpenBSD OpenBSD 7.4
OpenBSD / OpenBSD
|
cpe:/a:openbsd:openbsd:7.4
|
7.4 | |
|
Red Hat OpenShift Logging Subsystem 5.9.7
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:logging_subsystem_5.9.7
|
Logging Subsystem 5.9.7 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM Tivoli Network Manager
IBM
|
cpe:/a:ibm:tivoli_network_manager:ip_edition
|
— | |
|
HCL Commerce
HCL
|
cpe:/a:hcltechsw:commerce:-
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Tenable Security Nessus <10.8.3
Tenable Security / Nessus
|
<10.8.3 | ||
|
IBM QRadar SIEM <7.5.0 UP10 IF01
IBM / QRadar SIEM
|
<7.5.0 UP10 IF01 | ||
|
IBM AIX 7.3
IBM / AIX
|
cpe:/o:ibm:aix:7.3
|
7.3 | |
|
Open Source expat <2.6.3
Open Source / expat
|
<2.6.3 | ||
|
Juniper Junos Space <24.1R2
Juniper / Junos Space
|
<24.1R2 | ||
|
Dell PowerScale OneFS OneFS <9.5.1.2
Dell / PowerScale OneFS
|
OneFS <9.5.1.2 | ||
|
Dell integrated Dell Remote Access Controller <7.00.00.181
Dell / integrated Dell Remote Access Controller
|
<7.00.00.181 | ||
|
Red Hat JBoss Core Services <2.4.62
Red Hat / JBoss Core Services
|
<2.4.62 | ||
|
Dell integrated Dell Remote Access Controller <7.20.30.50
Dell / integrated Dell Remote Access Controller
|
<7.20.30.50 | ||
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Siemens SIMATIC S7 1500 CPU
Siemens / SIMATIC S7
|
cpe:/h:siemens:simatic_s7:1500_cpu
|
1500 CPU | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 | ||
|
Dell PowerScale OneFS OneFS
Dell / PowerScale OneFS
|
cpe:/a:dell:powerscale_onefs:onefs
|
OneFS | |
|
Tenable Security Nessus Network Monitor <6.5.0
Tenable Security / Nessus Network Monitor
|
<6.5.0 | ||
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Tenable Security Nessus Agent <10.7.2
Tenable Security / Nessus
|
Agent <10.7.2 | ||
|
Tenable Security Nessus <10.7.6
Tenable Security / Nessus
|
<10.7.6 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.17.5
Red Hat / OpenShift
|
Container Platform <4.17.5 | ||
|
NetApp Data ONTAP 9
NetApp / Data ONTAP
|
cpe:/a:netapp:data_ontap:9
|
9 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— | |
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Broadcom Brocade SANnav
Broadcom
|
cpe:/a:broadcom:brocade_sannav:-
|
— | |
|
IBM DB2 10.5
IBM / DB2
|
cpe:/a:ibm:db2:10.5
|
10.5 | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Hitachi Energy RTU500
Hitachi Energy
|
cpe:/h:abb:rtu500:-
|
— |
Affected products
Known affected
42 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
NetApp ActiveIQ Unified Manager for VMware vSphere
NetApp / ActiveIQ Unified Manager
|
cpe:/a:netapp:active_iq_unified_manager:for_vmware_vsphere
|
for VMware vSphere | |
|
OpenBSD OpenBSD 7.4
OpenBSD / OpenBSD
|
cpe:/a:openbsd:openbsd:7.4
|
7.4 | |
|
Red Hat OpenShift Logging Subsystem 5.9.7
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:logging_subsystem_5.9.7
|
Logging Subsystem 5.9.7 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM Tivoli Network Manager
IBM
|
cpe:/a:ibm:tivoli_network_manager:ip_edition
|
— | |
|
HCL Commerce
HCL
|
cpe:/a:hcltechsw:commerce:-
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Tenable Security Nessus <10.8.3
Tenable Security / Nessus
|
<10.8.3 | ||
|
IBM QRadar SIEM <7.5.0 UP10 IF01
IBM / QRadar SIEM
|
<7.5.0 UP10 IF01 | ||
|
IBM AIX 7.3
IBM / AIX
|
cpe:/o:ibm:aix:7.3
|
7.3 | |
|
Open Source expat <2.6.3
Open Source / expat
|
<2.6.3 | ||
|
Juniper Junos Space <24.1R2
Juniper / Junos Space
|
<24.1R2 | ||
|
Dell PowerScale OneFS OneFS <9.5.1.2
Dell / PowerScale OneFS
|
OneFS <9.5.1.2 | ||
|
Dell integrated Dell Remote Access Controller <7.00.00.181
Dell / integrated Dell Remote Access Controller
|
<7.00.00.181 | ||
|
Red Hat JBoss Core Services <2.4.62
Red Hat / JBoss Core Services
|
<2.4.62 | ||
|
Dell integrated Dell Remote Access Controller <7.20.30.50
Dell / integrated Dell Remote Access Controller
|
<7.20.30.50 | ||
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Siemens SIMATIC S7 1500 CPU
Siemens / SIMATIC S7
|
cpe:/h:siemens:simatic_s7:1500_cpu
|
1500 CPU | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 | ||
|
Dell PowerScale OneFS OneFS
Dell / PowerScale OneFS
|
cpe:/a:dell:powerscale_onefs:onefs
|
OneFS | |
|
Tenable Security Nessus Network Monitor <6.5.0
Tenable Security / Nessus Network Monitor
|
<6.5.0 | ||
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Tenable Security Nessus Agent <10.7.2
Tenable Security / Nessus
|
Agent <10.7.2 | ||
|
Tenable Security Nessus <10.7.6
Tenable Security / Nessus
|
<10.7.6 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.17.5
Red Hat / OpenShift
|
Container Platform <4.17.5 | ||
|
NetApp Data ONTAP 9
NetApp / Data ONTAP
|
cpe:/a:netapp:data_ontap:9
|
9 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— | |
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Broadcom Brocade SANnav
Broadcom
|
cpe:/a:broadcom:brocade_sannav:-
|
— | |
|
IBM DB2 10.5
IBM / DB2
|
cpe:/a:ibm:db2:10.5
|
10.5 | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Hitachi Energy RTU500
Hitachi Energy
|
cpe:/h:abb:rtu500:-
|
— |
References
87 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Expat ist ein XML Parser, der in der Programmiersprache-C geschrieben ist.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in expat ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-1951 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1951.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-1951 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1951"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-4hvh-m426-wv8w vom 2024-08-29",
"url": "https://github.com/advisories/GHSA-4hvh-m426-wv8w"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-784x-7qm2-gp97 vom 2024-08-29",
"url": "https://github.com/advisories/GHSA-784x-7qm2-gp97"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-5qxm-qvmj-8v79 vom 2024-08-29",
"url": "https://github.com/advisories/GHSA-5qxm-qvmj-8v79"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-F27C29C09C vom 2024-09-05",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-f27c29c09c"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-E86A48CD72 vom 2024-09-05",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-e86a48cd72"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-C7B547BEC5 vom 2024-09-05",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-c7b547bec5"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-C5D55D5845 vom 2024-09-05",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-c5d55d5845"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-527052AB76 vom 2024-09-05",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-527052ab76"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3182-1 vom 2024-09-09",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019396.html"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-2B163F9201 vom 2024-09-10",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-2b163f9201"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-F750328C3B vom 2024-09-10",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-f750328c3b"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-39D459DD00 vom 2024-09-10",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-39d459dd00"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-7DB9258D37 vom 2024-09-11",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-7db9258d37"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-1E6D6F8452 vom 2024-09-11",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-1e6d6f8452"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-6DEDBC5CF9 vom 2024-09-11",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-6dedbc5cf9"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-7A069F48E4 vom 2024-09-11",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-7a069f48e4"
},
{
"category": "external",
"summary": "Tenable Security Advisory TNS-2024-16 vom 2024-09-11",
"url": "https://de.tenable.com/security/tns-2024-16"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-F652468298 vom 2024-09-11",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-f652468298"
},
{
"category": "external",
"summary": "Tenable Security Advisory TNS-2024-15 vom 2024-09-11",
"url": "https://de.tenable.com/security/tns-2024-15"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-308628EBB8 vom 2024-09-11",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-308628ebb8"
},
{
"category": "external",
"summary": "Tenable Security Advisory TNS-2024-14 vom 2024-09-11",
"url": "https://de.tenable.com/security/tns-2024-14"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7000-1 vom 2024-09-12",
"url": "https://ubuntu.com/security/notices/USN-7000-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7001-1 vom 2024-09-12",
"url": "https://ubuntu.com/security/notices/USN-7001-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3216-1 vom 2024-09-12",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/GRFZVMTSYLAIIM3O4QORWKBZLMEVFR5R/"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7001-2 vom 2024-09-17",
"url": "https://ubuntu.com/security/notices/USN-7001-2"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5770 vom 2024-09-18",
"url": "https://lists.debian.org/debian-security-announce/2024/msg00183.html"
},
{
"category": "external",
"summary": "OpenBSD 7.4 Errata vom 2024-09-17",
"url": "http://www.openbsd.org/errata74.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7000-2 vom 2024-09-17",
"url": "https://ubuntu.com/security/notices/USN-7000-2"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:6754 vom 2024-09-18",
"url": "https://access.redhat.com/errata/RHSA-2024:6754"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3893 vom 2024-09-19",
"url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00036.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-6754 vom 2024-09-19",
"url": "https://linux.oracle.com/errata/ELSA-2024-6754.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:6989 vom 2024-09-24",
"url": "https://access.redhat.com/errata/RHSA-2024:6989"
},
{
"category": "external",
"summary": "Tenable Security Advisory TNS-2024-17 vom 2024-09-24",
"url": "https://de.tenable.com/security/tns-2024-17"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-6989 vom 2024-09-25",
"url": "https://linux.oracle.com/errata/ELSA-2024-6989.html"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:6754 vom 2024-09-30",
"url": "https://errata.build.resf.org/RLSA-2024:6754"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7443 vom 2024-10-01",
"url": "https://access.redhat.com/errata/RHSA-2024:7443"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7324 vom 2024-10-02",
"url": "https://access.redhat.com/errata/RHSA-2024:7324"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3515-1 vom 2024-10-03",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-October/019545.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7726 vom 2024-10-07",
"url": "https://access.redhat.com/errata/RHSA-2024:7726"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7725 vom 2024-10-07",
"url": "https://access.redhat.com/errata/RHSA-2024:7725"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7724 vom 2024-10-07",
"url": "https://access.redhat.com/errata/RHSA-2024:7724"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7323 vom 2024-10-07",
"url": "https://access.redhat.com/errata/RHSA-2024:7323"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3538-1 vom 2024-10-07",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/67DVWJC3OZSFQYKJ3MMCJSQM4LKUJXH5/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7744 vom 2024-10-07",
"url": "https://access.redhat.com/errata/RHSA-2024:7744"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7599 vom 2024-10-09",
"url": "https://access.redhat.com/errata/RHSA-2024:7599"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3554-1 vom 2024-10-09",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/NII5WWMANSN5NYNMNOK7LJ2P5FT7TW5X/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8113 vom 2024-10-15",
"url": "https://access.redhat.com/errata/RHSA-2024:8113"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8315 vom 2024-10-23",
"url": "https://access.redhat.com/errata/RHSA-2024:8315"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8314 vom 2024-10-23",
"url": "https://access.redhat.com/errata/RHSA-2024:8314"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8317 vom 2024-10-23",
"url": "https://access.redhat.com/errata/RHSA-2024:8317"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8318 vom 2024-10-23",
"url": "https://access.redhat.com/errata/RHSA-2024:8318"
},
{
"category": "external",
"summary": "IBM Security Bulletin",
"url": "https://www.ibm.com/support/pages/node/7174634"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8859 vom 2024-11-05",
"url": "https://access.redhat.com/errata/RHSA-2024:8859"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-8859 vom 2024-11-06",
"url": "https://linux.oracle.com/errata/ELSA-2024-8859.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7174912 vom 2024-11-06",
"url": "https://www.ibm.com/support/pages/node/7174912"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:9583 vom 2024-11-13",
"url": "https://access.redhat.com/errata/RHSA-2024:9583"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:9610 vom 2024-11-19",
"url": "https://access.redhat.com/errata/RHSA-2024:9610"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-9541 vom 2024-11-19",
"url": "https://linux.oracle.com/errata/ELSA-2024-9541.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:10135 vom 2024-11-21",
"url": "https://access.redhat.com/errata/RHSA-2024:10135"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2024-2710 vom 2024-12-20",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2024-2710.html"
},
{
"category": "external",
"summary": "Juniper Security Advisory JSA92874 vom 2024-01-09",
"url": "https://supportportal.juniper.net/s/article/2025-01-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-24-1R2-release"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2025-1953 vom 2025-01-10",
"url": "https://alas.aws.amazon.com/ALAS-2025-1953.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7181897 vom 2025-01-29",
"url": "https://www.ibm.com/support/pages/node/7181897"
},
{
"category": "external",
"summary": "Brocade Security Advisory BSA-2025-2889 vom 2025-02-13",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25416"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2025-082 vom 2025-02-27",
"url": "https://www.dell.com/support/kbdoc/de-de/000289682/dsa-2025-082-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:3453 vom 2025-04-02",
"url": "https://access.redhat.com/errata/RHSA-2025:3453"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2025-146 vom 2025-04-08",
"url": "https://www.dell.com/support/kbdoc/en-us/000299628/dsa-2025-146-security-update-for-dell-idrac9-vulnerabilities"
},
{
"category": "external",
"summary": "Juniper Security Bulletin",
"url": "https://supportportal.juniper.net/s/article/2025-01-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-24-1R2-release?language=en_US"
},
{
"category": "external",
"summary": "XEROX Security Advisory XRX25-012 vom 2025-06-02",
"url": "https://security.business.xerox.com/wp-content/uploads/2025/06/Xerox-Security-Bulletin-XRX25-012-for-Xerox-FreeFlow-Print-Server-v9.pdf"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20311-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021027.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20207-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021128.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20045-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021308.html"
},
{
"category": "external",
"summary": "Siemens Security Advisory SSA-082556 vom 2025-06-10",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
},
{
"category": "external",
"summary": "NetApp Security Advisory NTAP-20241018-0004 vom 2025-06-27",
"url": "https://security.netapp.com/advisory/NTAP-20241018-0004"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7240946 vom 2025-07-29",
"url": "https://www.ibm.com/support/pages/node/7240946"
},
{
"category": "external",
"summary": "Security Update for Dell PowerProtect Data Domain",
"url": "https://www.dell.com/support/kbdoc/en-us/000348708/dsa-2025-159-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2025-339 vom 2025-09-01",
"url": "https://www.dell.com/support/kbdoc/de-de/000362542/dsa-2025-339-security-update-for-dell-avamar-data-store-gen5a-multiple-third-party-component-vulnerabilities"
},
{
"category": "external",
"summary": "Hitachi Cybersecurity Advisory vom 2025-09-09",
"url": "https://publisher.hitachienergy.com/preview?DocumentID=8DBD000220\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=launch"
},
{
"category": "external",
"summary": "Dell Security Update vom 2025-10-02",
"url": "https://www.dell.com/support/kbdoc/000376224"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2025-166 vom 2025-10-14",
"url": "https://www.dell.com/support/kbdoc/de-de/000363693/dsa-2025-166-security-update-for-dell-powerscale-onefs-multiple-third-party-component-vulnerabilities"
},
{
"category": "external",
"summary": "HCL Security Bulletin vom 2025-10-24",
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0123933"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-21974 vom 2025-11-25",
"url": "https://linux.oracle.com/errata/ELSA-2025-21974.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:4512-1 vom 2025-12-23",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/H4CBPEKUMNLOAYYETXAND72O7OIGML3Z/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0044-1 vom 2026-01-07",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DYBBINHYLAINR25RRTDR6X7YXACH3VOF/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0044-1 vom 2026-01-07",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023693.html"
}
],
"source_lang": "en-US",
"title": "expat: Mehrere Schwachstellen erm\u00f6glichen Denial of Service",
"tracking": {
"current_release_date": "2026-01-06T23:00:00.000+00:00",
"generator": {
"date": "2026-01-07T09:25:24.378+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2024-1951",
"initial_release_date": "2024-08-29T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-08-29T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-09-05T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2024-09-09T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-09-10T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2024-09-11T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Fedora und Tenable aufgenommen"
},
{
"date": "2024-09-12T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Ubuntu und SUSE aufgenommen"
},
{
"date": "2024-09-17T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Ubuntu und Debian aufgenommen"
},
{
"date": "2024-09-18T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat, Debian und Oracle Linux aufgenommen"
},
{
"date": "2024-09-23T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-09-24T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Tenable und Oracle Linux aufgenommen"
},
{
"date": "2024-09-30T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2024-10-03T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Red Hat und SUSE aufgenommen"
},
{
"date": "2024-10-06T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-10-07T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Red Hat und SUSE aufgenommen"
},
{
"date": "2024-10-08T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Red Hat und SUSE aufgenommen"
},
{
"date": "2024-10-14T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-10-23T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-10-31T23:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-11-04T23:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-11-05T23:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Oracle Linux und IBM aufgenommen"
},
{
"date": "2024-11-13T23:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-11-18T23:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-11-19T23:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-11-20T23:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-12-19T23:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2025-01-08T23:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von Juniper aufgenommen"
},
{
"date": "2025-01-09T23:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2025-01-28T23:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-02-13T23:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates von BROCADE aufgenommen"
},
{
"date": "2025-02-27T23:00:00.000+00:00",
"number": "30",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2025-04-02T22:00:00.000+00:00",
"number": "31",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-04-08T22:00:00.000+00:00",
"number": "32",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2025-04-10T22:00:00.000+00:00",
"number": "33",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2025-06-02T22:00:00.000+00:00",
"number": "34",
"summary": "Neue Updates von XEROX aufgenommen"
},
{
"date": "2025-06-03T22:00:00.000+00:00",
"number": "35",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-06-04T22:00:00.000+00:00",
"number": "36",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-06-10T22:00:00.000+00:00",
"number": "37",
"summary": "Neue Updates von Siemens aufgenommen"
},
{
"date": "2025-06-29T22:00:00.000+00:00",
"number": "38",
"summary": "Neue Updates von NetApp aufgenommen"
},
{
"date": "2025-07-29T22:00:00.000+00:00",
"number": "39",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-08-04T22:00:00.000+00:00",
"number": "40",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2025-08-31T22:00:00.000+00:00",
"number": "41",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2025-09-08T22:00:00.000+00:00",
"number": "42",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2025-10-01T22:00:00.000+00:00",
"number": "43",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2025-10-13T22:00:00.000+00:00",
"number": "44",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2025-10-26T23:00:00.000+00:00",
"number": "45",
"summary": "Neue Updates von HCL aufgenommen"
},
{
"date": "2025-11-25T23:00:00.000+00:00",
"number": "46",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2025-12-23T23:00:00.000+00:00",
"number": "47",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-01-06T23:00:00.000+00:00",
"number": "48",
"summary": "Neue Updates von SUSE aufgenommen"
}
],
"status": "final",
"version": "48"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Broadcom Brocade SANnav",
"product": {
"name": "Broadcom Brocade SANnav",
"product_id": "T034392",
"product_identification_helper": {
"cpe": "cpe:/a:broadcom:brocade_sannav:-"
}
}
}
],
"category": "vendor",
"name": "Broadcom"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Dell Avamar",
"product": {
"name": "Dell Avamar",
"product_id": "T039664",
"product_identification_helper": {
"cpe": "cpe:/a:dell:avamar:-"
}
}
},
{
"branches": [
{
"category": "product_name",
"name": "Dell PowerProtect Data Domain",
"product": {
"name": "Dell PowerProtect Data Domain",
"product_id": "T045852",
"product_identification_helper": {
"cpe": "cpe:/a:dell:powerprotect_data_domain:-"
}
}
},
{
"category": "product_version_range",
"name": "\u003c8.4.0.0",
"product": {
"name": "Dell PowerProtect Data Domain \u003c8.4.0.0",
"product_id": "T045879"
}
},
{
"category": "product_version",
"name": "8.4.0.0",
"product": {
"name": "Dell PowerProtect Data Domain 8.4.0.0",
"product_id": "T045879-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:powerprotect_data_domain:8.4.0.0"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.10.1.70",
"product": {
"name": "Dell PowerProtect Data Domain \u003c7.10.1.70",
"product_id": "T045881"
}
},
{
"category": "product_version",
"name": "7.10.1.70",
"product": {
"name": "Dell PowerProtect Data Domain 7.10.1.70",
"product_id": "T045881-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:powerprotect_data_domain:7.10.1.70"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.13.1.40",
"product": {
"name": "Dell PowerProtect Data Domain \u003c7.13.1.40",
"product_id": "T047343"
}
},
{
"category": "product_version",
"name": "7.13.1.40",
"product": {
"name": "Dell PowerProtect Data Domain 7.13.1.40",
"product_id": "T047343-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:powerprotect_data_domain:7.13.1.40"
}
}
},
{
"category": "product_version_range",
"name": "\u003c8.3.1.10",
"product": {
"name": "Dell PowerProtect Data Domain \u003c8.3.1.10",
"product_id": "T047344"
}
},
{
"category": "product_version",
"name": "8.3.1.10",
"product": {
"name": "Dell PowerProtect Data Domain 8.3.1.10",
"product_id": "T047344-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:powerprotect_data_domain:8.3.1.10"
}
}
}
],
"category": "product_name",
"name": "PowerProtect Data Domain"
},
{
"category": "product_name",
"name": "Dell PowerProtect Data Domain Management Center",
"product": {
"name": "Dell PowerProtect Data Domain Management Center",
"product_id": "T045853",
"product_identification_helper": {
"cpe": "cpe:/a:dell:powerprotect_data_domain_management_center:-"
}
}
},
{
"category": "product_name",
"name": "Dell PowerProtect Data Domain OS",
"product": {
"name": "Dell PowerProtect Data Domain OS",
"product_id": "T045854",
"product_identification_helper": {
"cpe": "cpe:/o:dell:powerprotect_data_domain_os:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "OneFS",
"product": {
"name": "Dell PowerScale OneFS OneFS",
"product_id": "T034610",
"product_identification_helper": {
"cpe": "cpe:/a:dell:powerscale_onefs:onefs"
}
}
},
{
"category": "product_version_range",
"name": "OneFS \u003c9.5.1.2",
"product": {
"name": "Dell PowerScale OneFS OneFS \u003c9.5.1.2",
"product_id": "T040051"
}
},
{
"category": "product_version",
"name": "OneFS 9.5.1.2",
"product": {
"name": "Dell PowerScale OneFS OneFS 9.5.1.2",
"product_id": "T040051-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:powerscale_onefs:onefs__9.5.1.2"
}
}
}
],
"category": "product_name",
"name": "PowerScale OneFS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.00.00.181",
"product": {
"name": "Dell integrated Dell Remote Access Controller \u003c7.00.00.181",
"product_id": "T042656"
}
},
{
"category": "product_version",
"name": "7.00.00.181",
"product": {
"name": "Dell integrated Dell Remote Access Controller 7.00.00.181",
"product_id": "T042656-fixed",
"product_identification_helper": {
"cpe": "cpe:/h:dell:idrac:7.00.00.181"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.20.30.50",
"product": {
"name": "Dell integrated Dell Remote Access Controller \u003c7.20.30.50",
"product_id": "T042657"
}
},
{
"category": "product_version",
"name": "7.20.30.50",
"product": {
"name": "Dell integrated Dell Remote Access Controller 7.20.30.50",
"product_id": "T042657-fixed",
"product_identification_helper": {
"cpe": "cpe:/h:dell:idrac:7.20.30.50"
}
}
}
],
"category": "product_name",
"name": "integrated Dell Remote Access Controller"
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"category": "product_name",
"name": "HCL Commerce",
"product": {
"name": "HCL Commerce",
"product_id": "T019294",
"product_identification_helper": {
"cpe": "cpe:/a:hcltechsw:commerce:-"
}
}
}
],
"category": "vendor",
"name": "HCL"
},
{
"branches": [
{
"category": "product_name",
"name": "Hitachi Energy RTU500",
"product": {
"name": "Hitachi Energy RTU500",
"product_id": "T027844",
"product_identification_helper": {
"cpe": "cpe:/h:abb:rtu500:-"
}
}
}
],
"category": "vendor",
"name": "Hitachi Energy"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "7.3",
"product": {
"name": "IBM AIX 7.3",
"product_id": "1139691",
"product_identification_helper": {
"cpe": "cpe:/o:ibm:aix:7.3"
}
}
}
],
"category": "product_name",
"name": "AIX"
},
{
"branches": [
{
"category": "product_version",
"name": "11.1",
"product": {
"name": "IBM DB2 11.1",
"product_id": "342000",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:db2:11.1"
}
}
},
{
"category": "product_version",
"name": "10.5",
"product": {
"name": "IBM DB2 10.5",
"product_id": "T045714",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:db2:10.5"
}
}
}
],
"category": "product_name",
"name": "DB2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.5.0 UP10 IF01",
"product": {
"name": "IBM QRadar SIEM \u003c7.5.0 UP10 IF01",
"product_id": "T038741"
}
},
{
"category": "product_version",
"name": "7.5.0 UP10 IF01",
"product": {
"name": "IBM QRadar SIEM 7.5.0 UP10 IF01",
"product_id": "T038741-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.5.0_up10_if01"
}
}
}
],
"category": "product_name",
"name": "QRadar SIEM"
},
{
"category": "product_name",
"name": "IBM Tivoli Network Manager",
"product": {
"name": "IBM Tivoli Network Manager",
"product_id": "T012578",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:tivoli_network_manager:ip_edition"
}
}
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c24.1R2",
"product": {
"name": "Juniper Junos Space \u003c24.1R2",
"product_id": "T040074"
}
},
{
"category": "product_version",
"name": "24.1R2",
"product": {
"name": "Juniper Junos Space 24.1R2",
"product_id": "T040074-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:juniper:junos_space:24.1r2"
}
}
}
],
"category": "product_name",
"name": "Junos Space"
}
],
"category": "vendor",
"name": "Juniper"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "for VMware vSphere",
"product": {
"name": "NetApp ActiveIQ Unified Manager for VMware vSphere",
"product_id": "T025152",
"product_identification_helper": {
"cpe": "cpe:/a:netapp:active_iq_unified_manager:for_vmware_vsphere"
}
}
}
],
"category": "product_name",
"name": "ActiveIQ Unified Manager"
},
{
"branches": [
{
"category": "product_version",
"name": "9",
"product": {
"name": "NetApp Data ONTAP 9",
"product_id": "T039981",
"product_identification_helper": {
"cpe": "cpe:/a:netapp:data_ontap:9"
}
}
}
],
"category": "product_name",
"name": "Data ONTAP"
}
],
"category": "vendor",
"name": "NetApp"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2.6.3",
"product": {
"name": "Open Source expat \u003c2.6.3",
"product_id": "T037194"
}
},
{
"category": "product_version",
"name": "2.6.3",
"product": {
"name": "Open Source expat 2.6.3",
"product_id": "T037194-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:expat:expat:2.6.3"
}
}
}
],
"category": "product_name",
"name": "expat"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "7.4",
"product": {
"name": "OpenBSD OpenBSD 7.4",
"product_id": "T033213",
"product_identification_helper": {
"cpe": "cpe:/a:openbsd:openbsd:7.4"
}
}
}
],
"category": "product_name",
"name": "OpenBSD"
}
],
"category": "vendor",
"name": "OpenBSD"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2.4.62",
"product": {
"name": "Red Hat JBoss Core Services \u003c2.4.62",
"product_id": "T042316"
}
},
{
"category": "product_version",
"name": "2.4.62",
"product": {
"name": "Red Hat JBoss Core Services 2.4.62",
"product_id": "T042316-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_core_services:2.4.62"
}
}
}
],
"category": "product_name",
"name": "JBoss Core Services"
},
{
"branches": [
{
"category": "product_version",
"name": "Logging Subsystem 5.9.7",
"product": {
"name": "Red Hat OpenShift Logging Subsystem 5.9.7",
"product_id": "T037939",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:logging_subsystem_5.9.7"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.17.5",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.17.5",
"product_id": "T039244"
}
},
{
"category": "product_version",
"name": "Container Platform 4.17.5",
"product": {
"name": "Red Hat OpenShift Container Platform 4.17.5",
"product_id": "T039244-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.17.5"
}
}
}
],
"category": "product_name",
"name": "OpenShift"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "1500 CPU",
"product": {
"name": "Siemens SIMATIC S7 1500 CPU",
"product_id": "T025776",
"product_identification_helper": {
"cpe": "cpe:/h:siemens:simatic_s7:1500_cpu"
}
}
}
],
"category": "product_name",
"name": "SIMATIC S7"
}
],
"category": "vendor",
"name": "Siemens"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "Agent \u003c10.7.2",
"product": {
"name": "Tenable Security Nessus Agent \u003c10.7.2",
"product_id": "T037548"
}
},
{
"category": "product_version",
"name": "Agent 10.7.2",
"product": {
"name": "Tenable Security Nessus Agent 10.7.2",
"product_id": "T037548-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:tenable:nessus:agent__10.7.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c10.7.6",
"product": {
"name": "Tenable Security Nessus \u003c10.7.6",
"product_id": "T037549"
}
},
{
"category": "product_version",
"name": "10.7.6",
"product": {
"name": "Tenable Security Nessus 10.7.6",
"product_id": "T037549-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:tenable:nessus:10.7.6"
}
}
},
{
"category": "product_version_range",
"name": "\u003c10.8.3",
"product": {
"name": "Tenable Security Nessus \u003c10.8.3",
"product_id": "T037550"
}
},
{
"category": "product_version",
"name": "10.8.3",
"product": {
"name": "Tenable Security Nessus 10.8.3",
"product_id": "T037550-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:tenable:nessus:10.8.3"
}
}
}
],
"category": "product_name",
"name": "Nessus"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.5.0",
"product": {
"name": "Tenable Security Nessus Network Monitor \u003c6.5.0",
"product_id": "T037807"
}
},
{
"category": "product_version",
"name": "6.5.0",
"product": {
"name": "Tenable Security Nessus Network Monitor 6.5.0",
"product_id": "T037807-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:tenable:nessus_network_monitor:6.5.0"
}
}
}
],
"category": "product_name",
"name": "Nessus Network Monitor"
}
],
"category": "vendor",
"name": "Tenable Security"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "9",
"product": {
"name": "Xerox FreeFlow Print Server 9",
"product_id": "T002977",
"product_identification_helper": {
"cpe": "cpe:/a:xerox:freeflow_print_server:9"
}
}
}
],
"category": "product_name",
"name": "FreeFlow Print Server"
}
],
"category": "vendor",
"name": "Xerox"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-45490",
"product_status": {
"known_affected": [
"T025152",
"T033213",
"T037939",
"67646",
"T012578",
"T019294",
"T002977",
"T004914",
"T037550",
"T038741",
"1139691",
"T037194",
"T040074",
"T040051",
"T042656",
"T042316",
"T042657",
"T047343",
"398363",
"T025776",
"T045881",
"T047344",
"T034610",
"T037807",
"342000",
"T037548",
"T037549",
"T032255",
"T039244",
"T039981",
"74185",
"T039664",
"T045853",
"T045852",
"T045854",
"2951",
"T002207",
"T034392",
"T045714",
"T045879",
"T000126",
"T027844"
]
},
"release_date": "2024-08-29T22:00:00.000+00:00",
"title": "CVE-2024-45490"
},
{
"cve": "CVE-2024-45491",
"product_status": {
"known_affected": [
"T025152",
"T033213",
"T037939",
"67646",
"T012578",
"T019294",
"T002977",
"T004914",
"T037550",
"T038741",
"1139691",
"T037194",
"T040074",
"T040051",
"T042656",
"T042316",
"T042657",
"T047343",
"398363",
"T025776",
"T045881",
"T047344",
"T034610",
"T037807",
"342000",
"T037548",
"T037549",
"T032255",
"T039244",
"T039981",
"74185",
"T039664",
"T045853",
"T045852",
"T045854",
"2951",
"T002207",
"T034392",
"T045714",
"T045879",
"T000126",
"T027844"
]
},
"release_date": "2024-08-29T22:00:00.000+00:00",
"title": "CVE-2024-45491"
},
{
"cve": "CVE-2024-45492",
"product_status": {
"known_affected": [
"T025152",
"T033213",
"T037939",
"67646",
"T012578",
"T019294",
"T002977",
"T004914",
"T037550",
"T038741",
"1139691",
"T037194",
"T040074",
"T040051",
"T042656",
"T042316",
"T042657",
"T047343",
"398363",
"T025776",
"T045881",
"T047344",
"T034610",
"T037807",
"342000",
"T037548",
"T037549",
"T032255",
"T039244",
"T039981",
"74185",
"T039664",
"T045853",
"T045852",
"T045854",
"2951",
"T002207",
"T034392",
"T045714",
"T045879",
"T000126",
"T027844"
]
},
"release_date": "2024-08-29T22:00:00.000+00:00",
"title": "CVE-2024-45492"
}
]
}
WID-SEC-W-2024-3691
Vulnerability from csaf_certbund - Published: 2024-12-11 23:00 - Updated: 2025-05-12 22:00Summary
Apple iOS und iPadOS: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Das Apple iOS (vormals iPhone OS) ist das Betriebssystem für das von Apple entwickelte Smartphone iPhone, iPad und iPod Touch.
Das Apple iPadOS ist das Betriebssystem für das von Apple entwickelte iPad.
Angriff: Ein Angreifer kann mehrere Schwachstellen in Apple iOS und Apple iPadOS ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand zu erzeugen.
Betroffene Betriebssysteme: - iPhoneOS
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <17.7.3
Apple / iPadOS
|
<17.7.3 | ||
|
Apple iPadOS <18.2
Apple / iPadOS
|
<18.2 | ||
|
Apple iOS <18.2
Apple / iOS
|
<18.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <17.7.3
Apple / iPadOS
|
<17.7.3 | ||
|
Apple iPadOS <18.2
Apple / iPadOS
|
<18.2 | ||
|
Apple iOS <18.2
Apple / iOS
|
<18.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <17.7.3
Apple / iPadOS
|
<17.7.3 | ||
|
Apple iPadOS <18.2
Apple / iPadOS
|
<18.2 | ||
|
Apple iOS <18.2
Apple / iOS
|
<18.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <17.7.3
Apple / iPadOS
|
<17.7.3 | ||
|
Apple iPadOS <18.2
Apple / iPadOS
|
<18.2 | ||
|
Apple iOS <18.2
Apple / iOS
|
<18.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <17.7.3
Apple / iPadOS
|
<17.7.3 | ||
|
Apple iPadOS <18.2
Apple / iPadOS
|
<18.2 | ||
|
Apple iOS <18.2
Apple / iOS
|
<18.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <17.7.3
Apple / iPadOS
|
<17.7.3 | ||
|
Apple iPadOS <18.2
Apple / iPadOS
|
<18.2 | ||
|
Apple iOS <18.2
Apple / iOS
|
<18.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <17.7.3
Apple / iPadOS
|
<17.7.3 | ||
|
Apple iPadOS <18.2
Apple / iPadOS
|
<18.2 | ||
|
Apple iOS <18.2
Apple / iOS
|
<18.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <17.7.3
Apple / iPadOS
|
<17.7.3 | ||
|
Apple iPadOS <18.2
Apple / iPadOS
|
<18.2 | ||
|
Apple iOS <18.2
Apple / iOS
|
<18.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <17.7.3
Apple / iPadOS
|
<17.7.3 | ||
|
Apple iPadOS <18.2
Apple / iPadOS
|
<18.2 | ||
|
Apple iOS <18.2
Apple / iOS
|
<18.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <17.7.3
Apple / iPadOS
|
<17.7.3 | ||
|
Apple iPadOS <18.2
Apple / iPadOS
|
<18.2 | ||
|
Apple iOS <18.2
Apple / iOS
|
<18.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <17.7.3
Apple / iPadOS
|
<17.7.3 | ||
|
Apple iPadOS <18.2
Apple / iPadOS
|
<18.2 | ||
|
Apple iOS <18.2
Apple / iOS
|
<18.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <17.7.3
Apple / iPadOS
|
<17.7.3 | ||
|
Apple iPadOS <18.2
Apple / iPadOS
|
<18.2 | ||
|
Apple iOS <18.2
Apple / iOS
|
<18.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <17.7.3
Apple / iPadOS
|
<17.7.3 | ||
|
Apple iPadOS <18.2
Apple / iPadOS
|
<18.2 | ||
|
Apple iOS <18.2
Apple / iOS
|
<18.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <17.7.3
Apple / iPadOS
|
<17.7.3 | ||
|
Apple iPadOS <18.2
Apple / iPadOS
|
<18.2 | ||
|
Apple iOS <18.2
Apple / iOS
|
<18.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <17.7.3
Apple / iPadOS
|
<17.7.3 | ||
|
Apple iPadOS <18.2
Apple / iPadOS
|
<18.2 | ||
|
Apple iOS <18.2
Apple / iOS
|
<18.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <17.7.3
Apple / iPadOS
|
<17.7.3 | ||
|
Apple iPadOS <18.2
Apple / iPadOS
|
<18.2 | ||
|
Apple iOS <18.2
Apple / iOS
|
<18.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <17.7.3
Apple / iPadOS
|
<17.7.3 | ||
|
Apple iPadOS <18.2
Apple / iPadOS
|
<18.2 | ||
|
Apple iOS <18.2
Apple / iOS
|
<18.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <17.7.3
Apple / iPadOS
|
<17.7.3 | ||
|
Apple iPadOS <18.2
Apple / iPadOS
|
<18.2 | ||
|
Apple iOS <18.2
Apple / iOS
|
<18.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <17.7.3
Apple / iPadOS
|
<17.7.3 | ||
|
Apple iPadOS <18.2
Apple / iPadOS
|
<18.2 | ||
|
Apple iOS <18.2
Apple / iOS
|
<18.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <17.7.3
Apple / iPadOS
|
<17.7.3 | ||
|
Apple iPadOS <18.2
Apple / iPadOS
|
<18.2 | ||
|
Apple iOS <18.2
Apple / iOS
|
<18.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <17.7.3
Apple / iPadOS
|
<17.7.3 | ||
|
Apple iPadOS <18.2
Apple / iPadOS
|
<18.2 | ||
|
Apple iOS <18.2
Apple / iOS
|
<18.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <17.7.3
Apple / iPadOS
|
<17.7.3 | ||
|
Apple iPadOS <18.2
Apple / iPadOS
|
<18.2 | ||
|
Apple iOS <18.2
Apple / iOS
|
<18.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <17.7.3
Apple / iPadOS
|
<17.7.3 | ||
|
Apple iPadOS <18.2
Apple / iPadOS
|
<18.2 | ||
|
Apple iOS <18.2
Apple / iOS
|
<18.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <17.7.3
Apple / iPadOS
|
<17.7.3 | ||
|
Apple iPadOS <18.2
Apple / iPadOS
|
<18.2 | ||
|
Apple iOS <18.2
Apple / iOS
|
<18.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple iPadOS <17.7.3
Apple / iPadOS
|
<17.7.3 | ||
|
Apple iPadOS <18.2
Apple / iPadOS
|
<18.2 | ||
|
Apple iOS <18.2
Apple / iOS
|
<18.2 |
References
4 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Das Apple iOS (vormals iPhone OS) ist das Betriebssystem f\u00fcr das von Apple entwickelte Smartphone iPhone, iPad und iPod Touch.\r\nDas Apple iPadOS ist das Betriebssystem f\u00fcr das von Apple entwickelte iPad.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Apple iOS und Apple iPadOS ausnutzen, um seine Privilegien zu erh\u00f6hen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand zu erzeugen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- iPhoneOS",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-3691 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3691.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-3691 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3691"
},
{
"category": "external",
"summary": "Apple Security Announce vom 2024-12-11",
"url": "https://lists.apple.com/archives/security-announce/2024/Dec/msg00000.html"
},
{
"category": "external",
"summary": "Apple Security Announce vom 2024-12-11",
"url": "https://lists.apple.com/archives/security-announce/2024/Dec/msg00001.html"
}
],
"source_lang": "en-US",
"title": "Apple iOS und iPadOS: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-05-12T22:00:00.000+00:00",
"generator": {
"date": "2025-05-13T06:01:00.900+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2024-3691",
"initial_release_date": "2024-12-11T23:00:00.000+00:00",
"revision_history": [
{
"date": "2024-12-11T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-03-27T23:00:00.000+00:00",
"number": "2",
"summary": "CVE-2024-44276, CVE-2024-54512 erg\u00e4nzt"
},
{
"date": "2025-05-12T22:00:00.000+00:00",
"number": "3",
"summary": "CVE erg\u00e4nzt"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c18.2",
"product": {
"name": "Apple iOS \u003c18.2",
"product_id": "T039801"
}
},
{
"category": "product_version",
"name": "18.2",
"product": {
"name": "Apple iOS 18.2",
"product_id": "T039801-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:apple:iphone_os:18.2"
}
}
}
],
"category": "product_name",
"name": "iOS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c18.2",
"product": {
"name": "Apple iPadOS \u003c18.2",
"product_id": "T039802"
}
},
{
"category": "product_version",
"name": "18.2",
"product": {
"name": "Apple iPadOS 18.2",
"product_id": "T039802-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:apple:ipados:18.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c17.7.3",
"product": {
"name": "Apple iPadOS \u003c17.7.3",
"product_id": "T039803"
}
},
{
"category": "product_version",
"name": "17.7.3",
"product": {
"name": "Apple iPadOS 17.7.3",
"product_id": "T039803-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:apple:ipados:17.7.3"
}
}
}
],
"category": "product_name",
"name": "iPadOS"
}
],
"category": "vendor",
"name": "Apple"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-44201",
"product_status": {
"known_affected": [
"T039803",
"T039802",
"T039801"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-44201"
},
{
"cve": "CVE-2024-44225",
"product_status": {
"known_affected": [
"T039803",
"T039802",
"T039801"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-44225"
},
{
"cve": "CVE-2024-44245",
"product_status": {
"known_affected": [
"T039803",
"T039802",
"T039801"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-44245"
},
{
"cve": "CVE-2024-44246",
"product_status": {
"known_affected": [
"T039803",
"T039802",
"T039801"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-44246"
},
{
"cve": "CVE-2024-44276",
"product_status": {
"known_affected": [
"T039803",
"T039802",
"T039801"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-44276"
},
{
"cve": "CVE-2024-45490",
"product_status": {
"known_affected": [
"T039803",
"T039802",
"T039801"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-45490"
},
{
"cve": "CVE-2024-54479",
"product_status": {
"known_affected": [
"T039803",
"T039802",
"T039801"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54479"
},
{
"cve": "CVE-2024-54485",
"product_status": {
"known_affected": [
"T039803",
"T039802",
"T039801"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54485"
},
{
"cve": "CVE-2024-54486",
"product_status": {
"known_affected": [
"T039803",
"T039802",
"T039801"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54486"
},
{
"cve": "CVE-2024-54492",
"product_status": {
"known_affected": [
"T039803",
"T039802",
"T039801"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54492"
},
{
"cve": "CVE-2024-54494",
"product_status": {
"known_affected": [
"T039803",
"T039802",
"T039801"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54494"
},
{
"cve": "CVE-2024-54500",
"product_status": {
"known_affected": [
"T039803",
"T039802",
"T039801"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54500"
},
{
"cve": "CVE-2024-54501",
"product_status": {
"known_affected": [
"T039803",
"T039802",
"T039801"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54501"
},
{
"cve": "CVE-2024-54502",
"product_status": {
"known_affected": [
"T039803",
"T039802",
"T039801"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54502"
},
{
"cve": "CVE-2024-54503",
"product_status": {
"known_affected": [
"T039803",
"T039802",
"T039801"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54503"
},
{
"cve": "CVE-2024-54505",
"product_status": {
"known_affected": [
"T039803",
"T039802",
"T039801"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54505"
},
{
"cve": "CVE-2024-54508",
"product_status": {
"known_affected": [
"T039803",
"T039802",
"T039801"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54508"
},
{
"cve": "CVE-2024-54510",
"product_status": {
"known_affected": [
"T039803",
"T039802",
"T039801"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54510"
},
{
"cve": "CVE-2024-54512",
"product_status": {
"known_affected": [
"T039803",
"T039802",
"T039801"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54512"
},
{
"cve": "CVE-2024-54513",
"product_status": {
"known_affected": [
"T039803",
"T039802",
"T039801"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54513"
},
{
"cve": "CVE-2024-54514",
"product_status": {
"known_affected": [
"T039803",
"T039802",
"T039801"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54514"
},
{
"cve": "CVE-2024-54526",
"product_status": {
"known_affected": [
"T039803",
"T039802",
"T039801"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54526"
},
{
"cve": "CVE-2024-54527",
"product_status": {
"known_affected": [
"T039803",
"T039802",
"T039801"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54527"
},
{
"cve": "CVE-2024-54534",
"product_status": {
"known_affected": [
"T039803",
"T039802",
"T039801"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54534"
},
{
"cve": "CVE-2025-24091",
"product_status": {
"known_affected": [
"T039803",
"T039802",
"T039801"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2025-24091"
}
]
}
WID-SEC-W-2024-3692
Vulnerability from csaf_certbund - Published: 2024-12-11 23:00 - Updated: 2025-08-31 22:00Summary
Apple macOS: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Apple macOS ist ein Betriebssystem, das auf FreeBSD und Mach basiert.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Apple macOS ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder einen Man-in-the-Middle-Angriff durchzuführen.
Betroffene Betriebssysteme: - MacOS X
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <14.7.2
Apple / macOS
|
<14.7.2 | ||
|
Apple macOS <15.2
Apple / macOS
|
<15.2 | ||
|
Apple macOS <13.7.2
Apple / macOS
|
<13.7.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <14.7.2
Apple / macOS
|
<14.7.2 | ||
|
Apple macOS <15.2
Apple / macOS
|
<15.2 | ||
|
Apple macOS <13.7.2
Apple / macOS
|
<13.7.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <14.7.2
Apple / macOS
|
<14.7.2 | ||
|
Apple macOS <15.2
Apple / macOS
|
<15.2 | ||
|
Apple macOS <13.7.2
Apple / macOS
|
<13.7.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <14.7.2
Apple / macOS
|
<14.7.2 | ||
|
Apple macOS <15.2
Apple / macOS
|
<15.2 | ||
|
Apple macOS <13.7.2
Apple / macOS
|
<13.7.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <14.7.2
Apple / macOS
|
<14.7.2 | ||
|
Apple macOS <15.2
Apple / macOS
|
<15.2 | ||
|
Apple macOS <13.7.2
Apple / macOS
|
<13.7.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <14.7.2
Apple / macOS
|
<14.7.2 | ||
|
Apple macOS <15.2
Apple / macOS
|
<15.2 | ||
|
Apple macOS <13.7.2
Apple / macOS
|
<13.7.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <14.7.2
Apple / macOS
|
<14.7.2 | ||
|
Apple macOS <15.2
Apple / macOS
|
<15.2 | ||
|
Apple macOS <13.7.2
Apple / macOS
|
<13.7.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <14.7.2
Apple / macOS
|
<14.7.2 | ||
|
Apple macOS <15.2
Apple / macOS
|
<15.2 | ||
|
Apple macOS <13.7.2
Apple / macOS
|
<13.7.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <14.7.2
Apple / macOS
|
<14.7.2 | ||
|
Apple macOS <15.2
Apple / macOS
|
<15.2 | ||
|
Apple macOS <13.7.2
Apple / macOS
|
<13.7.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <14.7.2
Apple / macOS
|
<14.7.2 | ||
|
Apple macOS <15.2
Apple / macOS
|
<15.2 | ||
|
Apple macOS <13.7.2
Apple / macOS
|
<13.7.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <14.7.2
Apple / macOS
|
<14.7.2 | ||
|
Apple macOS <15.2
Apple / macOS
|
<15.2 | ||
|
Apple macOS <13.7.2
Apple / macOS
|
<13.7.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <14.7.2
Apple / macOS
|
<14.7.2 | ||
|
Apple macOS <15.2
Apple / macOS
|
<15.2 | ||
|
Apple macOS <13.7.2
Apple / macOS
|
<13.7.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <14.7.2
Apple / macOS
|
<14.7.2 | ||
|
Apple macOS <15.2
Apple / macOS
|
<15.2 | ||
|
Apple macOS <13.7.2
Apple / macOS
|
<13.7.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <14.7.2
Apple / macOS
|
<14.7.2 | ||
|
Apple macOS <15.2
Apple / macOS
|
<15.2 | ||
|
Apple macOS <13.7.2
Apple / macOS
|
<13.7.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <14.7.2
Apple / macOS
|
<14.7.2 | ||
|
Apple macOS <15.2
Apple / macOS
|
<15.2 | ||
|
Apple macOS <13.7.2
Apple / macOS
|
<13.7.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <14.7.2
Apple / macOS
|
<14.7.2 | ||
|
Apple macOS <15.2
Apple / macOS
|
<15.2 | ||
|
Apple macOS <13.7.2
Apple / macOS
|
<13.7.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <14.7.2
Apple / macOS
|
<14.7.2 | ||
|
Apple macOS <15.2
Apple / macOS
|
<15.2 | ||
|
Apple macOS <13.7.2
Apple / macOS
|
<13.7.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <14.7.2
Apple / macOS
|
<14.7.2 | ||
|
Apple macOS <15.2
Apple / macOS
|
<15.2 | ||
|
Apple macOS <13.7.2
Apple / macOS
|
<13.7.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <14.7.2
Apple / macOS
|
<14.7.2 | ||
|
Apple macOS <15.2
Apple / macOS
|
<15.2 | ||
|
Apple macOS <13.7.2
Apple / macOS
|
<13.7.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <14.7.2
Apple / macOS
|
<14.7.2 | ||
|
Apple macOS <15.2
Apple / macOS
|
<15.2 | ||
|
Apple macOS <13.7.2
Apple / macOS
|
<13.7.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <14.7.2
Apple / macOS
|
<14.7.2 | ||
|
Apple macOS <15.2
Apple / macOS
|
<15.2 | ||
|
Apple macOS <13.7.2
Apple / macOS
|
<13.7.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <14.7.2
Apple / macOS
|
<14.7.2 | ||
|
Apple macOS <15.2
Apple / macOS
|
<15.2 | ||
|
Apple macOS <13.7.2
Apple / macOS
|
<13.7.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <14.7.2
Apple / macOS
|
<14.7.2 | ||
|
Apple macOS <15.2
Apple / macOS
|
<15.2 | ||
|
Apple macOS <13.7.2
Apple / macOS
|
<13.7.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <14.7.2
Apple / macOS
|
<14.7.2 | ||
|
Apple macOS <15.2
Apple / macOS
|
<15.2 | ||
|
Apple macOS <13.7.2
Apple / macOS
|
<13.7.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <14.7.2
Apple / macOS
|
<14.7.2 | ||
|
Apple macOS <15.2
Apple / macOS
|
<15.2 | ||
|
Apple macOS <13.7.2
Apple / macOS
|
<13.7.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <14.7.2
Apple / macOS
|
<14.7.2 | ||
|
Apple macOS <15.2
Apple / macOS
|
<15.2 | ||
|
Apple macOS <13.7.2
Apple / macOS
|
<13.7.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <14.7.2
Apple / macOS
|
<14.7.2 | ||
|
Apple macOS <15.2
Apple / macOS
|
<15.2 | ||
|
Apple macOS <13.7.2
Apple / macOS
|
<13.7.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <14.7.2
Apple / macOS
|
<14.7.2 | ||
|
Apple macOS <15.2
Apple / macOS
|
<15.2 | ||
|
Apple macOS <13.7.2
Apple / macOS
|
<13.7.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <14.7.2
Apple / macOS
|
<14.7.2 | ||
|
Apple macOS <15.2
Apple / macOS
|
<15.2 | ||
|
Apple macOS <13.7.2
Apple / macOS
|
<13.7.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <14.7.2
Apple / macOS
|
<14.7.2 | ||
|
Apple macOS <15.2
Apple / macOS
|
<15.2 | ||
|
Apple macOS <13.7.2
Apple / macOS
|
<13.7.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <14.7.2
Apple / macOS
|
<14.7.2 | ||
|
Apple macOS <15.2
Apple / macOS
|
<15.2 | ||
|
Apple macOS <13.7.2
Apple / macOS
|
<13.7.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <14.7.2
Apple / macOS
|
<14.7.2 | ||
|
Apple macOS <15.2
Apple / macOS
|
<15.2 | ||
|
Apple macOS <13.7.2
Apple / macOS
|
<13.7.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <14.7.2
Apple / macOS
|
<14.7.2 | ||
|
Apple macOS <15.2
Apple / macOS
|
<15.2 | ||
|
Apple macOS <13.7.2
Apple / macOS
|
<13.7.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <14.7.2
Apple / macOS
|
<14.7.2 | ||
|
Apple macOS <15.2
Apple / macOS
|
<15.2 | ||
|
Apple macOS <13.7.2
Apple / macOS
|
<13.7.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <14.7.2
Apple / macOS
|
<14.7.2 | ||
|
Apple macOS <15.2
Apple / macOS
|
<15.2 | ||
|
Apple macOS <13.7.2
Apple / macOS
|
<13.7.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <14.7.2
Apple / macOS
|
<14.7.2 | ||
|
Apple macOS <15.2
Apple / macOS
|
<15.2 | ||
|
Apple macOS <13.7.2
Apple / macOS
|
<13.7.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <14.7.2
Apple / macOS
|
<14.7.2 | ||
|
Apple macOS <15.2
Apple / macOS
|
<15.2 | ||
|
Apple macOS <13.7.2
Apple / macOS
|
<13.7.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <14.7.2
Apple / macOS
|
<14.7.2 | ||
|
Apple macOS <15.2
Apple / macOS
|
<15.2 | ||
|
Apple macOS <13.7.2
Apple / macOS
|
<13.7.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <14.7.2
Apple / macOS
|
<14.7.2 | ||
|
Apple macOS <15.2
Apple / macOS
|
<15.2 | ||
|
Apple macOS <13.7.2
Apple / macOS
|
<13.7.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <14.7.2
Apple / macOS
|
<14.7.2 | ||
|
Apple macOS <15.2
Apple / macOS
|
<15.2 | ||
|
Apple macOS <13.7.2
Apple / macOS
|
<13.7.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <14.7.2
Apple / macOS
|
<14.7.2 | ||
|
Apple macOS <15.2
Apple / macOS
|
<15.2 | ||
|
Apple macOS <13.7.2
Apple / macOS
|
<13.7.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <14.7.2
Apple / macOS
|
<14.7.2 | ||
|
Apple macOS <15.2
Apple / macOS
|
<15.2 | ||
|
Apple macOS <13.7.2
Apple / macOS
|
<13.7.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <14.7.2
Apple / macOS
|
<14.7.2 | ||
|
Apple macOS <15.2
Apple / macOS
|
<15.2 | ||
|
Apple macOS <13.7.2
Apple / macOS
|
<13.7.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <14.7.2
Apple / macOS
|
<14.7.2 | ||
|
Apple macOS <15.2
Apple / macOS
|
<15.2 | ||
|
Apple macOS <13.7.2
Apple / macOS
|
<13.7.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <14.7.2
Apple / macOS
|
<14.7.2 | ||
|
Apple macOS <15.2
Apple / macOS
|
<15.2 | ||
|
Apple macOS <13.7.2
Apple / macOS
|
<13.7.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <14.7.2
Apple / macOS
|
<14.7.2 | ||
|
Apple macOS <15.2
Apple / macOS
|
<15.2 | ||
|
Apple macOS <13.7.2
Apple / macOS
|
<13.7.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <14.7.2
Apple / macOS
|
<14.7.2 | ||
|
Apple macOS <15.2
Apple / macOS
|
<15.2 | ||
|
Apple macOS <13.7.2
Apple / macOS
|
<13.7.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <14.7.2
Apple / macOS
|
<14.7.2 | ||
|
Apple macOS <15.2
Apple / macOS
|
<15.2 | ||
|
Apple macOS <13.7.2
Apple / macOS
|
<13.7.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <14.7.2
Apple / macOS
|
<14.7.2 | ||
|
Apple macOS <15.2
Apple / macOS
|
<15.2 | ||
|
Apple macOS <13.7.2
Apple / macOS
|
<13.7.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <14.7.2
Apple / macOS
|
<14.7.2 | ||
|
Apple macOS <15.2
Apple / macOS
|
<15.2 | ||
|
Apple macOS <13.7.2
Apple / macOS
|
<13.7.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <14.7.2
Apple / macOS
|
<14.7.2 | ||
|
Apple macOS <15.2
Apple / macOS
|
<15.2 | ||
|
Apple macOS <13.7.2
Apple / macOS
|
<13.7.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <14.7.2
Apple / macOS
|
<14.7.2 | ||
|
Apple macOS <15.2
Apple / macOS
|
<15.2 | ||
|
Apple macOS <13.7.2
Apple / macOS
|
<13.7.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <14.7.2
Apple / macOS
|
<14.7.2 | ||
|
Apple macOS <15.2
Apple / macOS
|
<15.2 | ||
|
Apple macOS <13.7.2
Apple / macOS
|
<13.7.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <14.7.2
Apple / macOS
|
<14.7.2 | ||
|
Apple macOS <15.2
Apple / macOS
|
<15.2 | ||
|
Apple macOS <13.7.2
Apple / macOS
|
<13.7.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <14.7.2
Apple / macOS
|
<14.7.2 | ||
|
Apple macOS <15.2
Apple / macOS
|
<15.2 | ||
|
Apple macOS <13.7.2
Apple / macOS
|
<13.7.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <14.7.2
Apple / macOS
|
<14.7.2 | ||
|
Apple macOS <15.2
Apple / macOS
|
<15.2 | ||
|
Apple macOS <13.7.2
Apple / macOS
|
<13.7.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <14.7.2
Apple / macOS
|
<14.7.2 | ||
|
Apple macOS <15.2
Apple / macOS
|
<15.2 | ||
|
Apple macOS <13.7.2
Apple / macOS
|
<13.7.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <14.7.2
Apple / macOS
|
<14.7.2 | ||
|
Apple macOS <15.2
Apple / macOS
|
<15.2 | ||
|
Apple macOS <13.7.2
Apple / macOS
|
<13.7.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <14.7.2
Apple / macOS
|
<14.7.2 | ||
|
Apple macOS <15.2
Apple / macOS
|
<15.2 | ||
|
Apple macOS <13.7.2
Apple / macOS
|
<13.7.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <14.7.2
Apple / macOS
|
<14.7.2 | ||
|
Apple macOS <15.2
Apple / macOS
|
<15.2 | ||
|
Apple macOS <13.7.2
Apple / macOS
|
<13.7.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <14.7.2
Apple / macOS
|
<14.7.2 | ||
|
Apple macOS <15.2
Apple / macOS
|
<15.2 | ||
|
Apple macOS <13.7.2
Apple / macOS
|
<13.7.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <14.7.2
Apple / macOS
|
<14.7.2 | ||
|
Apple macOS <15.2
Apple / macOS
|
<15.2 | ||
|
Apple macOS <13.7.2
Apple / macOS
|
<13.7.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <14.7.2
Apple / macOS
|
<14.7.2 | ||
|
Apple macOS <15.2
Apple / macOS
|
<15.2 | ||
|
Apple macOS <13.7.2
Apple / macOS
|
<13.7.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <14.7.2
Apple / macOS
|
<14.7.2 | ||
|
Apple macOS <15.2
Apple / macOS
|
<15.2 | ||
|
Apple macOS <13.7.2
Apple / macOS
|
<13.7.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <14.7.2
Apple / macOS
|
<14.7.2 | ||
|
Apple macOS <15.2
Apple / macOS
|
<15.2 | ||
|
Apple macOS <13.7.2
Apple / macOS
|
<13.7.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <14.7.2
Apple / macOS
|
<14.7.2 | ||
|
Apple macOS <15.2
Apple / macOS
|
<15.2 | ||
|
Apple macOS <13.7.2
Apple / macOS
|
<13.7.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <14.7.2
Apple / macOS
|
<14.7.2 | ||
|
Apple macOS <15.2
Apple / macOS
|
<15.2 | ||
|
Apple macOS <13.7.2
Apple / macOS
|
<13.7.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <14.7.2
Apple / macOS
|
<14.7.2 | ||
|
Apple macOS <15.2
Apple / macOS
|
<15.2 | ||
|
Apple macOS <13.7.2
Apple / macOS
|
<13.7.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <14.7.2
Apple / macOS
|
<14.7.2 | ||
|
Apple macOS <15.2
Apple / macOS
|
<15.2 | ||
|
Apple macOS <13.7.2
Apple / macOS
|
<13.7.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <14.7.2
Apple / macOS
|
<14.7.2 | ||
|
Apple macOS <15.2
Apple / macOS
|
<15.2 | ||
|
Apple macOS <13.7.2
Apple / macOS
|
<13.7.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <14.7.2
Apple / macOS
|
<14.7.2 | ||
|
Apple macOS <15.2
Apple / macOS
|
<15.2 | ||
|
Apple macOS <13.7.2
Apple / macOS
|
<13.7.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <14.7.2
Apple / macOS
|
<14.7.2 | ||
|
Apple macOS <15.2
Apple / macOS
|
<15.2 | ||
|
Apple macOS <13.7.2
Apple / macOS
|
<13.7.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <14.7.2
Apple / macOS
|
<14.7.2 | ||
|
Apple macOS <15.2
Apple / macOS
|
<15.2 | ||
|
Apple macOS <13.7.2
Apple / macOS
|
<13.7.2 |
References
8 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Apple macOS ist ein Betriebssystem, das auf FreeBSD und Mach basiert.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Apple macOS ausnutzen, um seine Privilegien zu erh\u00f6hen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen, Sicherheitsma\u00dfnahmen zu umgehen oder einen Man-in-the-Middle-Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- MacOS X",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-3692 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3692.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-3692 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3692"
},
{
"category": "external",
"summary": "Apple Security Announce vom 2024-12-11",
"url": "https://lists.apple.com/archives/security-announce/2024/Dec/msg00002.html"
},
{
"category": "external",
"summary": "Apple Security Announce vom 2024-12-11",
"url": "https://lists.apple.com/archives/security-announce/2024/Dec/msg00003.html"
},
{
"category": "external",
"summary": "Apple Security Announce vom 2024-12-11",
"url": "https://lists.apple.com/archives/security-announce/2024/Dec/msg00004.html"
},
{
"category": "external",
"summary": "Mickey\u0027s Blogs vom 2025-01-08",
"url": "https://jhftss.github.io/CVE-2024-54527-MediaLibraryService-Full-TCC-Bypass/"
},
{
"category": "external",
"summary": "Cyber Security News vom 2025-01-12",
"url": "https://cybersecuritynews.com/macos-sandbox-vulnerability-cve-2024-54498-poc-exploit-released/"
},
{
"category": "external",
"summary": "PoC auf GitHub vom 2025-01-12",
"url": "https://github.com/koreacsl/SysBumps"
}
],
"source_lang": "en-US",
"title": "Apple macOS: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-08-31T22:00:00.000+00:00",
"generator": {
"date": "2025-09-01T07:26:22.133+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2024-3692",
"initial_release_date": "2024-12-11T23:00:00.000+00:00",
"revision_history": [
{
"date": "2024-12-11T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-01-08T23:00:00.000+00:00",
"number": "2",
"summary": "PoC aufgenommen"
},
{
"date": "2025-01-12T23:00:00.000+00:00",
"number": "3",
"summary": "weiterer PoC aufgenommen"
},
{
"date": "2025-02-12T23:00:00.000+00:00",
"number": "4",
"summary": "weiteren PoC aufgenommen"
},
{
"date": "2025-03-17T23:00:00.000+00:00",
"number": "5",
"summary": "CVE\u0027s erg\u00e4nzt"
},
{
"date": "2025-03-24T23:00:00.000+00:00",
"number": "6",
"summary": "CVE-Nummern erg\u00e4nzt"
},
{
"date": "2025-08-28T22:00:00.000+00:00",
"number": "7",
"summary": "CVE-2024-44271, CVE-2024-54568 aufgenommen"
},
{
"date": "2025-08-31T22:00:00.000+00:00",
"number": "8",
"summary": "Referenz(en) aufgenommen: EUVD-2024-54931"
}
],
"status": "final",
"version": "8"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c15.2",
"product": {
"name": "Apple macOS \u003c15.2",
"product_id": "T039820"
}
},
{
"category": "product_version",
"name": "15.2",
"product": {
"name": "Apple macOS 15.2",
"product_id": "T039820-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:apple:mac_os:15.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c14.7.2",
"product": {
"name": "Apple macOS \u003c14.7.2",
"product_id": "T039821"
}
},
{
"category": "product_version",
"name": "14.7.2",
"product": {
"name": "Apple macOS 14.7.2",
"product_id": "T039821-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:apple:mac_os:14.7.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c13.7.2",
"product": {
"name": "Apple macOS \u003c13.7.2",
"product_id": "T039822"
}
},
{
"category": "product_version",
"name": "13.7.2",
"product": {
"name": "Apple macOS 13.7.2",
"product_id": "T039822-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:apple:mac_os:13.7.2"
}
}
}
],
"category": "product_name",
"name": "macOS"
}
],
"category": "vendor",
"name": "Apple"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-32395",
"product_status": {
"known_affected": [
"T039821",
"T039820",
"T039822"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2023-32395"
},
{
"cve": "CVE-2024-44201",
"product_status": {
"known_affected": [
"T039821",
"T039820",
"T039822"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-44201"
},
{
"cve": "CVE-2024-44220",
"product_status": {
"known_affected": [
"T039821",
"T039820",
"T039822"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-44220"
},
{
"cve": "CVE-2024-44224",
"product_status": {
"known_affected": [
"T039821",
"T039820",
"T039822"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-44224"
},
{
"cve": "CVE-2024-44225",
"product_status": {
"known_affected": [
"T039821",
"T039820",
"T039822"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-44225"
},
{
"cve": "CVE-2024-44243",
"product_status": {
"known_affected": [
"T039821",
"T039820",
"T039822"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-44243"
},
{
"cve": "CVE-2024-44245",
"product_status": {
"known_affected": [
"T039821",
"T039820",
"T039822"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-44245"
},
{
"cve": "CVE-2024-44246",
"product_status": {
"known_affected": [
"T039821",
"T039820",
"T039822"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-44246"
},
{
"cve": "CVE-2024-44248",
"product_status": {
"known_affected": [
"T039821",
"T039820",
"T039822"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-44248"
},
{
"cve": "CVE-2024-44271",
"product_status": {
"known_affected": [
"T039821",
"T039820",
"T039822"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-44271"
},
{
"cve": "CVE-2024-44291",
"product_status": {
"known_affected": [
"T039821",
"T039820",
"T039822"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-44291"
},
{
"cve": "CVE-2024-44300",
"product_status": {
"known_affected": [
"T039821",
"T039820",
"T039822"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-44300"
},
{
"cve": "CVE-2024-45490",
"product_status": {
"known_affected": [
"T039821",
"T039820",
"T039822"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-45490"
},
{
"cve": "CVE-2024-54465",
"product_status": {
"known_affected": [
"T039821",
"T039820",
"T039822"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54465"
},
{
"cve": "CVE-2024-54466",
"product_status": {
"known_affected": [
"T039821",
"T039820",
"T039822"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54466"
},
{
"cve": "CVE-2024-54468",
"product_status": {
"known_affected": [
"T039821",
"T039820",
"T039822"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54468"
},
{
"cve": "CVE-2024-54474",
"product_status": {
"known_affected": [
"T039821",
"T039820",
"T039822"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54474"
},
{
"cve": "CVE-2024-54475",
"product_status": {
"known_affected": [
"T039821",
"T039820",
"T039822"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54475"
},
{
"cve": "CVE-2024-54476",
"product_status": {
"known_affected": [
"T039821",
"T039820",
"T039822"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54476"
},
{
"cve": "CVE-2024-54477",
"product_status": {
"known_affected": [
"T039821",
"T039820",
"T039822"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54477"
},
{
"cve": "CVE-2024-54479",
"product_status": {
"known_affected": [
"T039821",
"T039820",
"T039822"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54479"
},
{
"cve": "CVE-2024-54484",
"product_status": {
"known_affected": [
"T039821",
"T039820",
"T039822"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54484"
},
{
"cve": "CVE-2024-54486",
"product_status": {
"known_affected": [
"T039821",
"T039820",
"T039822"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54486"
},
{
"cve": "CVE-2024-54488",
"product_status": {
"known_affected": [
"T039821",
"T039820",
"T039822"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54488"
},
{
"cve": "CVE-2024-54489",
"product_status": {
"known_affected": [
"T039821",
"T039820",
"T039822"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54489"
},
{
"cve": "CVE-2024-54490",
"product_status": {
"known_affected": [
"T039821",
"T039820",
"T039822"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54490"
},
{
"cve": "CVE-2024-54491",
"product_status": {
"known_affected": [
"T039821",
"T039820",
"T039822"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54491"
},
{
"cve": "CVE-2024-54492",
"product_status": {
"known_affected": [
"T039821",
"T039820",
"T039822"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54492"
},
{
"cve": "CVE-2024-54493",
"product_status": {
"known_affected": [
"T039821",
"T039820",
"T039822"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54493"
},
{
"cve": "CVE-2024-54494",
"product_status": {
"known_affected": [
"T039821",
"T039820",
"T039822"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54494"
},
{
"cve": "CVE-2024-54495",
"product_status": {
"known_affected": [
"T039821",
"T039820",
"T039822"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54495"
},
{
"cve": "CVE-2024-54498",
"product_status": {
"known_affected": [
"T039821",
"T039820",
"T039822"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54498"
},
{
"cve": "CVE-2024-54499",
"product_status": {
"known_affected": [
"T039821",
"T039820",
"T039822"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54499"
},
{
"cve": "CVE-2024-54500",
"product_status": {
"known_affected": [
"T039821",
"T039820",
"T039822"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54500"
},
{
"cve": "CVE-2024-54501",
"product_status": {
"known_affected": [
"T039821",
"T039820",
"T039822"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54501"
},
{
"cve": "CVE-2024-54502",
"product_status": {
"known_affected": [
"T039821",
"T039820",
"T039822"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54502"
},
{
"cve": "CVE-2024-54504",
"product_status": {
"known_affected": [
"T039821",
"T039820",
"T039822"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54504"
},
{
"cve": "CVE-2024-54505",
"product_status": {
"known_affected": [
"T039821",
"T039820",
"T039822"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54505"
},
{
"cve": "CVE-2024-54506",
"product_status": {
"known_affected": [
"T039821",
"T039820",
"T039822"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54506"
},
{
"cve": "CVE-2024-54507",
"product_status": {
"known_affected": [
"T039821",
"T039820",
"T039822"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54507"
},
{
"cve": "CVE-2024-54508",
"product_status": {
"known_affected": [
"T039821",
"T039820",
"T039822"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54508"
},
{
"cve": "CVE-2024-54510",
"product_status": {
"known_affected": [
"T039821",
"T039820",
"T039822"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54510"
},
{
"cve": "CVE-2024-54513",
"product_status": {
"known_affected": [
"T039821",
"T039820",
"T039822"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54513"
},
{
"cve": "CVE-2024-54514",
"product_status": {
"known_affected": [
"T039821",
"T039820",
"T039822"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54514"
},
{
"cve": "CVE-2024-54515",
"product_status": {
"known_affected": [
"T039821",
"T039820",
"T039822"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54515"
},
{
"cve": "CVE-2024-54516",
"product_status": {
"known_affected": [
"T039821",
"T039820",
"T039822"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54516"
},
{
"cve": "CVE-2024-54517",
"product_status": {
"known_affected": [
"T039821",
"T039820",
"T039822"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54517"
},
{
"cve": "CVE-2024-54518",
"product_status": {
"known_affected": [
"T039821",
"T039820",
"T039822"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54518"
},
{
"cve": "CVE-2024-54519",
"product_status": {
"known_affected": [
"T039821",
"T039820",
"T039822"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54519"
},
{
"cve": "CVE-2024-54520",
"product_status": {
"known_affected": [
"T039821",
"T039820",
"T039822"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54520"
},
{
"cve": "CVE-2024-54522",
"product_status": {
"known_affected": [
"T039821",
"T039820",
"T039822"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54522"
},
{
"cve": "CVE-2024-54523",
"product_status": {
"known_affected": [
"T039821",
"T039820",
"T039822"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54523"
},
{
"cve": "CVE-2024-54524",
"product_status": {
"known_affected": [
"T039821",
"T039820",
"T039822"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54524"
},
{
"cve": "CVE-2024-54525",
"product_status": {
"known_affected": [
"T039821",
"T039820",
"T039822"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54525"
},
{
"cve": "CVE-2024-54526",
"product_status": {
"known_affected": [
"T039821",
"T039820",
"T039822"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54526"
},
{
"cve": "CVE-2024-54527",
"product_status": {
"known_affected": [
"T039821",
"T039820",
"T039822"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54527"
},
{
"cve": "CVE-2024-54528",
"product_status": {
"known_affected": [
"T039821",
"T039820",
"T039822"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54528"
},
{
"cve": "CVE-2024-54529",
"product_status": {
"known_affected": [
"T039821",
"T039820",
"T039822"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54529"
},
{
"cve": "CVE-2024-54530",
"product_status": {
"known_affected": [
"T039821",
"T039820",
"T039822"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54530"
},
{
"cve": "CVE-2024-54531",
"product_status": {
"known_affected": [
"T039821",
"T039820",
"T039822"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54531"
},
{
"cve": "CVE-2024-54534",
"product_status": {
"known_affected": [
"T039821",
"T039820",
"T039822"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54534"
},
{
"cve": "CVE-2024-54536",
"product_status": {
"known_affected": [
"T039821",
"T039820",
"T039822"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54536"
},
{
"cve": "CVE-2024-54537",
"product_status": {
"known_affected": [
"T039821",
"T039820",
"T039822"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54537"
},
{
"cve": "CVE-2024-54539",
"product_status": {
"known_affected": [
"T039821",
"T039820",
"T039822"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54539"
},
{
"cve": "CVE-2024-54541",
"product_status": {
"known_affected": [
"T039821",
"T039820",
"T039822"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54541"
},
{
"cve": "CVE-2024-54542",
"product_status": {
"known_affected": [
"T039821",
"T039820",
"T039822"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54542"
},
{
"cve": "CVE-2024-54547",
"product_status": {
"known_affected": [
"T039821",
"T039820",
"T039822"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54547"
},
{
"cve": "CVE-2024-54549",
"product_status": {
"known_affected": [
"T039821",
"T039820",
"T039822"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54549"
},
{
"cve": "CVE-2024-54550",
"product_status": {
"known_affected": [
"T039821",
"T039820",
"T039822"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54550"
},
{
"cve": "CVE-2024-54557",
"product_status": {
"known_affected": [
"T039821",
"T039820",
"T039822"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54557"
},
{
"cve": "CVE-2024-54559",
"product_status": {
"known_affected": [
"T039821",
"T039820",
"T039822"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54559"
},
{
"cve": "CVE-2024-54565",
"product_status": {
"known_affected": [
"T039821",
"T039820",
"T039822"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54565"
},
{
"cve": "CVE-2024-54568",
"product_status": {
"known_affected": [
"T039821",
"T039820",
"T039822"
]
},
"release_date": "2024-12-11T23:00:00.000+00:00",
"title": "CVE-2024-54568"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…