Bugzilla – Bug 1144510
VUL-0: CVE-2019-10093: tika-core: Denial of Service in Apache Tika's 2003ml and 2006ml Parsers
Last modified: 2021-02-11 15:52:28 UTC
CVE-2019-10093 In Apache Tika 1.19 to 1.21, a carefully crafted 2003ml or 2006ml file could consume all available SAXParsers in the pool and lead to very long hangs. Apache Tika users should upgrade to 1.22 or later. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10093 http://seclists.org/oss-sec/2019/q3/111 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10093 https://lists.apache.org/thread.html/a5a44eff1b9eda3bc69d22943a1030c43d376380c75d3ab04d0c1a21@%3Cdev.tika.apache.org%3E
Vulnerable code streams: SUSE:SLE-12-SP2:Update:Products:Manager31:Update tika-core 1.20 SUSE:SLE-12-SP3:Update:Products:Manager32:Update tika-core 1.20 SUSE:SLE-15-SP1:Update:Products:Manager40:Update tika-core 1.20
Problem fixed. tika-core upgraded to 1.22. Will be shipped with next maintenance updates.
SUSE Manager 3.1 is out of support. Patches will be included only for 3.2 and 4.0, as well as Uyuni (our upstream project).
SUSE-RU-2019:2522-1: An update that has 25 recommended fixes can now be installed. Category: recommended (moderate) Bug References: 1093381,1096426,1135957,1137229,1138454,1140644,1141661,1142309,1142764,1142774,1142793,1143016,1143562,1144500,1144510,1144515,1144889,1145086,1145119,1146416,1146419,1146869,1146895,1147126,1149409 CVE References: Sources used: SUSE Manager Server 3.2 (src): release-notes-susemanager-3.2.11-6.41.1 SUSE Manager Proxy 3.2 (src): release-notes-susemanager-proxy-3.2.11-0.16.33.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2019:2521-1: An update that solves three vulnerabilities and has 21 fixes is now available. Category: security (moderate) Bug References: 1093381,1096426,1135957,1137229,1138454,1140644,1141661,1142309,1142764,1142774,1143016,1143562,1144500,1144510,1144515,1144889,1145086,1145119,1146416,1146419,1146869,1146895,1147126,1149409 CVE References: CVE-2019-10088,CVE-2019-10093,CVE-2019-10094 Sources used: SUSE Manager Server 3.2 (src): cobbler-2.6.6-6.22.1, pgjdbc-ng-0.7.1-2.6.1, py26-compat-salt-2016.11.10-6.32.1, spacecmd-2.8.25.11-3.23.1, spacewalk-backend-2.8.57.19-3.39.2, spacewalk-branding-2.8.5.16-3.22.1, spacewalk-client-tools-2.8.22.5-3.6.1, spacewalk-java-2.8.78.24-3.38.1, spacewalk-setup-2.8.7.8-3.19.1, spacewalk-utils-2.8.18.5-3.9.1, spacewalk-web-2.8.7.19-3.36.1, susemanager-3.2.20-3.31.2, susemanager-docs_en-3.2-11.32.1, susemanager-schema-3.2.21-3.31.1, susemanager-sls-3.2.27-3.35.1, tika-core-1.22-3.9.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-RU-2019:2917-1: An update that has 61 recommended fixes can now be installed. Category: recommended (moderate) Bug References: 1133429,1135442,1136959,1138358,1138454,1142309,1142764,1142774,1143016,1143562,1143789,1144300,1144500,1144510,1144515,1144889,1145086,1145119,1145551,1145587,1145626,1145744,1145750,1145753,1145758,1145769,1145873,1146416,1146419,1146683,1146869,1148169,1149075,1149210,1149353,1149409,1149425,1149633,1150113,1150154,1150180,1150216,1150314,1150320,1150729,1151097,1151280,1151399,1151467,1151666,1151875,1152170,1152290,1152514,1152735,1153277,1153578,1154275,1155503,1155656,1155794 CVE References: Sources used: SUSE Manager Server 4.0 (src): release-notes-susemanager-4.0.3-3.29.1 SUSE Manager Retail Branch Server 4.0 (src): release-notes-susemanager-proxy-4.0.3-0.16.20.1 SUSE Manager Proxy 4.0 (src): release-notes-susemanager-proxy-4.0.3-0.16.20.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src): release-notes-susemanager-4.0.3-3.29.1, release-notes-susemanager-proxy-4.0.3-0.16.20.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2019:2930-1: An update that solves three vulnerabilities and has 56 fixes is now available. Category: security (moderate) Bug References: 1133429,1135442,1136959,1138358,1138454,1142309,1142764,1142774,1143016,1143562,1143789,1144300,1144500,1144510,1144515,1144889,1145086,1145119,1145551,1145587,1145626,1145744,1145750,1145753,1145758,1145769,1145873,1146416,1146419,1146683,1146869,1148169,1149075,1149210,1149353,1149409,1149425,1149633,1150113,1150154,1150180,1150314,1150729,1151097,1151280,1151399,1151467,1151481,1151666,1151875,1152170,1152290,1152514,1152735,1153277,1153578,1154275,1155656,1155794 CVE References: CVE-2019-10088,CVE-2019-10093,CVE-2019-10094 Sources used: SUSE Linux Enterprise Module for SUSE Manager Server 4.0 (src): cobbler-3.0.0+git20190806.32c4bae0-7.3.7, cpu-mitigations-formula-0.1-4.6.7, mgr-osad-4.0.10-3.6.8, patterns-suse-manager-4.0-9.3.8, pgjdbc-ng-0.7.1-3.3.8, prometheus-exporters-formula-0.4-3.3.7, pxe-default-image-sle15-4.0.0-20191106084601, py26-compat-salt-2016.11.10-10.8.8, python-susemanager-retail-1.0.1568808472.be9f236-3.6.7, python-urlgrabber-3.10.2.1py2_3-6.22.6, spacecmd-4.0.16-3.6.7, spacewalk-admin-4.0.8-3.3.8, spacewalk-backend-4.0.27-3.13.9, spacewalk-branding-4.0.14-3.6.8, spacewalk-certs-tools-4.0.12-3.6.8, spacewalk-client-tools-4.0.10-3.6.8, spacewalk-config-4.0.13-3.3.7, spacewalk-java-4.0.25-3.10.5, spacewalk-setup-4.0.11-3.6.7, spacewalk-utils-4.0.13-3.6.8, spacewalk-web-4.0.16-3.9.8, susemanager-4.0.17-3.6.9, susemanager-doc-indexes-4.0-10.9.8, susemanager-docs_en-4.0-10.9.7, susemanager-schema-4.0.16-3.8.5, susemanager-sls-4.0.22-3.10.4, susemanager-sync-data-4.0.13-3.6.7, tika-core-1.22-3.3.7, virtual-host-gatherer-1.0.19-3.3.8 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-RU-2019:3350-1: An update that has 154 recommended fixes can now be installed. Category: recommended (moderate) Bug References: 1104949,1109639,1111371,1113160,1116869,1118175,1122559,1130040,1131556,1132076,1133429,1134677,1134708,1134860,1135360,1135380,1135442,1136476,1136480,1136561,1136857,1136959,1137144,1137229,1137244,1137308,1137881,1137882,1137952,1137955,1137965,1138127,1138130,1138268,1138275,1138313,1138358,1138364,1138454,1138586,1138655,1138822,1139453,1139493,1139693,1140644,1141598,1141663,1142038,1142309,1142764,1142774,1143016,1143204,1143562,1143638,1143789,1143856,1144155,1144300,1144500,1144510,1144515,1144889,1145086,1145119,1145551,1145584,1145587,1145591,1145608,1145626,1145744,1145750,1145753,1145755,1145758,1145769,1145873,1146411,1146416,1146419,1146443,1146683,1146869,1147126,1148125,1148169,1148177,1148311,1148352,1148457,1148714,1149075,1149210,1149343,1149353,1149409,1149425,1149633,1149741,1150113,1150154,1150180,1150216,1150314,1150320,1150657,1150729,1151097,1151280,1151399,1151467,1151666,1151875,1151888,1152170,1152290,1152298,1152514,1152722,1152735,1153090,1153181,1153277,1153578,1153613,1154275,1154474,1154586,1154868,1154968,1155030,1155295,1155455,1155656,1155794,1155800,1155899,1156173,1156176,1156397,1156521,1156526,1156574,1157034,1157141,1157473,1158002,1158012,1158564,1158963,1159023,1159206 CVE References: Sources used: SUSE Manager Server 4.0 (src): release-notes-susemanager-4.0.4-3.35.1 SUSE Manager Retail Branch Server 4.0 (src): release-notes-susemanager-proxy-4.0.4-0.16.23.1 SUSE Manager Proxy 4.0 (src): release-notes-susemanager-proxy-4.0.4-0.16.23.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src): release-notes-susemanager-4.0.4-3.35.1, release-notes-susemanager-proxy-4.0.4-0.16.23.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.