Recommended update for apache-commons-ioSUSE Patchsecurity@suse.deSUSE Security TeamSUSE-RU-2025:1150-1Final112025-04-07T07:47:08Zcurrent2025-04-07T07:47:08Z2025-04-07T07:47:08Zcve-database/bin/generate-cvrf.pl2017-02-24T01:00:00ZRecommended update for apache-commons-ioThis update for apache-commons-io fixes the following issues: apache-commons-io was updated from version 2.15.1 to 2.18.0: - Key changes across versions: * Cleaner code and updated dependencies * Improved security when handling serialized data with the new safe deserialization feature * New features for advanced file and stream operations * Various bugs were fixed to improve reliability with fewer crashes and unexpected errors * For the full list of changes please consult the packaged RELEASE-NOTES.txt - Already fixed in previous version: * CVE-2024-47554: Untrusted input to XmlStreamReader can lead to uncontrolled resource consumption (bsc#1231298) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).Container bci/openjdk-devel:17-2025-1150,Container bci/openjdk-devel:latest-2025-1150,Container suse/manager/5.0/x86_64/server:latest-2025-1150,Container suse/multi-linux-manager/5.1/x86_64/server:latest-2025-1150,Image SLES15-SP4-Manager-Server-4-3-BYOS-2025-1150,Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure-2025-1150,Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2-2025-1150,Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE-2025-1150,Image server-image-2025-1150,SUSE-2025-1150,SUSE-SLE-Module-Basesystem-15-SP6-2025-1150,SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-1150,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-1150,SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-1150,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-1150,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-1150,SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-1150,SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1150,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-1150,SUSE-SLE-Product-SLES_SAP-15-SP3-2025-1150,SUSE-SLE-Product-SLES_SAP-15-SP4-2025-1150,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-1150,SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-1150,SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-1150,SUSE-Storage-7.1-2025-1150,openSUSE-SLE-15.6-2025-1150Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0)https://www.suse.com/support/update/announcement/-2025-1150/suse-ru-20251150-1/Link for SUSE-RU-2025:1150-1https://lists.suse.com/pipermail/sle-updates/2025-April/038917.htmlE-Mail link for SUSE-RU-2025:1150-1https://www.suse.com/support/security/rating/SUSE Security Ratingshttps://bugzilla.suse.com/1231298SUSE Bug 1231298https://www.suse.com/security/cve/CVE-2024-47554/SUSE CVE CVE-2024-47554 pageContainer bci/openjdk-devel:17Container bci/openjdk-devel:latestContainer suse/manager/5.0/x86_64/server:latestContainer suse/multi-linux-manager/5.1/x86_64/server:latestImage SLES15-SP4-Manager-Server-4-3-BYOSImage SLES15-SP4-Manager-Server-4-3-BYOS-AzureImage SLES15-SP4-Manager-Server-4-3-BYOS-EC2Image SLES15-SP4-Manager-Server-4-3-BYOS-GCEImage server-imageSUSE Enterprise Storage 7.1SUSE Linux Enterprise High Performance Computing 15 SP3-LTSSSUSE Linux Enterprise High Performance Computing 15 SP4-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP4-LTSSSUSE Linux Enterprise High Performance Computing 15 SP5-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP5-LTSSSUSE Linux Enterprise Module for Basesystem 15 SP6SUSE Linux Enterprise Server 15 SP3-LTSSSUSE Linux Enterprise Server 15 SP4-LTSSSUSE Linux Enterprise Server 15 SP5-LTSSSUSE Linux Enterprise Server for SAP Applications 15 SP3SUSE Linux Enterprise Server for SAP Applications 15 SP4SUSE Linux Enterprise Server for SAP Applications 15 SP5SUSE Manager Proxy 4.3SUSE Manager Server 4.3openSUSE Leap 15.6apache-commons-io-2.18.0-150200.3.15.1apache-commons-io-javadoc-2.18.0-150200.3.15.1apache-commons-io-2.18.0-150200.3.15.1 as a component of Container bci/openjdk-devel:17apache-commons-io-2.18.0-150200.3.15.1 as a component of Container bci/openjdk-devel:latestapache-commons-io-2.18.0-150200.3.15.1 as a component of Container suse/manager/5.0/x86_64/server:latestapache-commons-io-2.18.0-150200.3.15.1 as a component of Container suse/multi-linux-manager/5.1/x86_64/server:latestapache-commons-io-2.18.0-150200.3.15.1 as a component of Image SLES15-SP4-Manager-Server-4-3-BYOSapache-commons-io-2.18.0-150200.3.15.1 as a component of Image SLES15-SP4-Manager-Server-4-3-BYOS-Azureapache-commons-io-2.18.0-150200.3.15.1 as a component of Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2apache-commons-io-2.18.0-150200.3.15.1 as a component of Image SLES15-SP4-Manager-Server-4-3-BYOS-GCEapache-commons-io-2.18.0-150200.3.15.1 as a component of Image server-imageapache-commons-io-2.18.0-150200.3.15.1 as a component of SUSE Enterprise Storage 7.1apache-commons-io-2.18.0-150200.3.15.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSSapache-commons-io-2.18.0-150200.3.15.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOSapache-commons-io-2.18.0-150200.3.15.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSSapache-commons-io-2.18.0-150200.3.15.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOSapache-commons-io-2.18.0-150200.3.15.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSSapache-commons-io-2.18.0-150200.3.15.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6apache-commons-io-2.18.0-150200.3.15.1 as a component of SUSE Linux Enterprise Server 15 SP3-LTSSapache-commons-io-2.18.0-150200.3.15.1 as a component of SUSE Linux Enterprise Server 15 SP4-LTSSapache-commons-io-2.18.0-150200.3.15.1 as a component of SUSE Linux Enterprise Server 15 SP5-LTSSapache-commons-io-2.18.0-150200.3.15.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3apache-commons-io-2.18.0-150200.3.15.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4apache-commons-io-2.18.0-150200.3.15.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5apache-commons-io-2.18.0-150200.3.15.1 as a component of SUSE Manager Proxy 4.3apache-commons-io-2.18.0-150200.3.15.1 as a component of SUSE Manager Server 4.3apache-commons-io-2.18.0-150200.3.15.1 as a component of openSUSE Leap 15.6apache-commons-io-javadoc-2.18.0-150200.3.15.1 as a component of openSUSE Leap 15.6Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input. This issue affects Apache Commons IO: from 2.0 before 2.14.0. Users are recommended to upgrade to version 2.14.0 or later, which fixes the issue.CVE-2024-47554Container bci/openjdk-devel:17:apache-commons-io-2.18.0-150200.3.15.1Container bci/openjdk-devel:latest:apache-commons-io-2.18.0-150200.3.15.1Container suse/manager/5.0/x86_64/server:latest:apache-commons-io-2.18.0-150200.3.15.1Container suse/multi-linux-manager/5.1/x86_64/server:latest:apache-commons-io-2.18.0-150200.3.15.1Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure:apache-commons-io-2.18.0-150200.3.15.1Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2:apache-commons-io-2.18.0-150200.3.15.1Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE:apache-commons-io-2.18.0-150200.3.15.1Image SLES15-SP4-Manager-Server-4-3-BYOS:apache-commons-io-2.18.0-150200.3.15.1Image server-image:apache-commons-io-2.18.0-150200.3.15.1SUSE Enterprise Storage 7.1:apache-commons-io-2.18.0-150200.3.15.1SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:apache-commons-io-2.18.0-150200.3.15.1SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:apache-commons-io-2.18.0-150200.3.15.1SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:apache-commons-io-2.18.0-150200.3.15.1SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:apache-commons-io-2.18.0-150200.3.15.1SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:apache-commons-io-2.18.0-150200.3.15.1SUSE Linux Enterprise Module for Basesystem 15 SP6:apache-commons-io-2.18.0-150200.3.15.1SUSE Linux Enterprise Server 15 SP3-LTSS:apache-commons-io-2.18.0-150200.3.15.1SUSE Linux Enterprise Server 15 SP4-LTSS:apache-commons-io-2.18.0-150200.3.15.1SUSE Linux Enterprise Server 15 SP5-LTSS:apache-commons-io-2.18.0-150200.3.15.1SUSE Linux Enterprise Server for SAP Applications 15 SP3:apache-commons-io-2.18.0-150200.3.15.1SUSE Linux Enterprise Server for SAP Applications 15 SP4:apache-commons-io-2.18.0-150200.3.15.1SUSE Linux Enterprise Server for SAP Applications 15 SP5:apache-commons-io-2.18.0-150200.3.15.1SUSE Manager Proxy 4.3:apache-commons-io-2.18.0-150200.3.15.1SUSE Manager Server 4.3:apache-commons-io-2.18.0-150200.3.15.1openSUSE Leap 15.6:apache-commons-io-2.18.0-150200.3.15.1openSUSE Leap 15.6:apache-commons-io-javadoc-2.18.0-150200.3.15.1moderateTo install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/-2025-1150/suse-ru-20251150-1/https://www.suse.com/security/cve/CVE-2024-47554.htmlCVE-2024-47554https://bugzilla.suse.com/1231298SUSE Bug 1231298