An update for woodstox-core is now available for openEuler-22.03-LTS-SP1,openEuler-24.03-LTS,openEuler-22.03-LTS-SP4,openEuler-22.03-LTS-SP3,openEuler-20.03-LTS-SP4 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2024-2378 Final 1.0 1.0 2024-11-15 Initial 2024-11-15 2024-11-15 openEuler SA Tool V1.0 2024-11-15 woodstox-core security update An update for woodstox-core is now available for openEuler-22.03-LTS-SP1,openEuler-24.03-LTS,openEuler-22.03-LTS-SP4,openEuler-22.03-LTS-SP3,openEuler-20.03-LTS-SP4 Woodstox is a high-performance validating namespace-aware StAX-compliant (JSR-173) Open Source XML-processor written in Java. XML processor means that it handles both input (== parsing) and output (== writing, serialization)), as well as supporting tasks such as validation. Security Fix(es): Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks (DOS) if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.(CVE-2022-40152) An update for woodstox-core is now available for openEuler-22.03-LTS-SP1,openEuler-24.03-LTS,openEuler-22.03-LTS-SP4,openEuler-22.03-LTS-SP3,openEuler-20.03-LTS-SP4. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High woodstox-core https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2378 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-40152 https://nvd.nist.gov/vuln/detail/CVE-2022-40152 openEuler-22.03-LTS-SP1 openEuler-24.03-LTS openEuler-22.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-20.03-LTS-SP4 woodstox-core-5.0.3-2.oe2203sp1.noarch.rpm woodstox-core-javadoc-5.0.3-2.oe2203sp1.noarch.rpm woodstox-core-6.2.8-2.oe2403.noarch.rpm woodstox-core-javadoc-6.2.8-2.oe2403.noarch.rpm woodstox-core-5.0.3-2.oe2203sp4.noarch.rpm woodstox-core-javadoc-5.0.3-2.oe2203sp4.noarch.rpm woodstox-core-5.0.3-2.oe2203sp3.noarch.rpm woodstox-core-javadoc-5.0.3-2.oe2203sp3.noarch.rpm woodstox-core-5.0.3-2.oe2003sp4.noarch.rpm woodstox-core-javadoc-5.0.3-2.oe2003sp4.noarch.rpm woodstox-core-5.0.3-2.oe2203sp1.src.rpm woodstox-core-6.2.8-2.oe2403.src.rpm woodstox-core-5.0.3-2.oe2203sp4.src.rpm woodstox-core-5.0.3-2.oe2203sp3.src.rpm woodstox-core-5.0.3-2.oe2003sp4.src.rpm Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks (DOS) if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack. 2024-11-15 CVE-2022-40152 openEuler-22.03-LTS-SP1 openEuler-24.03-LTS openEuler-22.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-20.03-LTS-SP4 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H woodstox-core security update 2024-11-15 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2378