Security update for slf4j SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:1625-1 Final 1 1 2018-06-09T08:31:17Z current 2018-06-09T08:31:17Z 2018-06-09T08:31:17Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for slf4j This update for slf4j fixes the following security issue: - CVE-2018-8088: Remote attackers could have bypassed intended access restrictions via crafted data. Disallow EventData deserialization by default from now on (bsc#1085970). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) http://lists.opensuse.org/opensuse-security-announce/2018-06/msg00016.html E-Mail link for openSUSE-SU-2018:1625-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 15.0 slf4j-1.7.12-lp150.4.3.1 slf4j-javadoc-1.7.12-lp150.4.3.1 slf4j-manual-1.7.12-lp150.4.3.1 slf4j-1.7.12-lp150.4.3.1 as a component of openSUSE Leap 15.0 slf4j-javadoc-1.7.12-lp150.4.3.1 as a component of openSUSE Leap 15.0 slf4j-manual-1.7.12-lp150.4.3.1 as a component of openSUSE Leap 15.0 org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. CVE-2018-8088 openSUSE Leap 15.0:slf4j-1.7.12-lp150.4.3.1 openSUSE Leap 15.0:slf4j-javadoc-1.7.12-lp150.4.3.1 openSUSE Leap 15.0:slf4j-manual-1.7.12-lp150.4.3.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-06/msg00016.html https://www.suse.com/security/cve/CVE-2018-8088.html CVE-2018-8088 https://bugzilla.suse.com/1085970 SUSE Bug 1085970