openSUSE-SU-2022:0038-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2022:0038-1.json
JSON Data
https://api.osv.dev/v1/vulns/openSUSE-SU-2022:0038-1
Related
Published
2022-02-16T14:29:17Z
Modified
2022-02-16T14:29:17Z
Summary
Security update for kafka
Details

This update for kafka, kafka-kit fixes following issues:

  • Remove JDBCAppender, JMSSink, chainsaw from log4j jars during build to prevent bsc#1194842, CVE-2022-23302, bsc#1194843, CVE-2022-23305, bsc#1194844, CVE-2022-23307

  • Rebuild with kafka-kit change to Remove JMSAppender from log4j jars during build to prevent bsc#1193662, CVE-2021-4104

References

Affected packages

SUSE:Package Hub 15 SP3 / kafka

Package

Name
kafka
Purl
pkg:rpm/suse/kafka&distro=SUSE%20Package%20Hub%2015%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.0-bp153.2.6.1

Ecosystem specific

{
    "binaries": [
        {
            "kafka-source": "2.1.0-bp153.2.6.1",
            "kafka-kit": "2.1.0-bp153.2.6.1"
        }
    ]
}

SUSE:Package Hub 15 SP3 / kafka-kit

Package

Name
kafka-kit
Purl
pkg:rpm/suse/kafka-kit&distro=SUSE%20Package%20Hub%2015%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.0-bp153.2.6.1

Ecosystem specific

{
    "binaries": [
        {
            "kafka-source": "2.1.0-bp153.2.6.1",
            "kafka-kit": "2.1.0-bp153.2.6.1"
        }
    ]
}

openSUSE:Leap 15.3 / kafka

Package

Name
kafka
Purl
pkg:rpm/opensuse/kafka&distro=openSUSE%20Leap%2015.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.0-bp153.2.6.1

Ecosystem specific

{
    "binaries": [
        {
            "kafka-source": "2.1.0-bp153.2.6.1",
            "kafka-kit": "2.1.0-bp153.2.6.1"
        }
    ]
}

openSUSE:Leap 15.3 / kafka-kit

Package

Name
kafka-kit
Purl
pkg:rpm/opensuse/kafka-kit&distro=openSUSE%20Leap%2015.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.0-bp153.2.6.1

Ecosystem specific

{
    "binaries": [
        {
            "kafka-source": "2.1.0-bp153.2.6.1",
            "kafka-kit": "2.1.0-bp153.2.6.1"
        }
    ]
}