openSUSE Local Security Checks : openSUSE Security Advisory (SUSE-SU-2024:2568-1)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.18.2.2024.2568.1

Kategorie: openSUSE Local Security Checks

Titel: openSUSE Security Advisory (SUSE-SU-2024:2568-1)

Zusammenfassung: The remote host is missing an update for the 'mockito, snakeyaml, testng' package(s) announced via the SUSE-SU-2024:2568-1 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'mockito, snakeyaml, testng' package(s) announced via the SUSE-SU-2024:2568-1 advisory.

Vulnerability Insight:
This update for mockito, snakeyaml, testng fixes the following issues:

mockito was updated to version 5.11.0:

- Added bundle manifest to the mockito-core artifact
- Mockito 5 is making core changes to ensure compatibility with future JDK versions.
- Switch the Default MockMaker to mockito-inline (not applicable to mockito-android)

* Mockito 2.7.6 introduced the mockito-inline mockmaker based on the 'inline bytecode' principle, offering
compatibility advantages over the subclass mockmaker
* This change avoids JDK restrictions, such as violating module boundaries and leaking subclass creation

- Legitimate use cases for the subclass mockmaker:

* Scenarios where the inline mockmaker does not function, such as on Graal VM's native image
* If avoiding mocking final classes, the subclass mockmaker remains a viable option, although issues may arise on
JDK 17+
* Mockito aims to support both mockmakers, allowing users to choose based on their requirements.

- Update the Minimum Supported Java Version to 11

* Mockito 5 raised the minimum supported Java version to 11
* Community member @reta contributed to this change.
* Users still on JDK 8 can continue using Mockito 4, with minimal API differences between versions

- New type() Method on ArgumentMatcher

* The ArgumentMatcher interface now includes a new type() method to support varargs methods, addressing previous
limitations
* Users can now differentiate between matching calls with any exact number of arguments or match any number of
arguments
* Mockito 5 provides a default implementation of the new method, ensuring backward compatibility.
* No obligation for users to implement the new method, Mockito 5 considers Void.type by default for varargs handling
* ArgumentCaptor is now fully type-aware, enabling capturing specific subclasses on a generic method.

- byte-buddy does not bundle asm, but uses objectweb-asm as external library

snake-yaml was updated to version 2.2:

- Changes of version 2.2:

* Define default scalar style as PLAIN (for polyglot Maven)
* Add missing 'exports org.yaml.snakeyaml.inspector' to module-info.java

- Changes of version 2.1:

* Heavy Allocation in Emitter.analyzeScalar(String) due to Regex Overhead
* Use identity in toString() for sequences to avoid OutOfMemoryError
* NumberFormatException from SnakeYAML due to int overflow for corrupt YAML version
* Document size limit should be applied to single document notthe whole input stream
* Detect invalid Unicode code point (thanks to Tatu Saloranta)
* Remove Trusted*Inspector classes from main sources tree

- Changes of version 2.0:

* Rollback to Java 7 target
* Add module-info.java
* Migrate to Java 8
* Remove many deprecated constructors
* Remove long deprecated methods in FlowStyle
* Do not allow global tags by default
* Yaml.LoadAs() signature to support Class type instead of Class
* ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'mockito, snakeyaml, testng' package(s) on openSUSE Leap 15.5, openSUSE Leap 15.6.

Solution:
Please install the updated package(s).

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2022-4065
https://github.com/cbeust/testng/commit/9150736cd2c123a6a3b60e6193630859f9f0422b
https://github.com/cbeust/testng/pull/2806
https://github.com/cbeust/testng/releases/tag/7.7.1
https://vuldb.com/?ctiid.214027
https://vuldb.com/?id.214027

Copyright Copyright (C) 2025 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.18.2.2024.2568.1
Kategorie:	openSUSE Local Security Checks
Titel:	openSUSE Security Advisory (SUSE-SU-2024:2568-1)
Zusammenfassung:	The remote host is missing an update for the 'mockito, snakeyaml, testng' package(s) announced via the SUSE-SU-2024:2568-1 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'mockito, snakeyaml, testng' package(s) announced via the SUSE-SU-2024:2568-1 advisory. Vulnerability Insight: This update for mockito, snakeyaml, testng fixes the following issues: mockito was updated to version 5.11.0: - Added bundle manifest to the mockito-core artifact - Mockito 5 is making core changes to ensure compatibility with future JDK versions. - Switch the Default MockMaker to mockito-inline (not applicable to mockito-android) * Mockito 2.7.6 introduced the mockito-inline mockmaker based on the 'inline bytecode' principle, offering compatibility advantages over the subclass mockmaker * This change avoids JDK restrictions, such as violating module boundaries and leaking subclass creation - Legitimate use cases for the subclass mockmaker: * Scenarios where the inline mockmaker does not function, such as on Graal VM's native image * If avoiding mocking final classes, the subclass mockmaker remains a viable option, although issues may arise on JDK 17+ * Mockito aims to support both mockmakers, allowing users to choose based on their requirements. - Update the Minimum Supported Java Version to 11 * Mockito 5 raised the minimum supported Java version to 11 * Community member @reta contributed to this change. * Users still on JDK 8 can continue using Mockito 4, with minimal API differences between versions - New type() Method on ArgumentMatcher * The ArgumentMatcher interface now includes a new type() method to support varargs methods, addressing previous limitations * Users can now differentiate between matching calls with any exact number of arguments or match any number of arguments * Mockito 5 provides a default implementation of the new method, ensuring backward compatibility. * No obligation for users to implement the new method, Mockito 5 considers Void.type by default for varargs handling * ArgumentCaptor is now fully type-aware, enabling capturing specific subclasses on a generic method. - byte-buddy does not bundle asm, but uses objectweb-asm as external library snake-yaml was updated to version 2.2: - Changes of version 2.2: * Define default scalar style as PLAIN (for polyglot Maven) * Add missing 'exports org.yaml.snakeyaml.inspector' to module-info.java - Changes of version 2.1: * Heavy Allocation in Emitter.analyzeScalar(String) due to Regex Overhead * Use identity in toString() for sequences to avoid OutOfMemoryError * NumberFormatException from SnakeYAML due to int overflow for corrupt YAML version * Document size limit should be applied to single document notthe whole input stream * Detect invalid Unicode code point (thanks to Tatu Saloranta) * Remove TrustedInspector classes from main sources tree - Changes of version 2.0: Rollback to Java 7 target * Add module-info.java * Migrate to Java 8 * Remove many deprecated constructors * Remove long deprecated methods in FlowStyle * Do not allow global tags by default * Yaml.LoadAs() signature to support Class type instead of Class * ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'mockito, snakeyaml, testng' package(s) on openSUSE Leap 15.5, openSUSE Leap 15.6. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2022-4065 https://github.com/cbeust/testng/commit/9150736cd2c123a6a3b60e6193630859f9f0422b https://github.com/cbeust/testng/pull/2806 https://github.com/cbeust/testng/releases/tag/7.7.1 https://vuldb.com/?ctiid.214027 https://vuldb.com/?id.214027
Copyright	Copyright (C) 2025 Greenbone AG