Security update for apache-commons-compress
This update for apache-commons-compress fixes the following issues:
- Updated to 1.21
- CVE-2021-35515: Fixed an infinite loop when reading a specially crafted 7Z archive. (bsc#1188463)
- CVE-2021-35516: Fixed an excessive memory allocation when reading a specially crafted 7Z archive. (bsc#1188464)
- CVE-2021-35517: Fixed an excessive memory allocation when reading a specially crafted TAR archive. (bsc#1188465)
- CVE-2021-36090: Fixed an excessive memory allocation when reading a specially crafted ZIP archive. (bsc#1188466)
This update was imported from the SUSE:SLE-15-SP2:Update update project.
-
Submitted by
Fridrich Strba (fstrba)
Fixed bugs
bnc#1188465
VUL-0: CVE-2021-35517: apache-commons-compress: excessive memory allocation when reading a specially crafted TAR archive
bnc#1188464
VUL-0: CVE-2021-35516: apache-commons-compress: excessive memory allocation when reading a specially crafted 7Z archive
bnc#1188466
VUL-0: CVE-2021-36090: apache-commons-compress: excessive memory allocation when reading a specially crafted ZIP archive
bnc#1188463
VUL-0: CVE-2021-35515: apache-commons-compress: infinite loop when reading a specially crafted 7Z archive
