SUSE SLED15: antlr3-bootstrap-tool / antlr3-java / antlr3-java-javadoc / etc (SUSE-SU-2023:2097-1)

medium Nessus Plugin ID 175367

Language:

Synopsis

The remote SUSE host is missing a security update.

Description

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2097-1 advisory.

maven:

- Version update from 3.8.5 to 3.8.6 (jsc#SLE-23217):
* Security fixes:
- CVE-2021-42550: Update Version of (optional) Logback (bsc#1193795)
* Bug fixes:
- Fix resolver session containing non-MavenWorkspaceReader
- Fix for multiple maven instances working on same source tree that can lock each other
- Don't ignore bin/ otherwise bin/ in apache-maven module cannot be added back
- Fix IllegalStateException in SessionScope during guice injection in multithreaded build
- Revert MNG-7347 (SessionScoped beans should be singletons for a given session)
- Fix compilation failure with relocated transitive dependency
- Fix deadlock during forked lifecycle executions
- Fix issue with resolving dependencies between submodules
* New features and improvements:
- Create a multiline message helper for boxed log messages
- Display a warning when an aggregator mojo is locking other mojo executions
- Align Assembly Descriptor NS versions
* Dependency upgrades:
- Upgrade SLF4J to 1.7.36
- Upgrade JUnit to 4.13.2
- Upgrade Plexus Utils to 3.3.1
- Move mvn.1 from bin to man directory

antlr3:

- Bug fixes in this version update from 3.5.2 to 3.5.3 (jsc#SLE-23217):
* Change source compatibility to 1.8 and enable github workflows
* Change Wiki URLs to theantlrguy.atlassian.net in README.txt
* Add Bazel support
- Remove enforcer plugin as it is not needed in a controlled environment

minlog:

- Bug fixes in this version update from 1.3.0 to 1.3.1 (jsc#SLE-23217):
* Use currentTimeMillis
* Use 3-Clause BSD
* Use Java 7 JDK.

sbt:

- Fix build issues with maven 3.8.6 (jsc#SLE-23217)

xmvn:

- Remove RPM package build dependency on easymock (jsc#SLE-23217)

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1193795

https://www.suse.com/security/cve/CVE-2021-42550

http://www.nessus.org/u?270d3d15

Plugin Details

Severity: Medium

ID: 175367

File Name: suse_SU-2023-2097-1.nasl

Version: 1.3

Type: Local

Agent: unix

Published: 5/10/2023

Updated: 6/25/2026

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

Percentile: 57.15

CVSS v2

Risk Factor: High

Base Score: 8.5

Temporal Score: 6.7

Vector: CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2021-42550

CVSS v3

Risk Factor: Medium

Base Score: 6.6

Temporal Score: 5.9

Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:xmvn-mojo, p-cpe:/a:novell:suse_linux:xmvn, p-cpe:/a:novell:suse_linux:xmvn-install, p-cpe:/a:novell:suse_linux:xmvn-resolve, p-cpe:/a:novell:suse_linux:xmvn-api, p-cpe:/a:novell:suse_linux:xmvn-minimal, cpe:/o:novell:suse_linux:15, p-cpe:/a:novell:suse_linux:maven-lib, p-cpe:/a:novell:suse_linux:maven, p-cpe:/a:novell:suse_linux:xmvn-core, p-cpe:/a:novell:suse_linux:xmvn-subst, p-cpe:/a:novell:suse_linux:xmvn-connector, p-cpe:/a:novell:suse_linux:minlog

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/4/2023

Vulnerability Publication Date: 12/16/2021

Reference Information

CVE: CVE-2021-42550

SuSE: SUSE-SU-2023:2097-1