Security update for apache-commons-configuration SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2024:1377-1 Final 1 1 2024-04-22T15:02:45Z current 2024-04-22T15:02:45Z 2024-04-22T15:02:45Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for apache-commons-configuration This update for apache-commons-configuration fixes the following issues: - CVE-2024-29131: Fixed StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator() (bsc#1221797). - CVE-2024-29133: Fixed StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree (bsc#1221793). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Container containers/apache-pulsar:3.3-2024-1377,SUSE-2024-1377,SUSE-SLE-Module-Development-Tools-15-SP5-2024-1377,openSUSE-SLE-15.5-2024-1377 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2024/suse-su-20241377-1/ Link for SUSE-SU-2024:1377-1 https://lists.suse.com/pipermail/sle-updates/2024-April/035050.html E-Mail link for SUSE-SU-2024:1377-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1221793 SUSE Bug 1221793 https://bugzilla.suse.com/1221797 SUSE Bug 1221797 https://www.suse.com/security/cve/CVE-2024-29131/ SUSE CVE CVE-2024-29131 page https://www.suse.com/security/cve/CVE-2024-29133/ SUSE CVE CVE-2024-29133 page Container containers/apache-pulsar:3.3 SUSE Linux Enterprise Module for Development Tools 15 SP5 openSUSE Leap 15.5 apache-commons-configuration-1.10-150200.3.11.1 apache-commons-configuration-javadoc-1.10-150200.3.11.1 apache-commons-configuration-1.10-150200.3.11.1 as a component of Container containers/apache-pulsar:3.3 apache-commons-configuration-1.10-150200.3.11.1 as a component of SUSE Linux Enterprise Module for Development Tools 15 SP5 apache-commons-configuration-1.10-150200.3.11.1 as a component of openSUSE Leap 15.5 apache-commons-configuration-javadoc-1.10-150200.3.11.1 as a component of openSUSE Leap 15.5 Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1, which fixes the issue. CVE-2024-29131 Container containers/apache-pulsar:3.3:apache-commons-configuration-1.10-150200.3.11.1 SUSE Linux Enterprise Module for Development Tools 15 SP5:apache-commons-configuration-1.10-150200.3.11.1 openSUSE Leap 15.5:apache-commons-configuration-1.10-150200.3.11.1 openSUSE Leap 15.5:apache-commons-configuration-javadoc-1.10-150200.3.11.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20241377-1/ https://www.suse.com/security/cve/CVE-2024-29131.html CVE-2024-29131 https://bugzilla.suse.com/1221797 SUSE Bug 1221797 Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1, which fixes the issue. CVE-2024-29133 Container containers/apache-pulsar:3.3:apache-commons-configuration-1.10-150200.3.11.1 SUSE Linux Enterprise Module for Development Tools 15 SP5:apache-commons-configuration-1.10-150200.3.11.1 openSUSE Leap 15.5:apache-commons-configuration-1.10-150200.3.11.1 openSUSE Leap 15.5:apache-commons-configuration-javadoc-1.10-150200.3.11.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20241377-1/ https://www.suse.com/security/cve/CVE-2024-29133.html CVE-2024-29133 https://bugzilla.suse.com/1221793 SUSE Bug 1221793