openSUSE-SU-2022:0038-1

Import Source

JSON Data

https://api.osv.dev/v1/vulns/openSUSE-SU-2022:0038-1

Related

Published

2022-02-16T14:29:17Z

Modified

2022-02-16T14:29:17Z

Summary

Security update for kafka

Details

This update for kafka, kafka-kit fixes following issues:

Remove JDBCAppender, JMSSink, chainsaw from log4j jars during build to prevent bsc#1194842, CVE-2022-23302, bsc#1194843, CVE-2022-23305, bsc#1194844, CVE-2022-23307
Rebuild with kafka-kit change to Remove JMSAppender from log4j jars during build to prevent bsc#1193662, CVE-2021-4104

References

Affected packages

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.1.0-bp153.2.6.1

{
    "binaries": [
        {
            "kafka-source": "2.1.0-bp153.2.6.1",
            "kafka-kit": "2.1.0-bp153.2.6.1"
        }
    ]
}

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.1.0-bp153.2.6.1

{
    "binaries": [
        {
            "kafka-source": "2.1.0-bp153.2.6.1",
            "kafka-kit": "2.1.0-bp153.2.6.1"
        }
    ]
}

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.1.0-bp153.2.6.1

{
    "binaries": [
        {
            "kafka-source": "2.1.0-bp153.2.6.1",
            "kafka-kit": "2.1.0-bp153.2.6.1"
        }
    ]
}

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.1.0-bp153.2.6.1

{
    "binaries": [
        {
            "kafka-source": "2.1.0-bp153.2.6.1",
            "kafka-kit": "2.1.0-bp153.2.6.1"
        }
    ]
}