SUSE-SU-2023:3090-1

Details

This update for guava fixes the following issues:

Upgrade to guava 32.0.1:

CVE-2020-8908: Fixed predictable temporary files and directories used in FileBackedOutputStream (bsc#1179926).
CVE-2023-2976: Fixed a temp directory creation vulnerability (bsc#1212401).

Affected Packages

guava

SUSE Linux Enterprise Module for Development Tools 15 SP4SUSE Linux Enterprise Module for Development Tools 15 SP5SUSE Linux Enterprise Real Time 15 SP3openSUSE Leap 15.4openSUSE Leap 15.5

Fixed in:

32.0.1-150200.3.7.1

guava-javadoc

openSUSE Leap 15.4openSUSE Leap 15.5

Fixed in:

32.0.1-150200.3.7.1

guava-testlib

openSUSE Leap 15.4openSUSE Leap 15.5

Fixed in:

32.0.1-150200.3.7.1

References

REPORT