SUSE-SU-2023:4367-1

See a problem?
Please try reporting it to the source first.
Source
https://www.suse.com/support/update/announcement/2023/suse-su-20234367-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4367-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2023:4367-1
Upstream
Related
Published
2023-11-05T16:28:40Z
Modified
2025-05-02T04:33:52.755021Z
Summary
Security update for apache-ivy
Details

This update for apache-ivy fixes the following issues:

  • Upgrade to version 2.5.2 (bsc#1214422)
  • CVE-2022-46751: Fixed an XML External Entity Injections that could be exploited to exfiltrate data, access resources only the machine running Ivy has access to or disturb the execution of Ivy in different ways. (bsc#1214422)
References

Affected packages

openSUSE:Leap 15.4
apache-ivy

Package

Name
apache-ivy
Purl
pkg:rpm/opensuse/apache-ivy&distro=openSUSE%20Leap%2015.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.5.2-150200.3.9.1

Ecosystem specific 

{
    "binaries": [
        {
            "apache-ivy-javadoc": "2.5.2-150200.3.9.1",
            "apache-ivy": "2.5.2-150200.3.9.1"
        }
    ]
}

Database specific

source 
"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4367-1.json"
openSUSE:Leap 15.5
apache-ivy

Package

Name
apache-ivy
Purl
pkg:rpm/opensuse/apache-ivy&distro=openSUSE%20Leap%2015.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.5.2-150200.3.9.1

Ecosystem specific 

{
    "binaries": [
        {
            "apache-ivy-javadoc": "2.5.2-150200.3.9.1",
            "apache-ivy": "2.5.2-150200.3.9.1"
        }
    ]
}

Database specific

source 
"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4367-1.json"
SUSE:Enterprise Storage 7.1
apache-ivy

Package

Name
apache-ivy
Purl
pkg:rpm/suse/apache-ivy&distro=SUSE%20Enterprise%20Storage%207.1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.5.2-150200.3.9.1

Ecosystem specific 

{
    "binaries": [
        {
            "apache-ivy": "2.5.2-150200.3.9.1"
        }
    ]
}

Database specific

source 
"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4367-1.json"
SUSE:Linux Enterprise High Performance Computing 15 SP2-LTSS
apache-ivy

Package

Name
apache-ivy
Purl
pkg:rpm/suse/apache-ivy&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.5.2-150200.3.9.1

Ecosystem specific 

{
    "binaries": [
        {
            "apache-ivy": "2.5.2-150200.3.9.1"
        }
    ]
}

Database specific

source 
"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4367-1.json"
SUSE:Linux Enterprise High Performance Computing 15 SP3-ESPOS
apache-ivy

Package

Name
apache-ivy
Purl
pkg:rpm/suse/apache-ivy&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.5.2-150200.3.9.1

Ecosystem specific 

{
    "binaries": [
        {
            "apache-ivy": "2.5.2-150200.3.9.1"
        }
    ]
}

Database specific

source 
"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4367-1.json"
SUSE:Linux Enterprise High Performance Computing 15 SP3-LTSS
apache-ivy

Package

Name
apache-ivy
Purl
pkg:rpm/suse/apache-ivy&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.5.2-150200.3.9.1

Ecosystem specific 

{
    "binaries": [
        {
            "apache-ivy": "2.5.2-150200.3.9.1"
        }
    ]
}

Database specific

source 
"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4367-1.json"
SUSE:Linux Enterprise Module for Development Tools 15 SP4
apache-ivy

Package

Name
apache-ivy
Purl
pkg:rpm/suse/apache-ivy&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.5.2-150200.3.9.1

Ecosystem specific 

{
    "binaries": [
        {
            "apache-ivy": "2.5.2-150200.3.9.1"
        }
    ]
}

Database specific

source 
"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4367-1.json"
SUSE:Linux Enterprise Module for Development Tools 15 SP5
apache-ivy

Package

Name
apache-ivy
Purl
pkg:rpm/suse/apache-ivy&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.5.2-150200.3.9.1

Ecosystem specific 

{
    "binaries": [
        {
            "apache-ivy": "2.5.2-150200.3.9.1"
        }
    ]
}

Database specific

source 
"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4367-1.json"
SUSE:Linux Enterprise Server 15 SP2-LTSS
apache-ivy

Package

Name
apache-ivy
Purl
pkg:rpm/suse/apache-ivy&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.5.2-150200.3.9.1

Ecosystem specific 

{
    "binaries": [
        {
            "apache-ivy": "2.5.2-150200.3.9.1"
        }
    ]
}

Database specific

source 
"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4367-1.json"
SUSE:Linux Enterprise Server 15 SP3-LTSS
apache-ivy

Package

Name
apache-ivy
Purl
pkg:rpm/suse/apache-ivy&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.5.2-150200.3.9.1

Ecosystem specific 

{
    "binaries": [
        {
            "apache-ivy": "2.5.2-150200.3.9.1"
        }
    ]
}

Database specific

source 
"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4367-1.json"
SUSE:Linux Enterprise Server for SAP Applications 15 SP2
apache-ivy

Package

Name
apache-ivy
Purl
pkg:rpm/suse/apache-ivy&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.5.2-150200.3.9.1

Ecosystem specific 

{
    "binaries": [
        {
            "apache-ivy": "2.5.2-150200.3.9.1"
        }
    ]
}

Database specific

source 
"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4367-1.json"
SUSE:Linux Enterprise Server for SAP Applications 15 SP3
apache-ivy

Package

Name
apache-ivy
Purl
pkg:rpm/suse/apache-ivy&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.5.2-150200.3.9.1

Ecosystem specific 

{
    "binaries": [
        {
            "apache-ivy": "2.5.2-150200.3.9.1"
        }
    ]
}

Database specific

source 
"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4367-1.json"