Recommended update for apache-commons-io SUSE Patch security@suse.de SUSE Security Team SUSE-RU-2025:1150-1 Final 1 1 2025-04-07T07:47:08Z current 2025-04-07T07:47:08Z 2025-04-07T07:47:08Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Recommended update for apache-commons-io This update for apache-commons-io fixes the following issues: apache-commons-io was updated from version 2.15.1 to 2.18.0: - Key changes across versions: * Cleaner code and updated dependencies * Improved security when handling serialized data with the new safe deserialization feature * New features for advanced file and stream operations * Various bugs were fixed to improve reliability with fewer crashes and unexpected errors * For the full list of changes please consult the packaged RELEASE-NOTES.txt - Already fixed in previous version: * CVE-2024-47554: Untrusted input to XmlStreamReader can lead to uncontrolled resource consumption (bsc#1231298) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Container bci/openjdk-devel:17-2025-1150,Container bci/openjdk-devel:latest-2025-1150,Container suse/manager/5.0/x86_64/server:latest-2025-1150,Container suse/multi-linux-manager/5.1/x86_64/server:latest-2025-1150,Image SLES15-SP4-Manager-Server-4-3-BYOS-2025-1150,Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure-2025-1150,Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2-2025-1150,Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE-2025-1150,Image server-image-2025-1150,SUSE-2025-1150,SUSE-SLE-Module-Basesystem-15-SP6-2025-1150,SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-1150,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-1150,SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-1150,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-1150,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-1150,SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-1150,SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1150,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-1150,SUSE-SLE-Product-SLES_SAP-15-SP3-2025-1150,SUSE-SLE-Product-SLES_SAP-15-SP4-2025-1150,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-1150,SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-1150,SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-1150,SUSE-Storage-7.1-2025-1150,openSUSE-SLE-15.6-2025-1150 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/-2025-1150/suse-ru-20251150-1/ Link for SUSE-RU-2025:1150-1 https://lists.suse.com/pipermail/sle-updates/2025-April/038917.html E-Mail link for SUSE-RU-2025:1150-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1231298 SUSE Bug 1231298 https://www.suse.com/security/cve/CVE-2024-47554/ SUSE CVE CVE-2024-47554 page Container bci/openjdk-devel:17 Container bci/openjdk-devel:latest Container suse/manager/5.0/x86_64/server:latest Container suse/multi-linux-manager/5.1/x86_64/server:latest Image SLES15-SP4-Manager-Server-4-3-BYOS Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2 Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE Image server-image SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS SUSE Linux Enterprise Module for Basesystem 15 SP6 SUSE Linux Enterprise Server 15 SP3-LTSS SUSE Linux Enterprise Server 15 SP4-LTSS SUSE Linux Enterprise Server 15 SP5-LTSS SUSE Linux Enterprise Server for SAP Applications 15 SP3 SUSE Linux Enterprise Server for SAP Applications 15 SP4 SUSE Linux Enterprise Server for SAP Applications 15 SP5 SUSE Manager Proxy 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.6 apache-commons-io-2.18.0-150200.3.15.1 apache-commons-io-javadoc-2.18.0-150200.3.15.1 apache-commons-io-2.18.0-150200.3.15.1 as a component of Container bci/openjdk-devel:17 apache-commons-io-2.18.0-150200.3.15.1 as a component of Container bci/openjdk-devel:latest apache-commons-io-2.18.0-150200.3.15.1 as a component of Container suse/manager/5.0/x86_64/server:latest apache-commons-io-2.18.0-150200.3.15.1 as a component of Container suse/multi-linux-manager/5.1/x86_64/server:latest apache-commons-io-2.18.0-150200.3.15.1 as a component of Image SLES15-SP4-Manager-Server-4-3-BYOS apache-commons-io-2.18.0-150200.3.15.1 as a component of Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure apache-commons-io-2.18.0-150200.3.15.1 as a component of Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2 apache-commons-io-2.18.0-150200.3.15.1 as a component of Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE apache-commons-io-2.18.0-150200.3.15.1 as a component of Image server-image apache-commons-io-2.18.0-150200.3.15.1 as a component of SUSE Enterprise Storage 7.1 apache-commons-io-2.18.0-150200.3.15.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS apache-commons-io-2.18.0-150200.3.15.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS apache-commons-io-2.18.0-150200.3.15.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS apache-commons-io-2.18.0-150200.3.15.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS apache-commons-io-2.18.0-150200.3.15.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS apache-commons-io-2.18.0-150200.3.15.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 apache-commons-io-2.18.0-150200.3.15.1 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS apache-commons-io-2.18.0-150200.3.15.1 as a component of SUSE Linux Enterprise Server 15 SP4-LTSS apache-commons-io-2.18.0-150200.3.15.1 as a component of SUSE Linux Enterprise Server 15 SP5-LTSS apache-commons-io-2.18.0-150200.3.15.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 apache-commons-io-2.18.0-150200.3.15.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4 apache-commons-io-2.18.0-150200.3.15.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 apache-commons-io-2.18.0-150200.3.15.1 as a component of SUSE Manager Proxy 4.3 apache-commons-io-2.18.0-150200.3.15.1 as a component of SUSE Manager Server 4.3 apache-commons-io-2.18.0-150200.3.15.1 as a component of openSUSE Leap 15.6 apache-commons-io-javadoc-2.18.0-150200.3.15.1 as a component of openSUSE Leap 15.6 Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input. This issue affects Apache Commons IO: from 2.0 before 2.14.0. Users are recommended to upgrade to version 2.14.0 or later, which fixes the issue. CVE-2024-47554 Container bci/openjdk-devel:17:apache-commons-io-2.18.0-150200.3.15.1 Container bci/openjdk-devel:latest:apache-commons-io-2.18.0-150200.3.15.1 Container suse/manager/5.0/x86_64/server:latest:apache-commons-io-2.18.0-150200.3.15.1 Container suse/multi-linux-manager/5.1/x86_64/server:latest:apache-commons-io-2.18.0-150200.3.15.1 Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure:apache-commons-io-2.18.0-150200.3.15.1 Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2:apache-commons-io-2.18.0-150200.3.15.1 Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE:apache-commons-io-2.18.0-150200.3.15.1 Image SLES15-SP4-Manager-Server-4-3-BYOS:apache-commons-io-2.18.0-150200.3.15.1 Image server-image:apache-commons-io-2.18.0-150200.3.15.1 SUSE Enterprise Storage 7.1:apache-commons-io-2.18.0-150200.3.15.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:apache-commons-io-2.18.0-150200.3.15.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:apache-commons-io-2.18.0-150200.3.15.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:apache-commons-io-2.18.0-150200.3.15.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:apache-commons-io-2.18.0-150200.3.15.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:apache-commons-io-2.18.0-150200.3.15.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:apache-commons-io-2.18.0-150200.3.15.1 SUSE Linux Enterprise Server 15 SP3-LTSS:apache-commons-io-2.18.0-150200.3.15.1 SUSE Linux Enterprise Server 15 SP4-LTSS:apache-commons-io-2.18.0-150200.3.15.1 SUSE Linux Enterprise Server 15 SP5-LTSS:apache-commons-io-2.18.0-150200.3.15.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:apache-commons-io-2.18.0-150200.3.15.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:apache-commons-io-2.18.0-150200.3.15.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:apache-commons-io-2.18.0-150200.3.15.1 SUSE Manager Proxy 4.3:apache-commons-io-2.18.0-150200.3.15.1 SUSE Manager Server 4.3:apache-commons-io-2.18.0-150200.3.15.1 openSUSE Leap 15.6:apache-commons-io-2.18.0-150200.3.15.1 openSUSE Leap 15.6:apache-commons-io-javadoc-2.18.0-150200.3.15.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/-2025-1150/suse-ru-20251150-1/ https://www.suse.com/security/cve/CVE-2024-47554.html CVE-2024-47554 https://bugzilla.suse.com/1231298 SUSE Bug 1231298