SUSE-SU-2023:1673-1
Advisory lineage Upstream: 2 Downstream: 0
Upstream
Published: 29 Mar 2023, 13:06
Last modified:04 Feb 2026, 03:30
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
29 Mar 2023, 13:06
Published
Vulnerability first disclosed
04 Feb 2026, 03:30
Last Modified
Vulnerability information updated
Description
Security update for xstream This update for xstream fixes the following issues: - CVE-2022-40151: Fixed stackoverflow in XML serialization (bsc#1203520). - CVE-2022-41966: Fixed denial of service via uncontrolled recursion during deserialization (bsc#1206729). - Upgrade to 1.4.20.
Affected Systems
- opensuse•xstream&distro=openSUSE Leap 15.4
< 1.4.20-150200.3.25.1
- suse•xstream&distro=SUSE Enterprise Storage 7
< 1.4.20-150200.3.25.1
- suse•xstream&distro=SUSE Enterprise Storage 7.1
< 1.4.20-150200.3.25.1
- suse•xstream&distro=SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
< 1.4.20-150200.3.25.1
- suse•xstream&distro=SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS
< 1.4.20-150200.3.25.1
- suse•xstream&distro=SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
< 1.4.20-150200.3.25.1
- suse•xstream&distro=SUSE Linux Enterprise Module for Development Tools 15 SP4
< 1.4.20-150200.3.25.1
- suse•xstream&distro=SUSE Linux Enterprise Real Time 15 SP3
< 1.4.20-150200.3.25.1
- suse•xstream&distro=SUSE Linux Enterprise Server 15 SP2-LTSS
< 1.4.20-150200.3.25.1
- suse•xstream&distro=SUSE Linux Enterprise Server 15 SP3-LTSS
< 1.4.20-150200.3.25.1
- suse•xstream&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP2
< 1.4.20-150200.3.25.1
- suse•xstream&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP3
< 1.4.20-150200.3.25.1
- suse•xstream&distro=SUSE Manager Server Module 4.2
< 1.4.20-150200.3.25.1
- suse•xstream&distro=SUSE Manager Server Module 4.3
< 1.4.20-150200.3.25.1