English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.18.2.2024.0726.1
Category:openSUSE Local Security Checks
Title:openSUSE Security Advisory (SUSE-SU-2024:0726-1)
Summary:The remote host is missing an update for the 'Java' package(s) announced via the SUSE-SU-2024:0726-1 advisory.
Description:Summary:
The remote host is missing an update for the 'Java' package(s) announced via the SUSE-SU-2024:0726-1 advisory.

Vulnerability Insight:
This update for Java fixes the following issues:

apache-commons-codec was updated to version 1.16.1:

- Changes in version 1.16.1:

* New features:

+ Added Maven property project.build.outputTimestamp for build reproducibility

* Bugs fixed:

+ Correct error in Base64 Javadoc
+ Added minimum Java version in changes.xml
+ Documentation update for the org.apache.commons.codec.digest.* package
+ Precompile regular expression in UnixCrypt.crypt(byte[], String)
+ Fixed possible IndexOutOfBoundException in PhoneticEngine.encode method
+ Fixed possible ArrayIndexOutOfBoundsException in QuotedPrintableCodec.encodeQuotedPrintable() method
+ Fixed possible StringIndexOutOfBoundException in MatchRatingApproachEncoder.encode() method
+ Fixed possible ArrayIndexOutOfBoundException in RefinedSoundex.getMappingCode()
+ Fixed possible IndexOutOfBoundsException in PercentCodec.insertAlwaysEncodeChars() method
+ Deprecated UnixCrypt 0-argument constructor
+ Deprecated Md5Crypt 0-argument constructor
+ Deprecated Crypt 0-argument constructor
+ Deprecated StringUtils 0-argument constructor
+ Deprecated Resources 0-argument constructor
+ Deprecated Charsets 0-argument constructor
+ Deprecated CharEncoding 0-argument constructor

- Changes in version 1.16.0:

* Remove duplicated words from Javadocs
* Use Standard Charset object
* Use String.contains() functions
* Avoid use toString() or substring() in favor of a simplified expression
* Fixed byte-skipping in Base16 decoding
* Fixed several typos, improve writing in some javadocs
* BaseNCodecOutputStream.eof() should not throw IOException.
* Javadoc improvements and cleanups.
* Deprecated BaseNCodec.isWhiteSpace(byte) and use Character.isWhitespace(int).
* Added support for Blake3 family of hashes
* Added github/codeql-action
* Bump actions/cache from v2 to v3.0.10
* Bump actions/setup-java from v1.4.1 to 3.5.1
* Bump actions/checkout from 2.3.2 to 3.1.0
* Bump commons-parent from 52 to 58
* Bump junit from 4.13.1 to 5.9.1
* Bump Java 7 to 8.
* Bump japicmp-maven-plugin from 0.14.3 to 0.17.1.
* Bump jacoco-maven-plugin from 0.8.5 to 0.8.8 (Fixes Java 15 builds).
* Bump maven-surefire-plugin from 2.22.2 to 3.0.0-M7
* Bump maven-javadoc-plugin from 3.2.0 to 3.4.1.
* Bump animal-sniffer-maven-plugin from 1.19 to 1.22.
* Bump maven-pmd-plugin from 3.13.0 to 3.19.0
* Bump pmd from 6.47.0 to 6.52.0.
* Bump maven-checkstyle-plugin from 2.17 to 3.2.0
* Bump checkstyle from 8.45.1 to 9.3
* Bump taglist-maven-plugin from 2.4 to 3.0.0
* Bump jacoco-maven-plugin from 0.8.7 to 0.8.8.

apache-commons-compress was updated to version 1.26:

- Changes in version 1.26:

* Security issues fixed:

+ CVE-2024-26308: Fixed allocation of Resources Without Limits or Throttling vulnerability in
Apache Commons Compress (bsc#1220068)
+ CVE-2024-25710: Fixed loop with Unreachable Exit Condition ('Infinite Loop') ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'Java' package(s) on openSUSE Leap 15.5.

Solution:
Please install the updated package(s).

CVSS Score:
4.9

CVSS Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2024-25710
https://lists.apache.org/thread/cz8qkcwphy4cx8gltn932ln51cbtq6kf
http://www.openwall.com/lists/oss-security/2024/02/19/1
Common Vulnerability Exposure (CVE) ID: CVE-2024-26308
https://lists.apache.org/thread/ch5yo2d21p7vlqrhll9b17otbyq4npfg
http://www.openwall.com/lists/oss-security/2024/02/19/2
CopyrightCopyright (C) 2025 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.