Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-11761 (GCVE-0-2018-11761)
Vulnerability from cvelistv5
Published
2018-09-19 14:00
Modified
2024-09-16 18:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Denial of Service via XML Entity Expansion
Summary
In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Tika |
Version: 0.1 to 1.18 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:17:09.097Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105514",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105514"
},
{
"name": "[tika-dev] 20180919 [CVE-2018-11761] Apache Tika DoS XML Entity Expansion Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/5553e10bba5604117967466618f219c0cae710075819c70cfb3fb421%40%3Cdev.tika.apache.org%3E"
},
{
"name": "[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Tika",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "0.1 to 1.18"
}
]
}
],
"datePublic": "2018-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service via XML Entity Expansion",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-12T19:07:08",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "105514",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105514"
},
{
"name": "[tika-dev] 20180919 [CVE-2018-11761] Apache Tika DoS XML Entity Expansion Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/5553e10bba5604117967466618f219c0cae710075819c70cfb3fb421%40%3Cdev.tika.apache.org%3E"
},
{
"name": "[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2018-09-19T00:00:00",
"ID": "CVE-2018-11761",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Tika",
"version": {
"version_data": [
{
"version_value": "0.1 to 1.18"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service via XML Entity Expansion"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105514",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105514"
},
{
"name": "[tika-dev] 20180919 [CVE-2018-11761] Apache Tika DoS XML Entity Expansion Vulnerability",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/5553e10bba5604117967466618f219c0cae710075819c70cfb3fb421@%3Cdev.tika.apache.org%3E"
},
{
"name": "[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2018-11761",
"datePublished": "2018-09-19T14:00:00Z",
"dateReserved": "2018-06-05T00:00:00",
"dateUpdated": "2024-09-16T18:39:59.951Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2018-11761\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2018-09-19T14:29:00.287\",\"lastModified\":\"2024-11-21T03:43:58.560\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack.\"},{\"lang\":\"es\",\"value\":\"En Apache Tika desde la versi\u00f3n 0.1 hasta la 1.18, los analizadores XML no estaban configurados para limitar la expansi\u00f3n de las entidades. Por lo tanto, eran vulnerables a una expansi\u00f3n de entidades, lo que podr\u00eda conducir a un ataque de denegaci\u00f3n de servicio (DoS).\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-611\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tika:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"0.1\",\"versionEndIncluding\":\"1.18\",\"matchCriteriaId\":\"E4CDD0DD-833B-43B3-8701-2C3CF76F7515\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B887E174-57AB-449D-AEE4-82DD1A3E5C84\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E869C417-C0E6-4FC3-B406-45598A1D1906\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/105514\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://lists.apache.org/thread.html/5553e10bba5604117967466618f219c0cae710075819c70cfb3fb421%40%3Cdev.tika.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/105514\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://lists.apache.org/thread.html/5553e10bba5604117967466618f219c0cae710075819c70cfb3fb421%40%3Cdev.tika.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}"
}
}
fkie_cve-2018-11761
Vulnerability from fkie_nvd
Published
2018-09-19 14:29
Modified
2024-11-21 03:43
Severity ?
Summary
In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@apache.org | http://www.securityfocus.com/bid/105514 | Third Party Advisory, VDB Entry | |
| security@apache.org | https://lists.apache.org/thread.html/5553e10bba5604117967466618f219c0cae710075819c70cfb3fb421%40%3Cdev.tika.apache.org%3E | ||
| security@apache.org | https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E | ||
| security@apache.org | https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105514 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/5553e10bba5604117967466618f219c0cae710075819c70cfb3fb421%40%3Cdev.tika.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | tika | * | |
| oracle | business_process_management_suite | 12.1.3.0.0 | |
| oracle | business_process_management_suite | 12.2.1.3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:tika:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4CDD0DD-833B-43B3-8701-2C3CF76F7515",
"versionEndIncluding": "1.18",
"versionStartIncluding": "0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B887E174-57AB-449D-AEE4-82DD1A3E5C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E869C417-C0E6-4FC3-B406-45598A1D1906",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack."
},
{
"lang": "es",
"value": "En Apache Tika desde la versi\u00f3n 0.1 hasta la 1.18, los analizadores XML no estaban configurados para limitar la expansi\u00f3n de las entidades. Por lo tanto, eran vulnerables a una expansi\u00f3n de entidades, lo que podr\u00eda conducir a un ataque de denegaci\u00f3n de servicio (DoS)."
}
],
"id": "CVE-2018-11761",
"lastModified": "2024-11-21T03:43:58.560",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-19T14:29:00.287",
"references": [
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105514"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/5553e10bba5604117967466618f219c0cae710075819c70cfb3fb421%40%3Cdev.tika.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105514"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/5553e10bba5604117967466618f219c0cae710075819c70cfb3fb421%40%3Cdev.tika.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
suse-ru-2018:4018-1
Vulnerability from csaf_suse
Published
2018-12-07 12:25
Modified
2018-12-07 12:25
Summary
Security update for SUSE Manager Server 3.2
Notes
Title of the patch
Security update for SUSE Manager Server 3.2
Description of the patch
This update fixes the following issues:
apache-mybatis:
- Install missing LICENSE.txt file (bsc#1114814)
cobbler:
- Fix service restart after logrotate for cobblerd (bsc#1113747)
- Rotate cobbler logs at higher frequency to prevent disk fillup
(bsc#1113747)
hadoop:
- Install missing LICENSE.txt file (bsc#1114814)
image-sync-formula:
- Handle empty images pillar (bsc#1105359)
lucene:
- Install missing LICENSE.txt file (bsc#1114814)
nekohtml:
- Install missing LICENSE.txt file (bsc#1114814)
nutch-core:
- Install missing LICENSE.txt file (bsc#1114814)
- Add conditional requirement for java 1.8
- Use java >= 1.8 - required by tika 0.19.1
to /var/log/nutch (bsc#1107869)
- Add new tarball file for v1.0.1
- Bump up version to 1.0.1 and fix paths
- Adjustments after upgrade of tika-core to v1.19
picocontainer:
- Install missing LICENSE.txt file (bsc#1114814)
python-susemanager-retail:
- Improve error reporting on duplicate systems
- Output partition size as int (bsc#1116517)
- Start partition numbers from 1
- Warn on long group names
- Improved logging support
- Add retail_yaml --only-new option
- Print import summary (bsc#1112754)
- Add retail_migration tool
- Check for duplicate addresses in yaml (bsc#1111497)
salt-netapi-client:
- Version 0.15.0
See: https://github.com/SUSE/salt-netapi-client/releases/tag/v0.15.0
saltboot-formula:
- Send pxe_update by external command to make sure it is finished
(bsc#1111387)
- Better error message on missing partitioning pillar (bsc#1110625)
spacecmd:
- Show group id on group_details (bsc#1111542)
- State channels handling: Existing commands configchannel_create and configchannel_import were updated
while system_scheduleapplyconfigchannels and configchannel_updateinitsls were added.
spacewalk-branding:
- Automatic cleanup of notification messages after a configurable lifetime
- ActivationKey base and child channel in a reactjs component
- New messages are added for XMLRPC API for state channels
spacewalk-config:
- Add permissions for tomcat & apache to check bootstrap ssh file (bsc#1114181)
spacewalk-java:
- Improve return value and errors thrown for system.createEmptyProfile XMLRPC endpoint
- Fix scheduling jobs to prevent forever pending events (bsc#1114991)
- Performance improvements for group listings and detail page (bsc#1111810)
- Fix wrong counts of systems currency reports when a system belongs to more than one group (bsc#1114362)
- Add check if ssh-file permissions are correct (bsc#1114181)
- Increase maximum number of threads and open files for taskomatic (bsc#1111966)
- When removing cobbler system record, lookup by mac address as well if lookup by id fails(bsc#1110361)
- Allow listing empty system profiles via XMLRPC
- Automatic cleanup of notification messages after a configurable lifetime
- Different methods have been refactored in tomcat/taskomatic for better performance(bsc#1106430)
- Do not try cleanup when deleting empty system profiles (bsc#1111247)
- Better error handling when a websocket connection is aborted (bsc#1080474)
- Change Requires to allow installing with both Tomcat 8 (SLE-12SP3) and 9 (SLE12-SP4)
- ActivationKey base and child channel in a reactjs component
- Fix typo in messages (bsc#1111249)
- Cleanup formula data and assignment when migrating formulas or when removing system
- Remove restrictions on SUSE Manager Channel subscriptions (bsc#1105724)
- Added shortcut for editing Software Channel
- Fix permissions check on formula list api call (bsc#1106626)
- Add sp migration dry runs to the daily status report (bsc#1083094)
spacewalk-search:
- Fix nutch-core path (bsc#1112445)
spacewalk-setup:
- Increase maximum number of threads and open files for taskomatic (bsc#1111966)
spacewalk-utils:
- Fix typo at --phases option help
spacewalk-web:
- Make datetimepicker update displayed time (bsc#1041999)
- Show human-readable system cleanup error messages
- ActivationKey base and child channel in a reactjs component
- Fix typo in messages (bsc#1111249)
susemanager:
- Add new option --with-parent-channel to mgr-create-bootrap-repo
to specify parent channel to use if multiple options are available
(bsc#1104487)
susemanager-docs_en:
- Update text and image files.
- Add information about SLE12 SP4 as base OS for Server and Proxy
susemanager-frontend-libs:
- Fix package version (bsc#1115449)
susemanager-schema:
- Automatic cleanup of notification messages after a configurable lifetime
- Add missing minion-action-chain-cleanup to db init scripts
susemanager-sls:
- Deploy SSL certificate during onboarding of openSUSE Leap 15.0 (bsc#1112163)
susemanager-sync-data:
- SUSE OpenStack Cloud 9 enablement (bsc#1113557)
- Add SUSE Manager 3.1 and 3.2 to SLES12 SP4
tika-core:
- Fix improper XML parsing to prevent DoS attacks (CVE-2018-11761) (bsc#1109235)
- Install missing LICENSE.txt file (bsc#1114814)
- New upstream version (0.19.1)
Patchnames
SUSE-SUSE-Manager-Proxy-3.2-2018-2869,SUSE-SUSE-Manager-Server-3.2-2018-2869
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for SUSE Manager Server 3.2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update fixes the following issues:\n\napache-mybatis:\n\n- Install missing LICENSE.txt file (bsc#1114814)\n\ncobbler:\n\n- Fix service restart after logrotate for cobblerd (bsc#1113747)\n- Rotate cobbler logs at higher frequency to prevent disk fillup\n (bsc#1113747)\n\nhadoop:\n\n- Install missing LICENSE.txt file (bsc#1114814)\n\nimage-sync-formula:\n\n- Handle empty images pillar (bsc#1105359)\n\nlucene:\n\n- Install missing LICENSE.txt file (bsc#1114814)\n\nnekohtml:\n\n- Install missing LICENSE.txt file (bsc#1114814)\n\nnutch-core:\n\n- Install missing LICENSE.txt file (bsc#1114814)\n- Add conditional requirement for java 1.8 \n- Use java \u003e= 1.8 - required by tika 0.19.1 \n to /var/log/nutch (bsc#1107869)\n- Add new tarball file for v1.0.1\n- Bump up version to 1.0.1 and fix paths\n- Adjustments after upgrade of tika-core to v1.19 \n\npicocontainer:\n\n- Install missing LICENSE.txt file (bsc#1114814) \n\npython-susemanager-retail:\n\n- Improve error reporting on duplicate systems\n- Output partition size as int (bsc#1116517)\n- Start partition numbers from 1\n- Warn on long group names\n- Improved logging support\n- Add retail_yaml --only-new option\n- Print import summary (bsc#1112754)\n- Add retail_migration tool\n- Check for duplicate addresses in yaml (bsc#1111497)\n\nsalt-netapi-client:\n\n- Version 0.15.0\n See: https://github.com/SUSE/salt-netapi-client/releases/tag/v0.15.0\n\nsaltboot-formula:\n\n- Send pxe_update by external command to make sure it is finished\n (bsc#1111387)\n- Better error message on missing partitioning pillar (bsc#1110625)\n\nspacecmd:\n\n- Show group id on group_details (bsc#1111542)\n- State channels handling: Existing commands configchannel_create and configchannel_import were updated\n while system_scheduleapplyconfigchannels and configchannel_updateinitsls were added.\n\nspacewalk-branding:\n\n- Automatic cleanup of notification messages after a configurable lifetime\n- ActivationKey base and child channel in a reactjs component\n- New messages are added for XMLRPC API for state channels\n\nspacewalk-config:\n\n- Add permissions for tomcat \u0026 apache to check bootstrap ssh file (bsc#1114181)\n\nspacewalk-java:\n\n- Improve return value and errors thrown for system.createEmptyProfile XMLRPC endpoint\n- Fix scheduling jobs to prevent forever pending events (bsc#1114991)\n- Performance improvements for group listings and detail page (bsc#1111810)\n- Fix wrong counts of systems currency reports when a system belongs to more than one group (bsc#1114362)\n- Add check if ssh-file permissions are correct (bsc#1114181)\n- Increase maximum number of threads and open files for taskomatic (bsc#1111966)\n- When removing cobbler system record, lookup by mac address as well if lookup by id fails(bsc#1110361)\n- Allow listing empty system profiles via XMLRPC\n- Automatic cleanup of notification messages after a configurable lifetime\n- Different methods have been refactored in tomcat/taskomatic for better performance(bsc#1106430)\n- Do not try cleanup when deleting empty system profiles (bsc#1111247)\n- Better error handling when a websocket connection is aborted (bsc#1080474)\n- Change Requires to allow installing with both Tomcat 8 (SLE-12SP3) and 9 (SLE12-SP4)\n- ActivationKey base and child channel in a reactjs component\n- Fix typo in messages (bsc#1111249)\n- Cleanup formula data and assignment when migrating formulas or when removing system\n- Remove restrictions on SUSE Manager Channel subscriptions (bsc#1105724)\n- Added shortcut for editing Software Channel\n- Fix permissions check on formula list api call (bsc#1106626)\n- Add sp migration dry runs to the daily status report (bsc#1083094)\n\nspacewalk-search:\n\n- Fix nutch-core path (bsc#1112445)\n\nspacewalk-setup:\n\n- Increase maximum number of threads and open files for taskomatic (bsc#1111966)\n\nspacewalk-utils:\n\n- Fix typo at --phases option help\n\nspacewalk-web:\n\n- Make datetimepicker update displayed time (bsc#1041999)\n- Show human-readable system cleanup error messages\n- ActivationKey base and child channel in a reactjs component\n- Fix typo in messages (bsc#1111249)\n\nsusemanager:\n\n- Add new option --with-parent-channel to mgr-create-bootrap-repo\n to specify parent channel to use if multiple options are available\n (bsc#1104487)\n\nsusemanager-docs_en:\n\n- Update text and image files.\n- Add information about SLE12 SP4 as base OS for Server and Proxy\n\nsusemanager-frontend-libs:\n\n- Fix package version (bsc#1115449)\n\nsusemanager-schema:\n\n- Automatic cleanup of notification messages after a configurable lifetime\n- Add missing minion-action-chain-cleanup to db init scripts\n\nsusemanager-sls:\n\n- Deploy SSL certificate during onboarding of openSUSE Leap 15.0 (bsc#1112163)\n\nsusemanager-sync-data:\n\n- SUSE OpenStack Cloud 9 enablement (bsc#1113557)\n- Add SUSE Manager 3.1 and 3.2 to SLES12 SP4\n\ntika-core:\n\n- Fix improper XML parsing to prevent DoS attacks (CVE-2018-11761) (bsc#1109235)\n- Install missing LICENSE.txt file (bsc#1114814)\n- New upstream version (0.19.1) \n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SUSE-Manager-Proxy-3.2-2018-2869,SUSE-SUSE-Manager-Server-3.2-2018-2869",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-ru-2018_4018-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-RU-2018:4018-1",
"url": "https://www.suse.com/support/update/announcement//suse-ru-20184018-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-RU-2018:4018-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2018-December/010230.html"
},
{
"category": "self",
"summary": "SUSE Bug 1041999",
"url": "https://bugzilla.suse.com/1041999"
},
{
"category": "self",
"summary": "SUSE Bug 1080474",
"url": "https://bugzilla.suse.com/1080474"
},
{
"category": "self",
"summary": "SUSE Bug 1083094",
"url": "https://bugzilla.suse.com/1083094"
},
{
"category": "self",
"summary": "SUSE Bug 1104487",
"url": "https://bugzilla.suse.com/1104487"
},
{
"category": "self",
"summary": "SUSE Bug 1105359",
"url": "https://bugzilla.suse.com/1105359"
},
{
"category": "self",
"summary": "SUSE Bug 1105724",
"url": "https://bugzilla.suse.com/1105724"
},
{
"category": "self",
"summary": "SUSE Bug 1106430",
"url": "https://bugzilla.suse.com/1106430"
},
{
"category": "self",
"summary": "SUSE Bug 1106626",
"url": "https://bugzilla.suse.com/1106626"
},
{
"category": "self",
"summary": "SUSE Bug 1107869",
"url": "https://bugzilla.suse.com/1107869"
},
{
"category": "self",
"summary": "SUSE Bug 1109235",
"url": "https://bugzilla.suse.com/1109235"
},
{
"category": "self",
"summary": "SUSE Bug 1110361",
"url": "https://bugzilla.suse.com/1110361"
},
{
"category": "self",
"summary": "SUSE Bug 1110625",
"url": "https://bugzilla.suse.com/1110625"
},
{
"category": "self",
"summary": "SUSE Bug 1111247",
"url": "https://bugzilla.suse.com/1111247"
},
{
"category": "self",
"summary": "SUSE Bug 1111249",
"url": "https://bugzilla.suse.com/1111249"
},
{
"category": "self",
"summary": "SUSE Bug 1111387",
"url": "https://bugzilla.suse.com/1111387"
},
{
"category": "self",
"summary": "SUSE Bug 1111497",
"url": "https://bugzilla.suse.com/1111497"
},
{
"category": "self",
"summary": "SUSE Bug 1111542",
"url": "https://bugzilla.suse.com/1111542"
},
{
"category": "self",
"summary": "SUSE Bug 1111810",
"url": "https://bugzilla.suse.com/1111810"
},
{
"category": "self",
"summary": "SUSE Bug 1111966",
"url": "https://bugzilla.suse.com/1111966"
},
{
"category": "self",
"summary": "SUSE Bug 1112163",
"url": "https://bugzilla.suse.com/1112163"
},
{
"category": "self",
"summary": "SUSE Bug 1112445",
"url": "https://bugzilla.suse.com/1112445"
},
{
"category": "self",
"summary": "SUSE Bug 1112754",
"url": "https://bugzilla.suse.com/1112754"
},
{
"category": "self",
"summary": "SUSE Bug 1113557",
"url": "https://bugzilla.suse.com/1113557"
},
{
"category": "self",
"summary": "SUSE Bug 1113747",
"url": "https://bugzilla.suse.com/1113747"
},
{
"category": "self",
"summary": "SUSE Bug 1114181",
"url": "https://bugzilla.suse.com/1114181"
},
{
"category": "self",
"summary": "SUSE Bug 1114362",
"url": "https://bugzilla.suse.com/1114362"
},
{
"category": "self",
"summary": "SUSE Bug 1114814",
"url": "https://bugzilla.suse.com/1114814"
},
{
"category": "self",
"summary": "SUSE Bug 1114991",
"url": "https://bugzilla.suse.com/1114991"
},
{
"category": "self",
"summary": "SUSE Bug 1115449",
"url": "https://bugzilla.suse.com/1115449"
},
{
"category": "self",
"summary": "SUSE Bug 1116517",
"url": "https://bugzilla.suse.com/1116517"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-11761 page",
"url": "https://www.suse.com/security/cve/CVE-2018-11761/"
}
],
"title": "Security update for SUSE Manager Server 3.2",
"tracking": {
"current_release_date": "2018-12-07T12:25:18Z",
"generator": {
"date": "2018-12-07T12:25:18Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-RU-2018:4018-1",
"initial_release_date": "2018-12-07T12:25:18Z",
"revision_history": [
{
"date": "2018-12-07T12:25:18Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "spacewalk-base-minimal-2.8.7.11-3.13.3.noarch",
"product": {
"name": "spacewalk-base-minimal-2.8.7.11-3.13.3.noarch",
"product_id": "spacewalk-base-minimal-2.8.7.11-3.13.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-base-minimal-config-2.8.7.11-3.13.3.noarch",
"product": {
"name": "spacewalk-base-minimal-config-2.8.7.11-3.13.3.noarch",
"product_id": "spacewalk-base-minimal-config-2.8.7.11-3.13.3.noarch"
}
},
{
"category": "product_version",
"name": "apache-mybatis-3.2.3-3.3.3.noarch",
"product": {
"name": "apache-mybatis-3.2.3-3.3.3.noarch",
"product_id": "apache-mybatis-3.2.3-3.3.3.noarch"
}
},
{
"category": "product_version",
"name": "cobbler-2.6.6-6.10.3.noarch",
"product": {
"name": "cobbler-2.6.6-6.10.3.noarch",
"product_id": "cobbler-2.6.6-6.10.3.noarch"
}
},
{
"category": "product_version",
"name": "hadoop-0.18.1-3.3.3.noarch",
"product": {
"name": "hadoop-0.18.1-3.3.3.noarch",
"product_id": "hadoop-0.18.1-3.3.3.noarch"
}
},
{
"category": "product_version",
"name": "image-sync-formula-0.1.1542287363.b8aa274-3.6.3.noarch",
"product": {
"name": "image-sync-formula-0.1.1542287363.b8aa274-3.6.3.noarch",
"product_id": "image-sync-formula-0.1.1542287363.b8aa274-3.6.3.noarch"
}
},
{
"category": "product_version",
"name": "lucene-2.4.1-4.3.3.noarch",
"product": {
"name": "lucene-2.4.1-4.3.3.noarch",
"product_id": "lucene-2.4.1-4.3.3.noarch"
}
},
{
"category": "product_version",
"name": "nekohtml-1.9.21-3.3.3.noarch",
"product": {
"name": "nekohtml-1.9.21-3.3.3.noarch",
"product_id": "nekohtml-1.9.21-3.3.3.noarch"
}
},
{
"category": "product_version",
"name": "nutch-core-1.0.1-7.10.3.noarch",
"product": {
"name": "nutch-core-1.0.1-7.10.3.noarch",
"product_id": "nutch-core-1.0.1-7.10.3.noarch"
}
},
{
"category": "product_version",
"name": "picocontainer-1.3.7-3.3.3.noarch",
"product": {
"name": "picocontainer-1.3.7-3.3.3.noarch",
"product_id": "picocontainer-1.3.7-3.3.3.noarch"
}
},
{
"category": "product_version",
"name": "python-susemanager-retail-1.0.1542643545.8752d17-2.6.3.noarch",
"product": {
"name": "python-susemanager-retail-1.0.1542643545.8752d17-2.6.3.noarch",
"product_id": "python-susemanager-retail-1.0.1542643545.8752d17-2.6.3.noarch"
}
},
{
"category": "product_version",
"name": "salt-netapi-client-0.15.0-4.3.3.noarch",
"product": {
"name": "salt-netapi-client-0.15.0-4.3.3.noarch",
"product_id": "salt-netapi-client-0.15.0-4.3.3.noarch"
}
},
{
"category": "product_version",
"name": "saltboot-formula-0.1.1542287363.b8aa274-3.6.3.noarch",
"product": {
"name": "saltboot-formula-0.1.1542287363.b8aa274-3.6.3.noarch",
"product_id": "saltboot-formula-0.1.1542287363.b8aa274-3.6.3.noarch"
}
},
{
"category": "product_version",
"name": "spacecmd-2.8.25.7-3.9.3.noarch",
"product": {
"name": "spacecmd-2.8.25.7-3.9.3.noarch",
"product_id": "spacecmd-2.8.25.7-3.9.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-base-2.8.7.11-3.13.3.noarch",
"product": {
"name": "spacewalk-base-2.8.7.11-3.13.3.noarch",
"product_id": "spacewalk-base-2.8.7.11-3.13.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-config-2.8.5.5-3.10.3.noarch",
"product": {
"name": "spacewalk-config-2.8.5.5-3.10.3.noarch",
"product_id": "spacewalk-config-2.8.5.5-3.10.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-html-2.8.7.11-3.13.3.noarch",
"product": {
"name": "spacewalk-html-2.8.7.11-3.13.3.noarch",
"product_id": "spacewalk-html-2.8.7.11-3.13.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-java-2.8.78.13-3.13.1.noarch",
"product": {
"name": "spacewalk-java-2.8.78.13-3.13.1.noarch",
"product_id": "spacewalk-java-2.8.78.13-3.13.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-java-config-2.8.78.13-3.13.1.noarch",
"product": {
"name": "spacewalk-java-config-2.8.78.13-3.13.1.noarch",
"product_id": "spacewalk-java-config-2.8.78.13-3.13.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-java-lib-2.8.78.13-3.13.1.noarch",
"product": {
"name": "spacewalk-java-lib-2.8.78.13-3.13.1.noarch",
"product_id": "spacewalk-java-lib-2.8.78.13-3.13.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-java-oracle-2.8.78.13-3.13.1.noarch",
"product": {
"name": "spacewalk-java-oracle-2.8.78.13-3.13.1.noarch",
"product_id": "spacewalk-java-oracle-2.8.78.13-3.13.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-java-postgresql-2.8.78.13-3.13.1.noarch",
"product": {
"name": "spacewalk-java-postgresql-2.8.78.13-3.13.1.noarch",
"product_id": "spacewalk-java-postgresql-2.8.78.13-3.13.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-search-2.8.3.7-3.12.3.noarch",
"product": {
"name": "spacewalk-search-2.8.3.7-3.12.3.noarch",
"product_id": "spacewalk-search-2.8.3.7-3.12.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-setup-2.8.7.5-3.10.3.noarch",
"product": {
"name": "spacewalk-setup-2.8.7.5-3.10.3.noarch",
"product_id": "spacewalk-setup-2.8.7.5-3.10.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-taskomatic-2.8.78.13-3.13.1.noarch",
"product": {
"name": "spacewalk-taskomatic-2.8.78.13-3.13.1.noarch",
"product_id": "spacewalk-taskomatic-2.8.78.13-3.13.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-utils-2.8.18.3-3.3.3.noarch",
"product": {
"name": "spacewalk-utils-2.8.18.3-3.3.3.noarch",
"product_id": "spacewalk-utils-2.8.18.3-3.3.3.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-advanced-topics_en-pdf-3.2-11.12.3.noarch",
"product": {
"name": "susemanager-advanced-topics_en-pdf-3.2-11.12.3.noarch",
"product_id": "susemanager-advanced-topics_en-pdf-3.2-11.12.3.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-best-practices_en-pdf-3.2-11.12.3.noarch",
"product": {
"name": "susemanager-best-practices_en-pdf-3.2-11.12.3.noarch",
"product_id": "susemanager-best-practices_en-pdf-3.2-11.12.3.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-docs_en-3.2-11.12.3.noarch",
"product": {
"name": "susemanager-docs_en-3.2-11.12.3.noarch",
"product_id": "susemanager-docs_en-3.2-11.12.3.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-frontend-libs-3.2.4-3.7.3.noarch",
"product": {
"name": "susemanager-frontend-libs-3.2.4-3.7.3.noarch",
"product_id": "susemanager-frontend-libs-3.2.4-3.7.3.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-getting-started_en-pdf-3.2-11.12.3.noarch",
"product": {
"name": "susemanager-getting-started_en-pdf-3.2-11.12.3.noarch",
"product_id": "susemanager-getting-started_en-pdf-3.2-11.12.3.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-jsp_en-3.2-11.12.3.noarch",
"product": {
"name": "susemanager-jsp_en-3.2-11.12.3.noarch",
"product_id": "susemanager-jsp_en-3.2-11.12.3.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-reference_en-pdf-3.2-11.12.3.noarch",
"product": {
"name": "susemanager-reference_en-pdf-3.2-11.12.3.noarch",
"product_id": "susemanager-reference_en-pdf-3.2-11.12.3.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-retail-tools-1.0.1542643545.8752d17-2.6.3.noarch",
"product": {
"name": "susemanager-retail-tools-1.0.1542643545.8752d17-2.6.3.noarch",
"product_id": "susemanager-retail-tools-1.0.1542643545.8752d17-2.6.3.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-schema-3.2.15-3.13.3.noarch",
"product": {
"name": "susemanager-schema-3.2.15-3.13.3.noarch",
"product_id": "susemanager-schema-3.2.15-3.13.3.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-sls-3.2.18-3.13.3.noarch",
"product": {
"name": "susemanager-sls-3.2.18-3.13.3.noarch",
"product_id": "susemanager-sls-3.2.18-3.13.3.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-sync-data-3.2.10-3.9.3.noarch",
"product": {
"name": "susemanager-sync-data-3.2.10-3.9.3.noarch",
"product_id": "susemanager-sync-data-3.2.10-3.9.3.noarch"
}
},
{
"category": "product_version",
"name": "tika-core-1.19.1-3.3.3.noarch",
"product": {
"name": "tika-core-1.19.1-3.3.3.noarch",
"product_id": "tika-core-1.19.1-3.3.3.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "spacewalk-branding-2.8.5.12-3.10.4.ppc64le",
"product": {
"name": "spacewalk-branding-2.8.5.12-3.10.4.ppc64le",
"product_id": "spacewalk-branding-2.8.5.12-3.10.4.ppc64le"
}
},
{
"category": "product_version",
"name": "susemanager-3.2.14-3.13.3.ppc64le",
"product": {
"name": "susemanager-3.2.14-3.13.3.ppc64le",
"product_id": "susemanager-3.2.14-3.13.3.ppc64le"
}
},
{
"category": "product_version",
"name": "susemanager-tools-3.2.14-3.13.3.ppc64le",
"product": {
"name": "susemanager-tools-3.2.14-3.13.3.ppc64le",
"product_id": "susemanager-tools-3.2.14-3.13.3.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "spacewalk-branding-2.8.5.12-3.10.4.s390x",
"product": {
"name": "spacewalk-branding-2.8.5.12-3.10.4.s390x",
"product_id": "spacewalk-branding-2.8.5.12-3.10.4.s390x"
}
},
{
"category": "product_version",
"name": "susemanager-3.2.14-3.13.3.s390x",
"product": {
"name": "susemanager-3.2.14-3.13.3.s390x",
"product_id": "susemanager-3.2.14-3.13.3.s390x"
}
},
{
"category": "product_version",
"name": "susemanager-tools-3.2.14-3.13.3.s390x",
"product": {
"name": "susemanager-tools-3.2.14-3.13.3.s390x",
"product_id": "susemanager-tools-3.2.14-3.13.3.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "spacewalk-branding-2.8.5.12-3.10.4.x86_64",
"product": {
"name": "spacewalk-branding-2.8.5.12-3.10.4.x86_64",
"product_id": "spacewalk-branding-2.8.5.12-3.10.4.x86_64"
}
},
{
"category": "product_version",
"name": "susemanager-3.2.14-3.13.3.x86_64",
"product": {
"name": "susemanager-3.2.14-3.13.3.x86_64",
"product_id": "susemanager-3.2.14-3.13.3.x86_64"
}
},
{
"category": "product_version",
"name": "susemanager-tools-3.2.14-3.13.3.x86_64",
"product": {
"name": "susemanager-tools-3.2.14-3.13.3.x86_64",
"product_id": "susemanager-tools-3.2.14-3.13.3.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Manager Proxy 3.2",
"product": {
"name": "SUSE Manager Proxy 3.2",
"product_id": "SUSE Manager Proxy 3.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-proxy:3.2"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server 3.2",
"product": {
"name": "SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server:3.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-minimal-2.8.7.11-3.13.3.noarch as component of SUSE Manager Proxy 3.2",
"product_id": "SUSE Manager Proxy 3.2:spacewalk-base-minimal-2.8.7.11-3.13.3.noarch"
},
"product_reference": "spacewalk-base-minimal-2.8.7.11-3.13.3.noarch",
"relates_to_product_reference": "SUSE Manager Proxy 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-minimal-config-2.8.7.11-3.13.3.noarch as component of SUSE Manager Proxy 3.2",
"product_id": "SUSE Manager Proxy 3.2:spacewalk-base-minimal-config-2.8.7.11-3.13.3.noarch"
},
"product_reference": "spacewalk-base-minimal-config-2.8.7.11-3.13.3.noarch",
"relates_to_product_reference": "SUSE Manager Proxy 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-mybatis-3.2.3-3.3.3.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:apache-mybatis-3.2.3-3.3.3.noarch"
},
"product_reference": "apache-mybatis-3.2.3-3.3.3.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cobbler-2.6.6-6.10.3.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:cobbler-2.6.6-6.10.3.noarch"
},
"product_reference": "cobbler-2.6.6-6.10.3.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hadoop-0.18.1-3.3.3.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:hadoop-0.18.1-3.3.3.noarch"
},
"product_reference": "hadoop-0.18.1-3.3.3.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "image-sync-formula-0.1.1542287363.b8aa274-3.6.3.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:image-sync-formula-0.1.1542287363.b8aa274-3.6.3.noarch"
},
"product_reference": "image-sync-formula-0.1.1542287363.b8aa274-3.6.3.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lucene-2.4.1-4.3.3.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:lucene-2.4.1-4.3.3.noarch"
},
"product_reference": "lucene-2.4.1-4.3.3.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nekohtml-1.9.21-3.3.3.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:nekohtml-1.9.21-3.3.3.noarch"
},
"product_reference": "nekohtml-1.9.21-3.3.3.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nutch-core-1.0.1-7.10.3.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:nutch-core-1.0.1-7.10.3.noarch"
},
"product_reference": "nutch-core-1.0.1-7.10.3.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "picocontainer-1.3.7-3.3.3.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:picocontainer-1.3.7-3.3.3.noarch"
},
"product_reference": "picocontainer-1.3.7-3.3.3.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-susemanager-retail-1.0.1542643545.8752d17-2.6.3.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:python-susemanager-retail-1.0.1542643545.8752d17-2.6.3.noarch"
},
"product_reference": "python-susemanager-retail-1.0.1542643545.8752d17-2.6.3.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "salt-netapi-client-0.15.0-4.3.3.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:salt-netapi-client-0.15.0-4.3.3.noarch"
},
"product_reference": "salt-netapi-client-0.15.0-4.3.3.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltboot-formula-0.1.1542287363.b8aa274-3.6.3.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:saltboot-formula-0.1.1542287363.b8aa274-3.6.3.noarch"
},
"product_reference": "saltboot-formula-0.1.1542287363.b8aa274-3.6.3.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacecmd-2.8.25.7-3.9.3.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:spacecmd-2.8.25.7-3.9.3.noarch"
},
"product_reference": "spacecmd-2.8.25.7-3.9.3.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-2.8.7.11-3.13.3.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:spacewalk-base-2.8.7.11-3.13.3.noarch"
},
"product_reference": "spacewalk-base-2.8.7.11-3.13.3.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-minimal-2.8.7.11-3.13.3.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:spacewalk-base-minimal-2.8.7.11-3.13.3.noarch"
},
"product_reference": "spacewalk-base-minimal-2.8.7.11-3.13.3.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-minimal-config-2.8.7.11-3.13.3.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:spacewalk-base-minimal-config-2.8.7.11-3.13.3.noarch"
},
"product_reference": "spacewalk-base-minimal-config-2.8.7.11-3.13.3.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-branding-2.8.5.12-3.10.4.ppc64le as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:spacewalk-branding-2.8.5.12-3.10.4.ppc64le"
},
"product_reference": "spacewalk-branding-2.8.5.12-3.10.4.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-branding-2.8.5.12-3.10.4.s390x as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:spacewalk-branding-2.8.5.12-3.10.4.s390x"
},
"product_reference": "spacewalk-branding-2.8.5.12-3.10.4.s390x",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-branding-2.8.5.12-3.10.4.x86_64 as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:spacewalk-branding-2.8.5.12-3.10.4.x86_64"
},
"product_reference": "spacewalk-branding-2.8.5.12-3.10.4.x86_64",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-config-2.8.5.5-3.10.3.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:spacewalk-config-2.8.5.5-3.10.3.noarch"
},
"product_reference": "spacewalk-config-2.8.5.5-3.10.3.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-html-2.8.7.11-3.13.3.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:spacewalk-html-2.8.7.11-3.13.3.noarch"
},
"product_reference": "spacewalk-html-2.8.7.11-3.13.3.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-2.8.78.13-3.13.1.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:spacewalk-java-2.8.78.13-3.13.1.noarch"
},
"product_reference": "spacewalk-java-2.8.78.13-3.13.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-config-2.8.78.13-3.13.1.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:spacewalk-java-config-2.8.78.13-3.13.1.noarch"
},
"product_reference": "spacewalk-java-config-2.8.78.13-3.13.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-lib-2.8.78.13-3.13.1.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:spacewalk-java-lib-2.8.78.13-3.13.1.noarch"
},
"product_reference": "spacewalk-java-lib-2.8.78.13-3.13.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-oracle-2.8.78.13-3.13.1.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:spacewalk-java-oracle-2.8.78.13-3.13.1.noarch"
},
"product_reference": "spacewalk-java-oracle-2.8.78.13-3.13.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-postgresql-2.8.78.13-3.13.1.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:spacewalk-java-postgresql-2.8.78.13-3.13.1.noarch"
},
"product_reference": "spacewalk-java-postgresql-2.8.78.13-3.13.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-search-2.8.3.7-3.12.3.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:spacewalk-search-2.8.3.7-3.12.3.noarch"
},
"product_reference": "spacewalk-search-2.8.3.7-3.12.3.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-setup-2.8.7.5-3.10.3.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:spacewalk-setup-2.8.7.5-3.10.3.noarch"
},
"product_reference": "spacewalk-setup-2.8.7.5-3.10.3.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-taskomatic-2.8.78.13-3.13.1.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:spacewalk-taskomatic-2.8.78.13-3.13.1.noarch"
},
"product_reference": "spacewalk-taskomatic-2.8.78.13-3.13.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-utils-2.8.18.3-3.3.3.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:spacewalk-utils-2.8.18.3-3.3.3.noarch"
},
"product_reference": "spacewalk-utils-2.8.18.3-3.3.3.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-3.2.14-3.13.3.ppc64le as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:susemanager-3.2.14-3.13.3.ppc64le"
},
"product_reference": "susemanager-3.2.14-3.13.3.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-3.2.14-3.13.3.s390x as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:susemanager-3.2.14-3.13.3.s390x"
},
"product_reference": "susemanager-3.2.14-3.13.3.s390x",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-3.2.14-3.13.3.x86_64 as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:susemanager-3.2.14-3.13.3.x86_64"
},
"product_reference": "susemanager-3.2.14-3.13.3.x86_64",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-advanced-topics_en-pdf-3.2-11.12.3.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:susemanager-advanced-topics_en-pdf-3.2-11.12.3.noarch"
},
"product_reference": "susemanager-advanced-topics_en-pdf-3.2-11.12.3.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-best-practices_en-pdf-3.2-11.12.3.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:susemanager-best-practices_en-pdf-3.2-11.12.3.noarch"
},
"product_reference": "susemanager-best-practices_en-pdf-3.2-11.12.3.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-docs_en-3.2-11.12.3.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:susemanager-docs_en-3.2-11.12.3.noarch"
},
"product_reference": "susemanager-docs_en-3.2-11.12.3.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-frontend-libs-3.2.4-3.7.3.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:susemanager-frontend-libs-3.2.4-3.7.3.noarch"
},
"product_reference": "susemanager-frontend-libs-3.2.4-3.7.3.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-getting-started_en-pdf-3.2-11.12.3.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:susemanager-getting-started_en-pdf-3.2-11.12.3.noarch"
},
"product_reference": "susemanager-getting-started_en-pdf-3.2-11.12.3.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-jsp_en-3.2-11.12.3.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:susemanager-jsp_en-3.2-11.12.3.noarch"
},
"product_reference": "susemanager-jsp_en-3.2-11.12.3.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-reference_en-pdf-3.2-11.12.3.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:susemanager-reference_en-pdf-3.2-11.12.3.noarch"
},
"product_reference": "susemanager-reference_en-pdf-3.2-11.12.3.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-retail-tools-1.0.1542643545.8752d17-2.6.3.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:susemanager-retail-tools-1.0.1542643545.8752d17-2.6.3.noarch"
},
"product_reference": "susemanager-retail-tools-1.0.1542643545.8752d17-2.6.3.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-schema-3.2.15-3.13.3.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:susemanager-schema-3.2.15-3.13.3.noarch"
},
"product_reference": "susemanager-schema-3.2.15-3.13.3.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-sls-3.2.18-3.13.3.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:susemanager-sls-3.2.18-3.13.3.noarch"
},
"product_reference": "susemanager-sls-3.2.18-3.13.3.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-sync-data-3.2.10-3.9.3.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:susemanager-sync-data-3.2.10-3.9.3.noarch"
},
"product_reference": "susemanager-sync-data-3.2.10-3.9.3.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-tools-3.2.14-3.13.3.ppc64le as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:susemanager-tools-3.2.14-3.13.3.ppc64le"
},
"product_reference": "susemanager-tools-3.2.14-3.13.3.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-tools-3.2.14-3.13.3.s390x as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:susemanager-tools-3.2.14-3.13.3.s390x"
},
"product_reference": "susemanager-tools-3.2.14-3.13.3.s390x",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-tools-3.2.14-3.13.3.x86_64 as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:susemanager-tools-3.2.14-3.13.3.x86_64"
},
"product_reference": "susemanager-tools-3.2.14-3.13.3.x86_64",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tika-core-1.19.1-3.3.3.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:tika-core-1.19.1-3.3.3.noarch"
},
"product_reference": "tika-core-1.19.1-3.3.3.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-11761",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-11761"
}
],
"notes": [
{
"category": "general",
"text": "In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Proxy 3.2:spacewalk-base-minimal-2.8.7.11-3.13.3.noarch",
"SUSE Manager Proxy 3.2:spacewalk-base-minimal-config-2.8.7.11-3.13.3.noarch",
"SUSE Manager Server 3.2:apache-mybatis-3.2.3-3.3.3.noarch",
"SUSE Manager Server 3.2:cobbler-2.6.6-6.10.3.noarch",
"SUSE Manager Server 3.2:hadoop-0.18.1-3.3.3.noarch",
"SUSE Manager Server 3.2:image-sync-formula-0.1.1542287363.b8aa274-3.6.3.noarch",
"SUSE Manager Server 3.2:lucene-2.4.1-4.3.3.noarch",
"SUSE Manager Server 3.2:nekohtml-1.9.21-3.3.3.noarch",
"SUSE Manager Server 3.2:nutch-core-1.0.1-7.10.3.noarch",
"SUSE Manager Server 3.2:picocontainer-1.3.7-3.3.3.noarch",
"SUSE Manager Server 3.2:python-susemanager-retail-1.0.1542643545.8752d17-2.6.3.noarch",
"SUSE Manager Server 3.2:salt-netapi-client-0.15.0-4.3.3.noarch",
"SUSE Manager Server 3.2:saltboot-formula-0.1.1542287363.b8aa274-3.6.3.noarch",
"SUSE Manager Server 3.2:spacecmd-2.8.25.7-3.9.3.noarch",
"SUSE Manager Server 3.2:spacewalk-base-2.8.7.11-3.13.3.noarch",
"SUSE Manager Server 3.2:spacewalk-base-minimal-2.8.7.11-3.13.3.noarch",
"SUSE Manager Server 3.2:spacewalk-base-minimal-config-2.8.7.11-3.13.3.noarch",
"SUSE Manager Server 3.2:spacewalk-branding-2.8.5.12-3.10.4.ppc64le",
"SUSE Manager Server 3.2:spacewalk-branding-2.8.5.12-3.10.4.s390x",
"SUSE Manager Server 3.2:spacewalk-branding-2.8.5.12-3.10.4.x86_64",
"SUSE Manager Server 3.2:spacewalk-config-2.8.5.5-3.10.3.noarch",
"SUSE Manager Server 3.2:spacewalk-html-2.8.7.11-3.13.3.noarch",
"SUSE Manager Server 3.2:spacewalk-java-2.8.78.13-3.13.1.noarch",
"SUSE Manager Server 3.2:spacewalk-java-config-2.8.78.13-3.13.1.noarch",
"SUSE Manager Server 3.2:spacewalk-java-lib-2.8.78.13-3.13.1.noarch",
"SUSE Manager Server 3.2:spacewalk-java-oracle-2.8.78.13-3.13.1.noarch",
"SUSE Manager Server 3.2:spacewalk-java-postgresql-2.8.78.13-3.13.1.noarch",
"SUSE Manager Server 3.2:spacewalk-search-2.8.3.7-3.12.3.noarch",
"SUSE Manager Server 3.2:spacewalk-setup-2.8.7.5-3.10.3.noarch",
"SUSE Manager Server 3.2:spacewalk-taskomatic-2.8.78.13-3.13.1.noarch",
"SUSE Manager Server 3.2:spacewalk-utils-2.8.18.3-3.3.3.noarch",
"SUSE Manager Server 3.2:susemanager-3.2.14-3.13.3.ppc64le",
"SUSE Manager Server 3.2:susemanager-3.2.14-3.13.3.s390x",
"SUSE Manager Server 3.2:susemanager-3.2.14-3.13.3.x86_64",
"SUSE Manager Server 3.2:susemanager-advanced-topics_en-pdf-3.2-11.12.3.noarch",
"SUSE Manager Server 3.2:susemanager-best-practices_en-pdf-3.2-11.12.3.noarch",
"SUSE Manager Server 3.2:susemanager-docs_en-3.2-11.12.3.noarch",
"SUSE Manager Server 3.2:susemanager-frontend-libs-3.2.4-3.7.3.noarch",
"SUSE Manager Server 3.2:susemanager-getting-started_en-pdf-3.2-11.12.3.noarch",
"SUSE Manager Server 3.2:susemanager-jsp_en-3.2-11.12.3.noarch",
"SUSE Manager Server 3.2:susemanager-reference_en-pdf-3.2-11.12.3.noarch",
"SUSE Manager Server 3.2:susemanager-retail-tools-1.0.1542643545.8752d17-2.6.3.noarch",
"SUSE Manager Server 3.2:susemanager-schema-3.2.15-3.13.3.noarch",
"SUSE Manager Server 3.2:susemanager-sls-3.2.18-3.13.3.noarch",
"SUSE Manager Server 3.2:susemanager-sync-data-3.2.10-3.9.3.noarch",
"SUSE Manager Server 3.2:susemanager-tools-3.2.14-3.13.3.ppc64le",
"SUSE Manager Server 3.2:susemanager-tools-3.2.14-3.13.3.s390x",
"SUSE Manager Server 3.2:susemanager-tools-3.2.14-3.13.3.x86_64",
"SUSE Manager Server 3.2:tika-core-1.19.1-3.3.3.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-11761",
"url": "https://www.suse.com/security/cve/CVE-2018-11761"
},
{
"category": "external",
"summary": "SUSE Bug 1109235 for CVE-2018-11761",
"url": "https://bugzilla.suse.com/1109235"
},
{
"category": "external",
"summary": "SUSE Bug 1111309 for CVE-2018-11761",
"url": "https://bugzilla.suse.com/1111309"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Proxy 3.2:spacewalk-base-minimal-2.8.7.11-3.13.3.noarch",
"SUSE Manager Proxy 3.2:spacewalk-base-minimal-config-2.8.7.11-3.13.3.noarch",
"SUSE Manager Server 3.2:apache-mybatis-3.2.3-3.3.3.noarch",
"SUSE Manager Server 3.2:cobbler-2.6.6-6.10.3.noarch",
"SUSE Manager Server 3.2:hadoop-0.18.1-3.3.3.noarch",
"SUSE Manager Server 3.2:image-sync-formula-0.1.1542287363.b8aa274-3.6.3.noarch",
"SUSE Manager Server 3.2:lucene-2.4.1-4.3.3.noarch",
"SUSE Manager Server 3.2:nekohtml-1.9.21-3.3.3.noarch",
"SUSE Manager Server 3.2:nutch-core-1.0.1-7.10.3.noarch",
"SUSE Manager Server 3.2:picocontainer-1.3.7-3.3.3.noarch",
"SUSE Manager Server 3.2:python-susemanager-retail-1.0.1542643545.8752d17-2.6.3.noarch",
"SUSE Manager Server 3.2:salt-netapi-client-0.15.0-4.3.3.noarch",
"SUSE Manager Server 3.2:saltboot-formula-0.1.1542287363.b8aa274-3.6.3.noarch",
"SUSE Manager Server 3.2:spacecmd-2.8.25.7-3.9.3.noarch",
"SUSE Manager Server 3.2:spacewalk-base-2.8.7.11-3.13.3.noarch",
"SUSE Manager Server 3.2:spacewalk-base-minimal-2.8.7.11-3.13.3.noarch",
"SUSE Manager Server 3.2:spacewalk-base-minimal-config-2.8.7.11-3.13.3.noarch",
"SUSE Manager Server 3.2:spacewalk-branding-2.8.5.12-3.10.4.ppc64le",
"SUSE Manager Server 3.2:spacewalk-branding-2.8.5.12-3.10.4.s390x",
"SUSE Manager Server 3.2:spacewalk-branding-2.8.5.12-3.10.4.x86_64",
"SUSE Manager Server 3.2:spacewalk-config-2.8.5.5-3.10.3.noarch",
"SUSE Manager Server 3.2:spacewalk-html-2.8.7.11-3.13.3.noarch",
"SUSE Manager Server 3.2:spacewalk-java-2.8.78.13-3.13.1.noarch",
"SUSE Manager Server 3.2:spacewalk-java-config-2.8.78.13-3.13.1.noarch",
"SUSE Manager Server 3.2:spacewalk-java-lib-2.8.78.13-3.13.1.noarch",
"SUSE Manager Server 3.2:spacewalk-java-oracle-2.8.78.13-3.13.1.noarch",
"SUSE Manager Server 3.2:spacewalk-java-postgresql-2.8.78.13-3.13.1.noarch",
"SUSE Manager Server 3.2:spacewalk-search-2.8.3.7-3.12.3.noarch",
"SUSE Manager Server 3.2:spacewalk-setup-2.8.7.5-3.10.3.noarch",
"SUSE Manager Server 3.2:spacewalk-taskomatic-2.8.78.13-3.13.1.noarch",
"SUSE Manager Server 3.2:spacewalk-utils-2.8.18.3-3.3.3.noarch",
"SUSE Manager Server 3.2:susemanager-3.2.14-3.13.3.ppc64le",
"SUSE Manager Server 3.2:susemanager-3.2.14-3.13.3.s390x",
"SUSE Manager Server 3.2:susemanager-3.2.14-3.13.3.x86_64",
"SUSE Manager Server 3.2:susemanager-advanced-topics_en-pdf-3.2-11.12.3.noarch",
"SUSE Manager Server 3.2:susemanager-best-practices_en-pdf-3.2-11.12.3.noarch",
"SUSE Manager Server 3.2:susemanager-docs_en-3.2-11.12.3.noarch",
"SUSE Manager Server 3.2:susemanager-frontend-libs-3.2.4-3.7.3.noarch",
"SUSE Manager Server 3.2:susemanager-getting-started_en-pdf-3.2-11.12.3.noarch",
"SUSE Manager Server 3.2:susemanager-jsp_en-3.2-11.12.3.noarch",
"SUSE Manager Server 3.2:susemanager-reference_en-pdf-3.2-11.12.3.noarch",
"SUSE Manager Server 3.2:susemanager-retail-tools-1.0.1542643545.8752d17-2.6.3.noarch",
"SUSE Manager Server 3.2:susemanager-schema-3.2.15-3.13.3.noarch",
"SUSE Manager Server 3.2:susemanager-sls-3.2.18-3.13.3.noarch",
"SUSE Manager Server 3.2:susemanager-sync-data-3.2.10-3.9.3.noarch",
"SUSE Manager Server 3.2:susemanager-tools-3.2.14-3.13.3.ppc64le",
"SUSE Manager Server 3.2:susemanager-tools-3.2.14-3.13.3.s390x",
"SUSE Manager Server 3.2:susemanager-tools-3.2.14-3.13.3.x86_64",
"SUSE Manager Server 3.2:tika-core-1.19.1-3.3.3.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Manager Proxy 3.2:spacewalk-base-minimal-2.8.7.11-3.13.3.noarch",
"SUSE Manager Proxy 3.2:spacewalk-base-minimal-config-2.8.7.11-3.13.3.noarch",
"SUSE Manager Server 3.2:apache-mybatis-3.2.3-3.3.3.noarch",
"SUSE Manager Server 3.2:cobbler-2.6.6-6.10.3.noarch",
"SUSE Manager Server 3.2:hadoop-0.18.1-3.3.3.noarch",
"SUSE Manager Server 3.2:image-sync-formula-0.1.1542287363.b8aa274-3.6.3.noarch",
"SUSE Manager Server 3.2:lucene-2.4.1-4.3.3.noarch",
"SUSE Manager Server 3.2:nekohtml-1.9.21-3.3.3.noarch",
"SUSE Manager Server 3.2:nutch-core-1.0.1-7.10.3.noarch",
"SUSE Manager Server 3.2:picocontainer-1.3.7-3.3.3.noarch",
"SUSE Manager Server 3.2:python-susemanager-retail-1.0.1542643545.8752d17-2.6.3.noarch",
"SUSE Manager Server 3.2:salt-netapi-client-0.15.0-4.3.3.noarch",
"SUSE Manager Server 3.2:saltboot-formula-0.1.1542287363.b8aa274-3.6.3.noarch",
"SUSE Manager Server 3.2:spacecmd-2.8.25.7-3.9.3.noarch",
"SUSE Manager Server 3.2:spacewalk-base-2.8.7.11-3.13.3.noarch",
"SUSE Manager Server 3.2:spacewalk-base-minimal-2.8.7.11-3.13.3.noarch",
"SUSE Manager Server 3.2:spacewalk-base-minimal-config-2.8.7.11-3.13.3.noarch",
"SUSE Manager Server 3.2:spacewalk-branding-2.8.5.12-3.10.4.ppc64le",
"SUSE Manager Server 3.2:spacewalk-branding-2.8.5.12-3.10.4.s390x",
"SUSE Manager Server 3.2:spacewalk-branding-2.8.5.12-3.10.4.x86_64",
"SUSE Manager Server 3.2:spacewalk-config-2.8.5.5-3.10.3.noarch",
"SUSE Manager Server 3.2:spacewalk-html-2.8.7.11-3.13.3.noarch",
"SUSE Manager Server 3.2:spacewalk-java-2.8.78.13-3.13.1.noarch",
"SUSE Manager Server 3.2:spacewalk-java-config-2.8.78.13-3.13.1.noarch",
"SUSE Manager Server 3.2:spacewalk-java-lib-2.8.78.13-3.13.1.noarch",
"SUSE Manager Server 3.2:spacewalk-java-oracle-2.8.78.13-3.13.1.noarch",
"SUSE Manager Server 3.2:spacewalk-java-postgresql-2.8.78.13-3.13.1.noarch",
"SUSE Manager Server 3.2:spacewalk-search-2.8.3.7-3.12.3.noarch",
"SUSE Manager Server 3.2:spacewalk-setup-2.8.7.5-3.10.3.noarch",
"SUSE Manager Server 3.2:spacewalk-taskomatic-2.8.78.13-3.13.1.noarch",
"SUSE Manager Server 3.2:spacewalk-utils-2.8.18.3-3.3.3.noarch",
"SUSE Manager Server 3.2:susemanager-3.2.14-3.13.3.ppc64le",
"SUSE Manager Server 3.2:susemanager-3.2.14-3.13.3.s390x",
"SUSE Manager Server 3.2:susemanager-3.2.14-3.13.3.x86_64",
"SUSE Manager Server 3.2:susemanager-advanced-topics_en-pdf-3.2-11.12.3.noarch",
"SUSE Manager Server 3.2:susemanager-best-practices_en-pdf-3.2-11.12.3.noarch",
"SUSE Manager Server 3.2:susemanager-docs_en-3.2-11.12.3.noarch",
"SUSE Manager Server 3.2:susemanager-frontend-libs-3.2.4-3.7.3.noarch",
"SUSE Manager Server 3.2:susemanager-getting-started_en-pdf-3.2-11.12.3.noarch",
"SUSE Manager Server 3.2:susemanager-jsp_en-3.2-11.12.3.noarch",
"SUSE Manager Server 3.2:susemanager-reference_en-pdf-3.2-11.12.3.noarch",
"SUSE Manager Server 3.2:susemanager-retail-tools-1.0.1542643545.8752d17-2.6.3.noarch",
"SUSE Manager Server 3.2:susemanager-schema-3.2.15-3.13.3.noarch",
"SUSE Manager Server 3.2:susemanager-sls-3.2.18-3.13.3.noarch",
"SUSE Manager Server 3.2:susemanager-sync-data-3.2.10-3.9.3.noarch",
"SUSE Manager Server 3.2:susemanager-tools-3.2.14-3.13.3.ppc64le",
"SUSE Manager Server 3.2:susemanager-tools-3.2.14-3.13.3.s390x",
"SUSE Manager Server 3.2:susemanager-tools-3.2.14-3.13.3.x86_64",
"SUSE Manager Server 3.2:tika-core-1.19.1-3.3.3.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-07T12:25:18Z",
"details": "low"
}
],
"title": "CVE-2018-11761"
}
]
}
suse-su-2018:4011-1
Vulnerability from csaf_suse
Published
2018-12-07 12:25
Modified
2018-12-07 12:25
Summary
Security update for SUSE Manager Server 3.2
Notes
Title of the patch
Security update for SUSE Manager Server 3.2
Description of the patch
This update fixes the following issues:
apache-mybatis:
- Install missing LICENSE.txt file (bsc#1114814)
cobbler:
- Fix service restart after logrotate for cobblerd (bsc#1113747)
- Rotate cobbler logs at higher frequency to prevent disk fillup
(bsc#1113747)
hadoop:
- Install missing LICENSE.txt file (bsc#1114814)
image-sync-formula:
- Handle empty images pillar (bsc#1105359)
lucene:
- Install missing LICENSE.txt file (bsc#1114814)
nekohtml:
- Install missing LICENSE.txt file (bsc#1114814)
nutch-core:
- Install missing LICENSE.txt file (bsc#1114814)
- Add conditional requirement for java 1.8
- Use java >= 1.8 - required by tika 0.19.1
to /var/log/nutch (bsc#1107869)
- Add new tarball file for v1.0.1
- Bump up version to 1.0.1 and fix paths
- Adjustments after upgrade of tika-core to v1.19
picocontainer:
- Install missing LICENSE.txt file (bsc#1114814)
python-susemanager-retail:
- Improve error reporting on duplicate systems
- Output partition size as int (bsc#1116517)
- Start partition numbers from 1
- Warn on long group names
- Improved logging support
- Add retail_yaml --only-new option
- Print import summary (bsc#1112754)
- Add retail_migration tool
- Check for duplicate addresses in yaml (bsc#1111497)
salt-netapi-client:
- Version 0.15.0
See: https://github.com/SUSE/salt-netapi-client/releases/tag/v0.15.0
saltboot-formula:
- Send pxe_update by external command to make sure it is finished
(bsc#1111387)
- Better error message on missing partitioning pillar (bsc#1110625)
spacecmd:
- Show group id on group_details (bsc#1111542)
- State channels handling: Existing commands configchannel_create and configchannel_import were updated
while system_scheduleapplyconfigchannels and configchannel_updateinitsls were added.
spacewalk-branding:
- Automatic cleanup of notification messages after a configurable lifetime
- ActivationKey base and child channel in a reactjs component
- New messages are added for XMLRPC API for state channels
spacewalk-config:
- Add permissions for tomcat & apache to check bootstrap ssh file (bsc#1114181)
spacewalk-java:
- Improve return value and errors thrown for system.createEmptyProfile XMLRPC endpoint
- Fix scheduling jobs to prevent forever pending events (bsc#1114991)
- Performance improvements for group listings and detail page (bsc#1111810)
- Fix wrong counts of systems currency reports when a system belongs to more than one group (bsc#1114362)
- Add check if ssh-file permissions are correct (bsc#1114181)
- Increase maximum number of threads and open files for taskomatic (bsc#1111966)
- When removing cobbler system record, lookup by mac address as well if lookup by id fails(bsc#1110361)
- Allow listing empty system profiles via XMLRPC
- Automatic cleanup of notification messages after a configurable lifetime
- Different methods have been refactored in tomcat/taskomatic for better performance(bsc#1106430)
- Do not try cleanup when deleting empty system profiles (bsc#1111247)
- Better error handling when a websocket connection is aborted (bsc#1080474)
- Change Requires to allow installing with both Tomcat 8 (SLE-12SP3) and 9 (SLE12-SP4)
- ActivationKey base and child channel in a reactjs component
- Fix typo in messages (bsc#1111249)
- Cleanup formula data and assignment when migrating formulas or when removing system
- Remove restrictions on SUSE Manager Channel subscriptions (bsc#1105724)
- Added shortcut for editing Software Channel
- Fix permissions check on formula list api call (bsc#1106626)
- Add sp migration dry runs to the daily status report (bsc#1083094)
spacewalk-search:
- Fix nutch-core path (bsc#1112445)
spacewalk-setup:
- Increase maximum number of threads and open files for taskomatic (bsc#1111966)
spacewalk-utils:
- Fix typo at --phases option help
spacewalk-web:
- Make datetimepicker update displayed time (bsc#1041999)
- Show human-readable system cleanup error messages
- ActivationKey base and child channel in a reactjs component
- Fix typo in messages (bsc#1111249)
susemanager:
- Add new option --with-parent-channel to mgr-create-bootrap-repo
to specify parent channel to use if multiple options are available
(bsc#1104487)
susemanager-docs_en:
- Update text and image files.
- Add information about SLE12 SP4 as base OS for Server and Proxy
susemanager-frontend-libs:
- Fix package version (bsc#1115449)
susemanager-schema:
- Automatic cleanup of notification messages after a configurable lifetime
- Add missing minion-action-chain-cleanup to db init scripts
susemanager-sls:
- Deploy SSL certificate during onboarding of openSUSE Leap 15.0 (bsc#1112163)
susemanager-sync-data:
- SUSE OpenStack Cloud 9 enablement (bsc#1113557)
- Add SUSE Manager 3.1 and 3.2 to SLES12 SP4
tika-core:
- Fix improper XML parsing to prevent DoS attacks (CVE-2018-11761) (bsc#1109235)
- Install missing LICENSE.txt file (bsc#1114814)
- New upstream version (0.19.1)
Patchnames
SUSE-SUSE-Manager-Proxy-3.2-2018-2869,SUSE-SUSE-Manager-Server-3.2-2018-2869
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for SUSE Manager Server 3.2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update fixes the following issues:\n\napache-mybatis:\n\n- Install missing LICENSE.txt file (bsc#1114814)\n\ncobbler:\n\n- Fix service restart after logrotate for cobblerd (bsc#1113747)\n- Rotate cobbler logs at higher frequency to prevent disk fillup\n (bsc#1113747)\n\nhadoop:\n\n- Install missing LICENSE.txt file (bsc#1114814)\n\nimage-sync-formula:\n\n- Handle empty images pillar (bsc#1105359)\n\nlucene:\n\n- Install missing LICENSE.txt file (bsc#1114814)\n\nnekohtml:\n\n- Install missing LICENSE.txt file (bsc#1114814)\n\nnutch-core:\n\n- Install missing LICENSE.txt file (bsc#1114814)\n- Add conditional requirement for java 1.8 \n- Use java \u003e= 1.8 - required by tika 0.19.1 \n to /var/log/nutch (bsc#1107869)\n- Add new tarball file for v1.0.1\n- Bump up version to 1.0.1 and fix paths\n- Adjustments after upgrade of tika-core to v1.19 \n\npicocontainer:\n\n- Install missing LICENSE.txt file (bsc#1114814) \n\npython-susemanager-retail:\n\n- Improve error reporting on duplicate systems\n- Output partition size as int (bsc#1116517)\n- Start partition numbers from 1\n- Warn on long group names\n- Improved logging support\n- Add retail_yaml --only-new option\n- Print import summary (bsc#1112754)\n- Add retail_migration tool\n- Check for duplicate addresses in yaml (bsc#1111497)\n\nsalt-netapi-client:\n\n- Version 0.15.0\n See: https://github.com/SUSE/salt-netapi-client/releases/tag/v0.15.0\n\nsaltboot-formula:\n\n- Send pxe_update by external command to make sure it is finished\n (bsc#1111387)\n- Better error message on missing partitioning pillar (bsc#1110625)\n\nspacecmd:\n\n- Show group id on group_details (bsc#1111542)\n- State channels handling: Existing commands configchannel_create and configchannel_import were updated\n while system_scheduleapplyconfigchannels and configchannel_updateinitsls were added.\n\nspacewalk-branding:\n\n- Automatic cleanup of notification messages after a configurable lifetime\n- ActivationKey base and child channel in a reactjs component\n- New messages are added for XMLRPC API for state channels\n\nspacewalk-config:\n\n- Add permissions for tomcat \u0026 apache to check bootstrap ssh file (bsc#1114181)\n\nspacewalk-java:\n\n- Improve return value and errors thrown for system.createEmptyProfile XMLRPC endpoint\n- Fix scheduling jobs to prevent forever pending events (bsc#1114991)\n- Performance improvements for group listings and detail page (bsc#1111810)\n- Fix wrong counts of systems currency reports when a system belongs to more than one group (bsc#1114362)\n- Add check if ssh-file permissions are correct (bsc#1114181)\n- Increase maximum number of threads and open files for taskomatic (bsc#1111966)\n- When removing cobbler system record, lookup by mac address as well if lookup by id fails(bsc#1110361)\n- Allow listing empty system profiles via XMLRPC\n- Automatic cleanup of notification messages after a configurable lifetime\n- Different methods have been refactored in tomcat/taskomatic for better performance(bsc#1106430)\n- Do not try cleanup when deleting empty system profiles (bsc#1111247)\n- Better error handling when a websocket connection is aborted (bsc#1080474)\n- Change Requires to allow installing with both Tomcat 8 (SLE-12SP3) and 9 (SLE12-SP4)\n- ActivationKey base and child channel in a reactjs component\n- Fix typo in messages (bsc#1111249)\n- Cleanup formula data and assignment when migrating formulas or when removing system\n- Remove restrictions on SUSE Manager Channel subscriptions (bsc#1105724)\n- Added shortcut for editing Software Channel\n- Fix permissions check on formula list api call (bsc#1106626)\n- Add sp migration dry runs to the daily status report (bsc#1083094)\n\nspacewalk-search:\n\n- Fix nutch-core path (bsc#1112445)\n\nspacewalk-setup:\n\n- Increase maximum number of threads and open files for taskomatic (bsc#1111966)\n\nspacewalk-utils:\n\n- Fix typo at --phases option help\n\nspacewalk-web:\n\n- Make datetimepicker update displayed time (bsc#1041999)\n- Show human-readable system cleanup error messages\n- ActivationKey base and child channel in a reactjs component\n- Fix typo in messages (bsc#1111249)\n\nsusemanager:\n\n- Add new option --with-parent-channel to mgr-create-bootrap-repo\n to specify parent channel to use if multiple options are available\n (bsc#1104487)\n\nsusemanager-docs_en:\n\n- Update text and image files.\n- Add information about SLE12 SP4 as base OS for Server and Proxy\n\nsusemanager-frontend-libs:\n\n- Fix package version (bsc#1115449)\n\nsusemanager-schema:\n\n- Automatic cleanup of notification messages after a configurable lifetime\n- Add missing minion-action-chain-cleanup to db init scripts\n\nsusemanager-sls:\n\n- Deploy SSL certificate during onboarding of openSUSE Leap 15.0 (bsc#1112163)\n\nsusemanager-sync-data:\n\n- SUSE OpenStack Cloud 9 enablement (bsc#1113557)\n- Add SUSE Manager 3.1 and 3.2 to SLES12 SP4\n\ntika-core:\n\n- Fix improper XML parsing to prevent DoS attacks (CVE-2018-11761) (bsc#1109235)\n- Install missing LICENSE.txt file (bsc#1114814)\n- New upstream version (0.19.1) \n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SUSE-Manager-Proxy-3.2-2018-2869,SUSE-SUSE-Manager-Server-3.2-2018-2869",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_4011-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:4011-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20184011-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:4011-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-December/004936.html"
},
{
"category": "self",
"summary": "SUSE Bug 1041999",
"url": "https://bugzilla.suse.com/1041999"
},
{
"category": "self",
"summary": "SUSE Bug 1080474",
"url": "https://bugzilla.suse.com/1080474"
},
{
"category": "self",
"summary": "SUSE Bug 1083094",
"url": "https://bugzilla.suse.com/1083094"
},
{
"category": "self",
"summary": "SUSE Bug 1104487",
"url": "https://bugzilla.suse.com/1104487"
},
{
"category": "self",
"summary": "SUSE Bug 1105359",
"url": "https://bugzilla.suse.com/1105359"
},
{
"category": "self",
"summary": "SUSE Bug 1105724",
"url": "https://bugzilla.suse.com/1105724"
},
{
"category": "self",
"summary": "SUSE Bug 1106430",
"url": "https://bugzilla.suse.com/1106430"
},
{
"category": "self",
"summary": "SUSE Bug 1106626",
"url": "https://bugzilla.suse.com/1106626"
},
{
"category": "self",
"summary": "SUSE Bug 1107869",
"url": "https://bugzilla.suse.com/1107869"
},
{
"category": "self",
"summary": "SUSE Bug 1109235",
"url": "https://bugzilla.suse.com/1109235"
},
{
"category": "self",
"summary": "SUSE Bug 1110361",
"url": "https://bugzilla.suse.com/1110361"
},
{
"category": "self",
"summary": "SUSE Bug 1110625",
"url": "https://bugzilla.suse.com/1110625"
},
{
"category": "self",
"summary": "SUSE Bug 1111247",
"url": "https://bugzilla.suse.com/1111247"
},
{
"category": "self",
"summary": "SUSE Bug 1111249",
"url": "https://bugzilla.suse.com/1111249"
},
{
"category": "self",
"summary": "SUSE Bug 1111387",
"url": "https://bugzilla.suse.com/1111387"
},
{
"category": "self",
"summary": "SUSE Bug 1111497",
"url": "https://bugzilla.suse.com/1111497"
},
{
"category": "self",
"summary": "SUSE Bug 1111542",
"url": "https://bugzilla.suse.com/1111542"
},
{
"category": "self",
"summary": "SUSE Bug 1111810",
"url": "https://bugzilla.suse.com/1111810"
},
{
"category": "self",
"summary": "SUSE Bug 1111966",
"url": "https://bugzilla.suse.com/1111966"
},
{
"category": "self",
"summary": "SUSE Bug 1112163",
"url": "https://bugzilla.suse.com/1112163"
},
{
"category": "self",
"summary": "SUSE Bug 1112445",
"url": "https://bugzilla.suse.com/1112445"
},
{
"category": "self",
"summary": "SUSE Bug 1112754",
"url": "https://bugzilla.suse.com/1112754"
},
{
"category": "self",
"summary": "SUSE Bug 1113557",
"url": "https://bugzilla.suse.com/1113557"
},
{
"category": "self",
"summary": "SUSE Bug 1113747",
"url": "https://bugzilla.suse.com/1113747"
},
{
"category": "self",
"summary": "SUSE Bug 1114181",
"url": "https://bugzilla.suse.com/1114181"
},
{
"category": "self",
"summary": "SUSE Bug 1114362",
"url": "https://bugzilla.suse.com/1114362"
},
{
"category": "self",
"summary": "SUSE Bug 1114814",
"url": "https://bugzilla.suse.com/1114814"
},
{
"category": "self",
"summary": "SUSE Bug 1114991",
"url": "https://bugzilla.suse.com/1114991"
},
{
"category": "self",
"summary": "SUSE Bug 1115449",
"url": "https://bugzilla.suse.com/1115449"
},
{
"category": "self",
"summary": "SUSE Bug 1116517",
"url": "https://bugzilla.suse.com/1116517"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-11761 page",
"url": "https://www.suse.com/security/cve/CVE-2018-11761/"
}
],
"title": "Security update for SUSE Manager Server 3.2",
"tracking": {
"current_release_date": "2018-12-07T12:25:18Z",
"generator": {
"date": "2018-12-07T12:25:18Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:4011-1",
"initial_release_date": "2018-12-07T12:25:18Z",
"revision_history": [
{
"date": "2018-12-07T12:25:18Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "spacewalk-base-minimal-2.8.7.11-3.13.3.noarch",
"product": {
"name": "spacewalk-base-minimal-2.8.7.11-3.13.3.noarch",
"product_id": "spacewalk-base-minimal-2.8.7.11-3.13.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-base-minimal-config-2.8.7.11-3.13.3.noarch",
"product": {
"name": "spacewalk-base-minimal-config-2.8.7.11-3.13.3.noarch",
"product_id": "spacewalk-base-minimal-config-2.8.7.11-3.13.3.noarch"
}
},
{
"category": "product_version",
"name": "apache-mybatis-3.2.3-3.3.3.noarch",
"product": {
"name": "apache-mybatis-3.2.3-3.3.3.noarch",
"product_id": "apache-mybatis-3.2.3-3.3.3.noarch"
}
},
{
"category": "product_version",
"name": "cobbler-2.6.6-6.10.3.noarch",
"product": {
"name": "cobbler-2.6.6-6.10.3.noarch",
"product_id": "cobbler-2.6.6-6.10.3.noarch"
}
},
{
"category": "product_version",
"name": "hadoop-0.18.1-3.3.3.noarch",
"product": {
"name": "hadoop-0.18.1-3.3.3.noarch",
"product_id": "hadoop-0.18.1-3.3.3.noarch"
}
},
{
"category": "product_version",
"name": "image-sync-formula-0.1.1542287363.b8aa274-3.6.3.noarch",
"product": {
"name": "image-sync-formula-0.1.1542287363.b8aa274-3.6.3.noarch",
"product_id": "image-sync-formula-0.1.1542287363.b8aa274-3.6.3.noarch"
}
},
{
"category": "product_version",
"name": "lucene-2.4.1-4.3.3.noarch",
"product": {
"name": "lucene-2.4.1-4.3.3.noarch",
"product_id": "lucene-2.4.1-4.3.3.noarch"
}
},
{
"category": "product_version",
"name": "nekohtml-1.9.21-3.3.3.noarch",
"product": {
"name": "nekohtml-1.9.21-3.3.3.noarch",
"product_id": "nekohtml-1.9.21-3.3.3.noarch"
}
},
{
"category": "product_version",
"name": "nutch-core-1.0.1-7.10.3.noarch",
"product": {
"name": "nutch-core-1.0.1-7.10.3.noarch",
"product_id": "nutch-core-1.0.1-7.10.3.noarch"
}
},
{
"category": "product_version",
"name": "picocontainer-1.3.7-3.3.3.noarch",
"product": {
"name": "picocontainer-1.3.7-3.3.3.noarch",
"product_id": "picocontainer-1.3.7-3.3.3.noarch"
}
},
{
"category": "product_version",
"name": "python-susemanager-retail-1.0.1542643545.8752d17-2.6.3.noarch",
"product": {
"name": "python-susemanager-retail-1.0.1542643545.8752d17-2.6.3.noarch",
"product_id": "python-susemanager-retail-1.0.1542643545.8752d17-2.6.3.noarch"
}
},
{
"category": "product_version",
"name": "salt-netapi-client-0.15.0-4.3.3.noarch",
"product": {
"name": "salt-netapi-client-0.15.0-4.3.3.noarch",
"product_id": "salt-netapi-client-0.15.0-4.3.3.noarch"
}
},
{
"category": "product_version",
"name": "saltboot-formula-0.1.1542287363.b8aa274-3.6.3.noarch",
"product": {
"name": "saltboot-formula-0.1.1542287363.b8aa274-3.6.3.noarch",
"product_id": "saltboot-formula-0.1.1542287363.b8aa274-3.6.3.noarch"
}
},
{
"category": "product_version",
"name": "spacecmd-2.8.25.7-3.9.3.noarch",
"product": {
"name": "spacecmd-2.8.25.7-3.9.3.noarch",
"product_id": "spacecmd-2.8.25.7-3.9.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-base-2.8.7.11-3.13.3.noarch",
"product": {
"name": "spacewalk-base-2.8.7.11-3.13.3.noarch",
"product_id": "spacewalk-base-2.8.7.11-3.13.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-config-2.8.5.5-3.10.3.noarch",
"product": {
"name": "spacewalk-config-2.8.5.5-3.10.3.noarch",
"product_id": "spacewalk-config-2.8.5.5-3.10.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-html-2.8.7.11-3.13.3.noarch",
"product": {
"name": "spacewalk-html-2.8.7.11-3.13.3.noarch",
"product_id": "spacewalk-html-2.8.7.11-3.13.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-java-2.8.78.13-3.13.1.noarch",
"product": {
"name": "spacewalk-java-2.8.78.13-3.13.1.noarch",
"product_id": "spacewalk-java-2.8.78.13-3.13.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-java-config-2.8.78.13-3.13.1.noarch",
"product": {
"name": "spacewalk-java-config-2.8.78.13-3.13.1.noarch",
"product_id": "spacewalk-java-config-2.8.78.13-3.13.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-java-lib-2.8.78.13-3.13.1.noarch",
"product": {
"name": "spacewalk-java-lib-2.8.78.13-3.13.1.noarch",
"product_id": "spacewalk-java-lib-2.8.78.13-3.13.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-java-oracle-2.8.78.13-3.13.1.noarch",
"product": {
"name": "spacewalk-java-oracle-2.8.78.13-3.13.1.noarch",
"product_id": "spacewalk-java-oracle-2.8.78.13-3.13.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-java-postgresql-2.8.78.13-3.13.1.noarch",
"product": {
"name": "spacewalk-java-postgresql-2.8.78.13-3.13.1.noarch",
"product_id": "spacewalk-java-postgresql-2.8.78.13-3.13.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-search-2.8.3.7-3.12.3.noarch",
"product": {
"name": "spacewalk-search-2.8.3.7-3.12.3.noarch",
"product_id": "spacewalk-search-2.8.3.7-3.12.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-setup-2.8.7.5-3.10.3.noarch",
"product": {
"name": "spacewalk-setup-2.8.7.5-3.10.3.noarch",
"product_id": "spacewalk-setup-2.8.7.5-3.10.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-taskomatic-2.8.78.13-3.13.1.noarch",
"product": {
"name": "spacewalk-taskomatic-2.8.78.13-3.13.1.noarch",
"product_id": "spacewalk-taskomatic-2.8.78.13-3.13.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-utils-2.8.18.3-3.3.3.noarch",
"product": {
"name": "spacewalk-utils-2.8.18.3-3.3.3.noarch",
"product_id": "spacewalk-utils-2.8.18.3-3.3.3.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-advanced-topics_en-pdf-3.2-11.12.3.noarch",
"product": {
"name": "susemanager-advanced-topics_en-pdf-3.2-11.12.3.noarch",
"product_id": "susemanager-advanced-topics_en-pdf-3.2-11.12.3.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-best-practices_en-pdf-3.2-11.12.3.noarch",
"product": {
"name": "susemanager-best-practices_en-pdf-3.2-11.12.3.noarch",
"product_id": "susemanager-best-practices_en-pdf-3.2-11.12.3.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-docs_en-3.2-11.12.3.noarch",
"product": {
"name": "susemanager-docs_en-3.2-11.12.3.noarch",
"product_id": "susemanager-docs_en-3.2-11.12.3.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-frontend-libs-3.2.4-3.7.3.noarch",
"product": {
"name": "susemanager-frontend-libs-3.2.4-3.7.3.noarch",
"product_id": "susemanager-frontend-libs-3.2.4-3.7.3.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-getting-started_en-pdf-3.2-11.12.3.noarch",
"product": {
"name": "susemanager-getting-started_en-pdf-3.2-11.12.3.noarch",
"product_id": "susemanager-getting-started_en-pdf-3.2-11.12.3.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-jsp_en-3.2-11.12.3.noarch",
"product": {
"name": "susemanager-jsp_en-3.2-11.12.3.noarch",
"product_id": "susemanager-jsp_en-3.2-11.12.3.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-reference_en-pdf-3.2-11.12.3.noarch",
"product": {
"name": "susemanager-reference_en-pdf-3.2-11.12.3.noarch",
"product_id": "susemanager-reference_en-pdf-3.2-11.12.3.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-retail-tools-1.0.1542643545.8752d17-2.6.3.noarch",
"product": {
"name": "susemanager-retail-tools-1.0.1542643545.8752d17-2.6.3.noarch",
"product_id": "susemanager-retail-tools-1.0.1542643545.8752d17-2.6.3.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-schema-3.2.15-3.13.3.noarch",
"product": {
"name": "susemanager-schema-3.2.15-3.13.3.noarch",
"product_id": "susemanager-schema-3.2.15-3.13.3.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-sls-3.2.18-3.13.3.noarch",
"product": {
"name": "susemanager-sls-3.2.18-3.13.3.noarch",
"product_id": "susemanager-sls-3.2.18-3.13.3.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-sync-data-3.2.10-3.9.3.noarch",
"product": {
"name": "susemanager-sync-data-3.2.10-3.9.3.noarch",
"product_id": "susemanager-sync-data-3.2.10-3.9.3.noarch"
}
},
{
"category": "product_version",
"name": "tika-core-1.19.1-3.3.3.noarch",
"product": {
"name": "tika-core-1.19.1-3.3.3.noarch",
"product_id": "tika-core-1.19.1-3.3.3.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "spacewalk-branding-2.8.5.12-3.10.4.ppc64le",
"product": {
"name": "spacewalk-branding-2.8.5.12-3.10.4.ppc64le",
"product_id": "spacewalk-branding-2.8.5.12-3.10.4.ppc64le"
}
},
{
"category": "product_version",
"name": "susemanager-3.2.14-3.13.3.ppc64le",
"product": {
"name": "susemanager-3.2.14-3.13.3.ppc64le",
"product_id": "susemanager-3.2.14-3.13.3.ppc64le"
}
},
{
"category": "product_version",
"name": "susemanager-tools-3.2.14-3.13.3.ppc64le",
"product": {
"name": "susemanager-tools-3.2.14-3.13.3.ppc64le",
"product_id": "susemanager-tools-3.2.14-3.13.3.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "spacewalk-branding-2.8.5.12-3.10.4.s390x",
"product": {
"name": "spacewalk-branding-2.8.5.12-3.10.4.s390x",
"product_id": "spacewalk-branding-2.8.5.12-3.10.4.s390x"
}
},
{
"category": "product_version",
"name": "susemanager-3.2.14-3.13.3.s390x",
"product": {
"name": "susemanager-3.2.14-3.13.3.s390x",
"product_id": "susemanager-3.2.14-3.13.3.s390x"
}
},
{
"category": "product_version",
"name": "susemanager-tools-3.2.14-3.13.3.s390x",
"product": {
"name": "susemanager-tools-3.2.14-3.13.3.s390x",
"product_id": "susemanager-tools-3.2.14-3.13.3.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "spacewalk-branding-2.8.5.12-3.10.4.x86_64",
"product": {
"name": "spacewalk-branding-2.8.5.12-3.10.4.x86_64",
"product_id": "spacewalk-branding-2.8.5.12-3.10.4.x86_64"
}
},
{
"category": "product_version",
"name": "susemanager-3.2.14-3.13.3.x86_64",
"product": {
"name": "susemanager-3.2.14-3.13.3.x86_64",
"product_id": "susemanager-3.2.14-3.13.3.x86_64"
}
},
{
"category": "product_version",
"name": "susemanager-tools-3.2.14-3.13.3.x86_64",
"product": {
"name": "susemanager-tools-3.2.14-3.13.3.x86_64",
"product_id": "susemanager-tools-3.2.14-3.13.3.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Manager Proxy 3.2",
"product": {
"name": "SUSE Manager Proxy 3.2",
"product_id": "SUSE Manager Proxy 3.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-proxy:3.2"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server 3.2",
"product": {
"name": "SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server:3.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-minimal-2.8.7.11-3.13.3.noarch as component of SUSE Manager Proxy 3.2",
"product_id": "SUSE Manager Proxy 3.2:spacewalk-base-minimal-2.8.7.11-3.13.3.noarch"
},
"product_reference": "spacewalk-base-minimal-2.8.7.11-3.13.3.noarch",
"relates_to_product_reference": "SUSE Manager Proxy 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-minimal-config-2.8.7.11-3.13.3.noarch as component of SUSE Manager Proxy 3.2",
"product_id": "SUSE Manager Proxy 3.2:spacewalk-base-minimal-config-2.8.7.11-3.13.3.noarch"
},
"product_reference": "spacewalk-base-minimal-config-2.8.7.11-3.13.3.noarch",
"relates_to_product_reference": "SUSE Manager Proxy 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-mybatis-3.2.3-3.3.3.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:apache-mybatis-3.2.3-3.3.3.noarch"
},
"product_reference": "apache-mybatis-3.2.3-3.3.3.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cobbler-2.6.6-6.10.3.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:cobbler-2.6.6-6.10.3.noarch"
},
"product_reference": "cobbler-2.6.6-6.10.3.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hadoop-0.18.1-3.3.3.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:hadoop-0.18.1-3.3.3.noarch"
},
"product_reference": "hadoop-0.18.1-3.3.3.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "image-sync-formula-0.1.1542287363.b8aa274-3.6.3.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:image-sync-formula-0.1.1542287363.b8aa274-3.6.3.noarch"
},
"product_reference": "image-sync-formula-0.1.1542287363.b8aa274-3.6.3.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lucene-2.4.1-4.3.3.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:lucene-2.4.1-4.3.3.noarch"
},
"product_reference": "lucene-2.4.1-4.3.3.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nekohtml-1.9.21-3.3.3.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:nekohtml-1.9.21-3.3.3.noarch"
},
"product_reference": "nekohtml-1.9.21-3.3.3.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nutch-core-1.0.1-7.10.3.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:nutch-core-1.0.1-7.10.3.noarch"
},
"product_reference": "nutch-core-1.0.1-7.10.3.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "picocontainer-1.3.7-3.3.3.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:picocontainer-1.3.7-3.3.3.noarch"
},
"product_reference": "picocontainer-1.3.7-3.3.3.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-susemanager-retail-1.0.1542643545.8752d17-2.6.3.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:python-susemanager-retail-1.0.1542643545.8752d17-2.6.3.noarch"
},
"product_reference": "python-susemanager-retail-1.0.1542643545.8752d17-2.6.3.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "salt-netapi-client-0.15.0-4.3.3.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:salt-netapi-client-0.15.0-4.3.3.noarch"
},
"product_reference": "salt-netapi-client-0.15.0-4.3.3.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltboot-formula-0.1.1542287363.b8aa274-3.6.3.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:saltboot-formula-0.1.1542287363.b8aa274-3.6.3.noarch"
},
"product_reference": "saltboot-formula-0.1.1542287363.b8aa274-3.6.3.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacecmd-2.8.25.7-3.9.3.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:spacecmd-2.8.25.7-3.9.3.noarch"
},
"product_reference": "spacecmd-2.8.25.7-3.9.3.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-2.8.7.11-3.13.3.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:spacewalk-base-2.8.7.11-3.13.3.noarch"
},
"product_reference": "spacewalk-base-2.8.7.11-3.13.3.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-minimal-2.8.7.11-3.13.3.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:spacewalk-base-minimal-2.8.7.11-3.13.3.noarch"
},
"product_reference": "spacewalk-base-minimal-2.8.7.11-3.13.3.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-minimal-config-2.8.7.11-3.13.3.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:spacewalk-base-minimal-config-2.8.7.11-3.13.3.noarch"
},
"product_reference": "spacewalk-base-minimal-config-2.8.7.11-3.13.3.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-branding-2.8.5.12-3.10.4.ppc64le as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:spacewalk-branding-2.8.5.12-3.10.4.ppc64le"
},
"product_reference": "spacewalk-branding-2.8.5.12-3.10.4.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-branding-2.8.5.12-3.10.4.s390x as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:spacewalk-branding-2.8.5.12-3.10.4.s390x"
},
"product_reference": "spacewalk-branding-2.8.5.12-3.10.4.s390x",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-branding-2.8.5.12-3.10.4.x86_64 as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:spacewalk-branding-2.8.5.12-3.10.4.x86_64"
},
"product_reference": "spacewalk-branding-2.8.5.12-3.10.4.x86_64",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-config-2.8.5.5-3.10.3.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:spacewalk-config-2.8.5.5-3.10.3.noarch"
},
"product_reference": "spacewalk-config-2.8.5.5-3.10.3.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-html-2.8.7.11-3.13.3.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:spacewalk-html-2.8.7.11-3.13.3.noarch"
},
"product_reference": "spacewalk-html-2.8.7.11-3.13.3.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-2.8.78.13-3.13.1.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:spacewalk-java-2.8.78.13-3.13.1.noarch"
},
"product_reference": "spacewalk-java-2.8.78.13-3.13.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-config-2.8.78.13-3.13.1.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:spacewalk-java-config-2.8.78.13-3.13.1.noarch"
},
"product_reference": "spacewalk-java-config-2.8.78.13-3.13.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-lib-2.8.78.13-3.13.1.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:spacewalk-java-lib-2.8.78.13-3.13.1.noarch"
},
"product_reference": "spacewalk-java-lib-2.8.78.13-3.13.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-oracle-2.8.78.13-3.13.1.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:spacewalk-java-oracle-2.8.78.13-3.13.1.noarch"
},
"product_reference": "spacewalk-java-oracle-2.8.78.13-3.13.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-postgresql-2.8.78.13-3.13.1.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:spacewalk-java-postgresql-2.8.78.13-3.13.1.noarch"
},
"product_reference": "spacewalk-java-postgresql-2.8.78.13-3.13.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-search-2.8.3.7-3.12.3.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:spacewalk-search-2.8.3.7-3.12.3.noarch"
},
"product_reference": "spacewalk-search-2.8.3.7-3.12.3.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-setup-2.8.7.5-3.10.3.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:spacewalk-setup-2.8.7.5-3.10.3.noarch"
},
"product_reference": "spacewalk-setup-2.8.7.5-3.10.3.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-taskomatic-2.8.78.13-3.13.1.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:spacewalk-taskomatic-2.8.78.13-3.13.1.noarch"
},
"product_reference": "spacewalk-taskomatic-2.8.78.13-3.13.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-utils-2.8.18.3-3.3.3.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:spacewalk-utils-2.8.18.3-3.3.3.noarch"
},
"product_reference": "spacewalk-utils-2.8.18.3-3.3.3.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-3.2.14-3.13.3.ppc64le as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:susemanager-3.2.14-3.13.3.ppc64le"
},
"product_reference": "susemanager-3.2.14-3.13.3.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-3.2.14-3.13.3.s390x as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:susemanager-3.2.14-3.13.3.s390x"
},
"product_reference": "susemanager-3.2.14-3.13.3.s390x",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-3.2.14-3.13.3.x86_64 as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:susemanager-3.2.14-3.13.3.x86_64"
},
"product_reference": "susemanager-3.2.14-3.13.3.x86_64",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-advanced-topics_en-pdf-3.2-11.12.3.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:susemanager-advanced-topics_en-pdf-3.2-11.12.3.noarch"
},
"product_reference": "susemanager-advanced-topics_en-pdf-3.2-11.12.3.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-best-practices_en-pdf-3.2-11.12.3.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:susemanager-best-practices_en-pdf-3.2-11.12.3.noarch"
},
"product_reference": "susemanager-best-practices_en-pdf-3.2-11.12.3.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-docs_en-3.2-11.12.3.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:susemanager-docs_en-3.2-11.12.3.noarch"
},
"product_reference": "susemanager-docs_en-3.2-11.12.3.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-frontend-libs-3.2.4-3.7.3.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:susemanager-frontend-libs-3.2.4-3.7.3.noarch"
},
"product_reference": "susemanager-frontend-libs-3.2.4-3.7.3.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-getting-started_en-pdf-3.2-11.12.3.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:susemanager-getting-started_en-pdf-3.2-11.12.3.noarch"
},
"product_reference": "susemanager-getting-started_en-pdf-3.2-11.12.3.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-jsp_en-3.2-11.12.3.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:susemanager-jsp_en-3.2-11.12.3.noarch"
},
"product_reference": "susemanager-jsp_en-3.2-11.12.3.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-reference_en-pdf-3.2-11.12.3.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:susemanager-reference_en-pdf-3.2-11.12.3.noarch"
},
"product_reference": "susemanager-reference_en-pdf-3.2-11.12.3.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-retail-tools-1.0.1542643545.8752d17-2.6.3.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:susemanager-retail-tools-1.0.1542643545.8752d17-2.6.3.noarch"
},
"product_reference": "susemanager-retail-tools-1.0.1542643545.8752d17-2.6.3.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-schema-3.2.15-3.13.3.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:susemanager-schema-3.2.15-3.13.3.noarch"
},
"product_reference": "susemanager-schema-3.2.15-3.13.3.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-sls-3.2.18-3.13.3.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:susemanager-sls-3.2.18-3.13.3.noarch"
},
"product_reference": "susemanager-sls-3.2.18-3.13.3.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-sync-data-3.2.10-3.9.3.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:susemanager-sync-data-3.2.10-3.9.3.noarch"
},
"product_reference": "susemanager-sync-data-3.2.10-3.9.3.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-tools-3.2.14-3.13.3.ppc64le as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:susemanager-tools-3.2.14-3.13.3.ppc64le"
},
"product_reference": "susemanager-tools-3.2.14-3.13.3.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-tools-3.2.14-3.13.3.s390x as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:susemanager-tools-3.2.14-3.13.3.s390x"
},
"product_reference": "susemanager-tools-3.2.14-3.13.3.s390x",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-tools-3.2.14-3.13.3.x86_64 as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:susemanager-tools-3.2.14-3.13.3.x86_64"
},
"product_reference": "susemanager-tools-3.2.14-3.13.3.x86_64",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tika-core-1.19.1-3.3.3.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:tika-core-1.19.1-3.3.3.noarch"
},
"product_reference": "tika-core-1.19.1-3.3.3.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-11761",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-11761"
}
],
"notes": [
{
"category": "general",
"text": "In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Proxy 3.2:spacewalk-base-minimal-2.8.7.11-3.13.3.noarch",
"SUSE Manager Proxy 3.2:spacewalk-base-minimal-config-2.8.7.11-3.13.3.noarch",
"SUSE Manager Server 3.2:apache-mybatis-3.2.3-3.3.3.noarch",
"SUSE Manager Server 3.2:cobbler-2.6.6-6.10.3.noarch",
"SUSE Manager Server 3.2:hadoop-0.18.1-3.3.3.noarch",
"SUSE Manager Server 3.2:image-sync-formula-0.1.1542287363.b8aa274-3.6.3.noarch",
"SUSE Manager Server 3.2:lucene-2.4.1-4.3.3.noarch",
"SUSE Manager Server 3.2:nekohtml-1.9.21-3.3.3.noarch",
"SUSE Manager Server 3.2:nutch-core-1.0.1-7.10.3.noarch",
"SUSE Manager Server 3.2:picocontainer-1.3.7-3.3.3.noarch",
"SUSE Manager Server 3.2:python-susemanager-retail-1.0.1542643545.8752d17-2.6.3.noarch",
"SUSE Manager Server 3.2:salt-netapi-client-0.15.0-4.3.3.noarch",
"SUSE Manager Server 3.2:saltboot-formula-0.1.1542287363.b8aa274-3.6.3.noarch",
"SUSE Manager Server 3.2:spacecmd-2.8.25.7-3.9.3.noarch",
"SUSE Manager Server 3.2:spacewalk-base-2.8.7.11-3.13.3.noarch",
"SUSE Manager Server 3.2:spacewalk-base-minimal-2.8.7.11-3.13.3.noarch",
"SUSE Manager Server 3.2:spacewalk-base-minimal-config-2.8.7.11-3.13.3.noarch",
"SUSE Manager Server 3.2:spacewalk-branding-2.8.5.12-3.10.4.ppc64le",
"SUSE Manager Server 3.2:spacewalk-branding-2.8.5.12-3.10.4.s390x",
"SUSE Manager Server 3.2:spacewalk-branding-2.8.5.12-3.10.4.x86_64",
"SUSE Manager Server 3.2:spacewalk-config-2.8.5.5-3.10.3.noarch",
"SUSE Manager Server 3.2:spacewalk-html-2.8.7.11-3.13.3.noarch",
"SUSE Manager Server 3.2:spacewalk-java-2.8.78.13-3.13.1.noarch",
"SUSE Manager Server 3.2:spacewalk-java-config-2.8.78.13-3.13.1.noarch",
"SUSE Manager Server 3.2:spacewalk-java-lib-2.8.78.13-3.13.1.noarch",
"SUSE Manager Server 3.2:spacewalk-java-oracle-2.8.78.13-3.13.1.noarch",
"SUSE Manager Server 3.2:spacewalk-java-postgresql-2.8.78.13-3.13.1.noarch",
"SUSE Manager Server 3.2:spacewalk-search-2.8.3.7-3.12.3.noarch",
"SUSE Manager Server 3.2:spacewalk-setup-2.8.7.5-3.10.3.noarch",
"SUSE Manager Server 3.2:spacewalk-taskomatic-2.8.78.13-3.13.1.noarch",
"SUSE Manager Server 3.2:spacewalk-utils-2.8.18.3-3.3.3.noarch",
"SUSE Manager Server 3.2:susemanager-3.2.14-3.13.3.ppc64le",
"SUSE Manager Server 3.2:susemanager-3.2.14-3.13.3.s390x",
"SUSE Manager Server 3.2:susemanager-3.2.14-3.13.3.x86_64",
"SUSE Manager Server 3.2:susemanager-advanced-topics_en-pdf-3.2-11.12.3.noarch",
"SUSE Manager Server 3.2:susemanager-best-practices_en-pdf-3.2-11.12.3.noarch",
"SUSE Manager Server 3.2:susemanager-docs_en-3.2-11.12.3.noarch",
"SUSE Manager Server 3.2:susemanager-frontend-libs-3.2.4-3.7.3.noarch",
"SUSE Manager Server 3.2:susemanager-getting-started_en-pdf-3.2-11.12.3.noarch",
"SUSE Manager Server 3.2:susemanager-jsp_en-3.2-11.12.3.noarch",
"SUSE Manager Server 3.2:susemanager-reference_en-pdf-3.2-11.12.3.noarch",
"SUSE Manager Server 3.2:susemanager-retail-tools-1.0.1542643545.8752d17-2.6.3.noarch",
"SUSE Manager Server 3.2:susemanager-schema-3.2.15-3.13.3.noarch",
"SUSE Manager Server 3.2:susemanager-sls-3.2.18-3.13.3.noarch",
"SUSE Manager Server 3.2:susemanager-sync-data-3.2.10-3.9.3.noarch",
"SUSE Manager Server 3.2:susemanager-tools-3.2.14-3.13.3.ppc64le",
"SUSE Manager Server 3.2:susemanager-tools-3.2.14-3.13.3.s390x",
"SUSE Manager Server 3.2:susemanager-tools-3.2.14-3.13.3.x86_64",
"SUSE Manager Server 3.2:tika-core-1.19.1-3.3.3.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-11761",
"url": "https://www.suse.com/security/cve/CVE-2018-11761"
},
{
"category": "external",
"summary": "SUSE Bug 1109235 for CVE-2018-11761",
"url": "https://bugzilla.suse.com/1109235"
},
{
"category": "external",
"summary": "SUSE Bug 1111309 for CVE-2018-11761",
"url": "https://bugzilla.suse.com/1111309"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Proxy 3.2:spacewalk-base-minimal-2.8.7.11-3.13.3.noarch",
"SUSE Manager Proxy 3.2:spacewalk-base-minimal-config-2.8.7.11-3.13.3.noarch",
"SUSE Manager Server 3.2:apache-mybatis-3.2.3-3.3.3.noarch",
"SUSE Manager Server 3.2:cobbler-2.6.6-6.10.3.noarch",
"SUSE Manager Server 3.2:hadoop-0.18.1-3.3.3.noarch",
"SUSE Manager Server 3.2:image-sync-formula-0.1.1542287363.b8aa274-3.6.3.noarch",
"SUSE Manager Server 3.2:lucene-2.4.1-4.3.3.noarch",
"SUSE Manager Server 3.2:nekohtml-1.9.21-3.3.3.noarch",
"SUSE Manager Server 3.2:nutch-core-1.0.1-7.10.3.noarch",
"SUSE Manager Server 3.2:picocontainer-1.3.7-3.3.3.noarch",
"SUSE Manager Server 3.2:python-susemanager-retail-1.0.1542643545.8752d17-2.6.3.noarch",
"SUSE Manager Server 3.2:salt-netapi-client-0.15.0-4.3.3.noarch",
"SUSE Manager Server 3.2:saltboot-formula-0.1.1542287363.b8aa274-3.6.3.noarch",
"SUSE Manager Server 3.2:spacecmd-2.8.25.7-3.9.3.noarch",
"SUSE Manager Server 3.2:spacewalk-base-2.8.7.11-3.13.3.noarch",
"SUSE Manager Server 3.2:spacewalk-base-minimal-2.8.7.11-3.13.3.noarch",
"SUSE Manager Server 3.2:spacewalk-base-minimal-config-2.8.7.11-3.13.3.noarch",
"SUSE Manager Server 3.2:spacewalk-branding-2.8.5.12-3.10.4.ppc64le",
"SUSE Manager Server 3.2:spacewalk-branding-2.8.5.12-3.10.4.s390x",
"SUSE Manager Server 3.2:spacewalk-branding-2.8.5.12-3.10.4.x86_64",
"SUSE Manager Server 3.2:spacewalk-config-2.8.5.5-3.10.3.noarch",
"SUSE Manager Server 3.2:spacewalk-html-2.8.7.11-3.13.3.noarch",
"SUSE Manager Server 3.2:spacewalk-java-2.8.78.13-3.13.1.noarch",
"SUSE Manager Server 3.2:spacewalk-java-config-2.8.78.13-3.13.1.noarch",
"SUSE Manager Server 3.2:spacewalk-java-lib-2.8.78.13-3.13.1.noarch",
"SUSE Manager Server 3.2:spacewalk-java-oracle-2.8.78.13-3.13.1.noarch",
"SUSE Manager Server 3.2:spacewalk-java-postgresql-2.8.78.13-3.13.1.noarch",
"SUSE Manager Server 3.2:spacewalk-search-2.8.3.7-3.12.3.noarch",
"SUSE Manager Server 3.2:spacewalk-setup-2.8.7.5-3.10.3.noarch",
"SUSE Manager Server 3.2:spacewalk-taskomatic-2.8.78.13-3.13.1.noarch",
"SUSE Manager Server 3.2:spacewalk-utils-2.8.18.3-3.3.3.noarch",
"SUSE Manager Server 3.2:susemanager-3.2.14-3.13.3.ppc64le",
"SUSE Manager Server 3.2:susemanager-3.2.14-3.13.3.s390x",
"SUSE Manager Server 3.2:susemanager-3.2.14-3.13.3.x86_64",
"SUSE Manager Server 3.2:susemanager-advanced-topics_en-pdf-3.2-11.12.3.noarch",
"SUSE Manager Server 3.2:susemanager-best-practices_en-pdf-3.2-11.12.3.noarch",
"SUSE Manager Server 3.2:susemanager-docs_en-3.2-11.12.3.noarch",
"SUSE Manager Server 3.2:susemanager-frontend-libs-3.2.4-3.7.3.noarch",
"SUSE Manager Server 3.2:susemanager-getting-started_en-pdf-3.2-11.12.3.noarch",
"SUSE Manager Server 3.2:susemanager-jsp_en-3.2-11.12.3.noarch",
"SUSE Manager Server 3.2:susemanager-reference_en-pdf-3.2-11.12.3.noarch",
"SUSE Manager Server 3.2:susemanager-retail-tools-1.0.1542643545.8752d17-2.6.3.noarch",
"SUSE Manager Server 3.2:susemanager-schema-3.2.15-3.13.3.noarch",
"SUSE Manager Server 3.2:susemanager-sls-3.2.18-3.13.3.noarch",
"SUSE Manager Server 3.2:susemanager-sync-data-3.2.10-3.9.3.noarch",
"SUSE Manager Server 3.2:susemanager-tools-3.2.14-3.13.3.ppc64le",
"SUSE Manager Server 3.2:susemanager-tools-3.2.14-3.13.3.s390x",
"SUSE Manager Server 3.2:susemanager-tools-3.2.14-3.13.3.x86_64",
"SUSE Manager Server 3.2:tika-core-1.19.1-3.3.3.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Manager Proxy 3.2:spacewalk-base-minimal-2.8.7.11-3.13.3.noarch",
"SUSE Manager Proxy 3.2:spacewalk-base-minimal-config-2.8.7.11-3.13.3.noarch",
"SUSE Manager Server 3.2:apache-mybatis-3.2.3-3.3.3.noarch",
"SUSE Manager Server 3.2:cobbler-2.6.6-6.10.3.noarch",
"SUSE Manager Server 3.2:hadoop-0.18.1-3.3.3.noarch",
"SUSE Manager Server 3.2:image-sync-formula-0.1.1542287363.b8aa274-3.6.3.noarch",
"SUSE Manager Server 3.2:lucene-2.4.1-4.3.3.noarch",
"SUSE Manager Server 3.2:nekohtml-1.9.21-3.3.3.noarch",
"SUSE Manager Server 3.2:nutch-core-1.0.1-7.10.3.noarch",
"SUSE Manager Server 3.2:picocontainer-1.3.7-3.3.3.noarch",
"SUSE Manager Server 3.2:python-susemanager-retail-1.0.1542643545.8752d17-2.6.3.noarch",
"SUSE Manager Server 3.2:salt-netapi-client-0.15.0-4.3.3.noarch",
"SUSE Manager Server 3.2:saltboot-formula-0.1.1542287363.b8aa274-3.6.3.noarch",
"SUSE Manager Server 3.2:spacecmd-2.8.25.7-3.9.3.noarch",
"SUSE Manager Server 3.2:spacewalk-base-2.8.7.11-3.13.3.noarch",
"SUSE Manager Server 3.2:spacewalk-base-minimal-2.8.7.11-3.13.3.noarch",
"SUSE Manager Server 3.2:spacewalk-base-minimal-config-2.8.7.11-3.13.3.noarch",
"SUSE Manager Server 3.2:spacewalk-branding-2.8.5.12-3.10.4.ppc64le",
"SUSE Manager Server 3.2:spacewalk-branding-2.8.5.12-3.10.4.s390x",
"SUSE Manager Server 3.2:spacewalk-branding-2.8.5.12-3.10.4.x86_64",
"SUSE Manager Server 3.2:spacewalk-config-2.8.5.5-3.10.3.noarch",
"SUSE Manager Server 3.2:spacewalk-html-2.8.7.11-3.13.3.noarch",
"SUSE Manager Server 3.2:spacewalk-java-2.8.78.13-3.13.1.noarch",
"SUSE Manager Server 3.2:spacewalk-java-config-2.8.78.13-3.13.1.noarch",
"SUSE Manager Server 3.2:spacewalk-java-lib-2.8.78.13-3.13.1.noarch",
"SUSE Manager Server 3.2:spacewalk-java-oracle-2.8.78.13-3.13.1.noarch",
"SUSE Manager Server 3.2:spacewalk-java-postgresql-2.8.78.13-3.13.1.noarch",
"SUSE Manager Server 3.2:spacewalk-search-2.8.3.7-3.12.3.noarch",
"SUSE Manager Server 3.2:spacewalk-setup-2.8.7.5-3.10.3.noarch",
"SUSE Manager Server 3.2:spacewalk-taskomatic-2.8.78.13-3.13.1.noarch",
"SUSE Manager Server 3.2:spacewalk-utils-2.8.18.3-3.3.3.noarch",
"SUSE Manager Server 3.2:susemanager-3.2.14-3.13.3.ppc64le",
"SUSE Manager Server 3.2:susemanager-3.2.14-3.13.3.s390x",
"SUSE Manager Server 3.2:susemanager-3.2.14-3.13.3.x86_64",
"SUSE Manager Server 3.2:susemanager-advanced-topics_en-pdf-3.2-11.12.3.noarch",
"SUSE Manager Server 3.2:susemanager-best-practices_en-pdf-3.2-11.12.3.noarch",
"SUSE Manager Server 3.2:susemanager-docs_en-3.2-11.12.3.noarch",
"SUSE Manager Server 3.2:susemanager-frontend-libs-3.2.4-3.7.3.noarch",
"SUSE Manager Server 3.2:susemanager-getting-started_en-pdf-3.2-11.12.3.noarch",
"SUSE Manager Server 3.2:susemanager-jsp_en-3.2-11.12.3.noarch",
"SUSE Manager Server 3.2:susemanager-reference_en-pdf-3.2-11.12.3.noarch",
"SUSE Manager Server 3.2:susemanager-retail-tools-1.0.1542643545.8752d17-2.6.3.noarch",
"SUSE Manager Server 3.2:susemanager-schema-3.2.15-3.13.3.noarch",
"SUSE Manager Server 3.2:susemanager-sls-3.2.18-3.13.3.noarch",
"SUSE Manager Server 3.2:susemanager-sync-data-3.2.10-3.9.3.noarch",
"SUSE Manager Server 3.2:susemanager-tools-3.2.14-3.13.3.ppc64le",
"SUSE Manager Server 3.2:susemanager-tools-3.2.14-3.13.3.s390x",
"SUSE Manager Server 3.2:susemanager-tools-3.2.14-3.13.3.x86_64",
"SUSE Manager Server 3.2:tika-core-1.19.1-3.3.3.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-07T12:25:18Z",
"details": "low"
}
],
"title": "CVE-2018-11761"
}
]
}
gsd-2018-11761
Vulnerability from gsd
Modified
2023-12-13 01:22
Details
In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-11761",
"description": "In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack.",
"id": "GSD-2018-11761",
"references": [
"https://www.suse.com/security/cve/CVE-2018-11761.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-11761"
],
"details": "In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack.",
"id": "GSD-2018-11761",
"modified": "2023-12-13T01:22:41.795877Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2018-09-19T00:00:00",
"ID": "CVE-2018-11761",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Tika",
"version": {
"version_data": [
{
"version_value": "0.1 to 1.18"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service via XML Entity Expansion"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105514",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105514"
},
{
"name": "[tika-dev] 20180919 [CVE-2018-11761] Apache Tika DoS XML Entity Expansion Vulnerability",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/5553e10bba5604117967466618f219c0cae710075819c70cfb3fb421@%3Cdev.tika.apache.org%3E"
},
{
"name": "[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "[0.1,1.19.1)",
"affected_versions": "All versions starting from 0.1 before 1.19.1",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-611",
"CWE-937"
],
"date": "2021-09-02",
"description": "In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack.",
"fixed_versions": [
"1.19.1"
],
"identifier": "CVE-2018-11761",
"identifiers": [
"GHSA-6jq2-789q-fff2",
"CVE-2018-11761"
],
"not_impacted": "All versions before 0.1, all versions starting from 1.19.1",
"package_slug": "maven/org.apache.tika/tika-core",
"pubdate": "2018-10-17",
"solution": "Upgrade to version 1.19.1 or above.",
"title": "Improper Restriction of XML External Entity Reference",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2018-11761",
"https://github.com/advisories/GHSA-6jq2-789q-fff2",
"https://lists.apache.org/thread.html/5553e10bba5604117967466618f219c0cae710075819c70cfb3fb421@%3Cdev.tika.apache.org%3E",
"https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E",
"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"http://www.securityfocus.com/bid/105514"
],
"uuid": "6d06d421-6df4-402e-b2fe-51060602046f"
},
{
"affected_range": "[0.1,1.18]",
"affected_versions": "All versions starting from 0.1 up to 1.18",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-611",
"CWE-937"
],
"date": "2019-11-12",
"description": "In Apache Tika, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a DoS.",
"fixed_versions": [
"1.19"
],
"identifier": "CVE-2018-11761",
"identifiers": [
"CVE-2018-11761"
],
"not_impacted": "All versions before 0.1, all versions after 1.18",
"package_slug": "maven/org.apache.tika/tika-parsers",
"pubdate": "2018-09-19",
"solution": "Upgrade to version 1.19 or above.",
"title": "Improper Restriction of XML External Entity Reference",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2018-11761",
"http://www.securityfocus.com/bid/105514"
],
"uuid": "8cf24d45-cb25-4695-83aa-6abaee4a9a5a"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:tika:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.18",
"versionStartIncluding": "0.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2018-11761"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[tika-dev] 20180919 [CVE-2018-11761] Apache Tika DoS XML Entity Expansion Vulnerability",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/5553e10bba5604117967466618f219c0cae710075819c70cfb3fb421@%3Cdev.tika.apache.org%3E"
},
{
"name": "105514",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105514"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2019-11-12T20:15Z",
"publishedDate": "2018-09-19T14:29Z"
}
}
}
ghsa-6jq2-789q-fff2
Vulnerability from github
Published
2018-10-17 15:49
Modified
2021-09-02 16:41
Severity ?
VLAI Severity ?
Summary
High severity vulnerability that affects org.apache.tika:tika-core
Details
In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tika:tika-core"
},
"ranges": [
{
"events": [
{
"introduced": "0.1"
},
{
"fixed": "1.19.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2018-11761"
],
"database_specific": {
"cwe_ids": [
"CWE-611"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T21:19:32Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack.",
"id": "GHSA-6jq2-789q-fff2",
"modified": "2021-09-02T16:41:17Z",
"published": "2018-10-17T15:49:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11761"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-6jq2-789q-fff2"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/5553e10bba5604117967466618f219c0cae710075819c70cfb3fb421@%3Cdev.tika.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E"
},
{
"type": "WEB",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/105514"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "High severity vulnerability that affects org.apache.tika:tika-core"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…