Security update for groovy SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2020:2367-1 Final 1 1 2020-12-31T19:21:44Z current 2020-12-31T19:21:44Z 2020-12-31T19:21:44Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for groovy This update for groovy fixes the following issues: - groovy was updated to 2.4.21 - CVE-2020-17521: Fixed an information disclosure vulnerability (bsc#1179729). This update was imported from the SUSE:SLE-15-SP2:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2020-2367 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VYXXLFFWNBEOWRTRF6VZBDCDBSGYTI4L/ E-Mail link for openSUSE-SU-2020:2367-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1179729 SUSE Bug 1179729 https://www.suse.com/security/cve/CVE-2020-17521/ SUSE CVE CVE-2020-17521 page openSUSE Leap 15.2 groovy-2.4.21-lp152.2.3.2 groovy-ant-2.4.21-lp152.2.3.2 groovy-bsf-2.4.21-lp152.2.3.2 groovy-console-2.4.21-lp152.2.3.2 groovy-docgenerator-2.4.21-lp152.2.3.2 groovy-groovydoc-2.4.21-lp152.2.3.2 groovy-groovysh-2.4.21-lp152.2.3.2 groovy-jmx-2.4.21-lp152.2.3.2 groovy-json-2.4.21-lp152.2.3.2 groovy-jsr223-2.4.21-lp152.2.3.2 groovy-lib-2.4.21-lp152.2.3.2 groovy-nio-2.4.21-lp152.2.3.2 groovy-servlet-2.4.21-lp152.2.3.2 groovy-sql-2.4.21-lp152.2.3.2 groovy-swing-2.4.21-lp152.2.3.2 groovy-templates-2.4.21-lp152.2.3.2 groovy-test-2.4.21-lp152.2.3.2 groovy-testng-2.4.21-lp152.2.3.2 groovy-xml-2.4.21-lp152.2.3.2 groovy-2.4.21-lp152.2.3.2 as a component of openSUSE Leap 15.2 groovy-ant-2.4.21-lp152.2.3.2 as a component of openSUSE Leap 15.2 groovy-bsf-2.4.21-lp152.2.3.2 as a component of openSUSE Leap 15.2 groovy-console-2.4.21-lp152.2.3.2 as a component of openSUSE Leap 15.2 groovy-docgenerator-2.4.21-lp152.2.3.2 as a component of openSUSE Leap 15.2 groovy-groovydoc-2.4.21-lp152.2.3.2 as a component of openSUSE Leap 15.2 groovy-groovysh-2.4.21-lp152.2.3.2 as a component of openSUSE Leap 15.2 groovy-jmx-2.4.21-lp152.2.3.2 as a component of openSUSE Leap 15.2 groovy-json-2.4.21-lp152.2.3.2 as a component of openSUSE Leap 15.2 groovy-jsr223-2.4.21-lp152.2.3.2 as a component of openSUSE Leap 15.2 groovy-lib-2.4.21-lp152.2.3.2 as a component of openSUSE Leap 15.2 groovy-nio-2.4.21-lp152.2.3.2 as a component of openSUSE Leap 15.2 groovy-servlet-2.4.21-lp152.2.3.2 as a component of openSUSE Leap 15.2 groovy-sql-2.4.21-lp152.2.3.2 as a component of openSUSE Leap 15.2 groovy-swing-2.4.21-lp152.2.3.2 as a component of openSUSE Leap 15.2 groovy-templates-2.4.21-lp152.2.3.2 as a component of openSUSE Leap 15.2 groovy-test-2.4.21-lp152.2.3.2 as a component of openSUSE Leap 15.2 groovy-testng-2.4.21-lp152.2.3.2 as a component of openSUSE Leap 15.2 groovy-xml-2.4.21-lp152.2.3.2 as a component of openSUSE Leap 15.2 Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operating systems in some contexts. Users not using the extension methods mentioned in the advisory are not affected, but may wish to read the advisory for further details. Versions Affected: 2.0 to 2.4.20, 2.5.0 to 2.5.13, 3.0.0 to 3.0.6, and 4.0.0-alpha-1. Fixed in versions 2.4.21, 2.5.14, 3.0.7, 4.0.0-alpha-2. CVE-2020-17521 openSUSE Leap 15.2:groovy-2.4.21-lp152.2.3.2 openSUSE Leap 15.2:groovy-ant-2.4.21-lp152.2.3.2 openSUSE Leap 15.2:groovy-bsf-2.4.21-lp152.2.3.2 openSUSE Leap 15.2:groovy-console-2.4.21-lp152.2.3.2 openSUSE Leap 15.2:groovy-docgenerator-2.4.21-lp152.2.3.2 openSUSE Leap 15.2:groovy-groovydoc-2.4.21-lp152.2.3.2 openSUSE Leap 15.2:groovy-groovysh-2.4.21-lp152.2.3.2 openSUSE Leap 15.2:groovy-jmx-2.4.21-lp152.2.3.2 openSUSE Leap 15.2:groovy-json-2.4.21-lp152.2.3.2 openSUSE Leap 15.2:groovy-jsr223-2.4.21-lp152.2.3.2 openSUSE Leap 15.2:groovy-lib-2.4.21-lp152.2.3.2 openSUSE Leap 15.2:groovy-nio-2.4.21-lp152.2.3.2 openSUSE Leap 15.2:groovy-servlet-2.4.21-lp152.2.3.2 openSUSE Leap 15.2:groovy-sql-2.4.21-lp152.2.3.2 openSUSE Leap 15.2:groovy-swing-2.4.21-lp152.2.3.2 openSUSE Leap 15.2:groovy-templates-2.4.21-lp152.2.3.2 openSUSE Leap 15.2:groovy-test-2.4.21-lp152.2.3.2 openSUSE Leap 15.2:groovy-testng-2.4.21-lp152.2.3.2 openSUSE Leap 15.2:groovy-xml-2.4.21-lp152.2.3.2 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VYXXLFFWNBEOWRTRF6VZBDCDBSGYTI4L/ https://www.suse.com/security/cve/CVE-2020-17521.html CVE-2020-17521 https://bugzilla.suse.com/1179729 SUSE Bug 1179729