nekohtml-1.9.22.noko2-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:12022 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z nekohtml-1.9.22.noko2-1.1 on GA media These are all security issues fixed in the nekohtml-1.9.22.noko2-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-12022 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:12022 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2022-28366/ SUSE CVE CVE-2022-28366 page openSUSE Tumbleweed nekohtml-1.9.22.noko2-1.1 nekohtml-demo-1.9.22.noko2-1.1 nekohtml-javadoc-1.9.22.noko2-1.1 nekohtml-1.9.22.noko2-1.1 as a component of openSUSE Tumbleweed nekohtml-demo-1.9.22.noko2-1.1 as a component of openSUSE Tumbleweed nekohtml-javadoc-1.9.22.noko2-1.1 as a component of openSUSE Tumbleweed Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction (PI) input that causes excessive heap memory consumption. In particular, this issue exists in HtmlUnit-Neko through 2.26, and is fixed in 2.27. This issue also exists in CyberNeko HTML through 1.9.22 (also affecting OWASP AntiSamy before 1.6.6), but 1.9.22 is the last version of CyberNeko HTML. NOTE: this may be related to CVE-2022-24839. CVE-2022-28366 openSUSE Tumbleweed:nekohtml-1.9.22.noko2-1.1 openSUSE Tumbleweed:nekohtml-demo-1.9.22.noko2-1.1 openSUSE Tumbleweed:nekohtml-javadoc-1.9.22.noko2-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-28366.html CVE-2022-28366 https://bugzilla.suse.com/1198739 SUSE Bug 1198739