CVE-2023-2976 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2023-2976 Interim 1 6 2023-10-02T23:22:47Z current 2023-06-15T23:15:43Z 2023-10-02T23:22:47Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2023-2976 Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2023-August/015753.html E-Mail link for SUSE-CU-2023:2503-1 https://lists.suse.com/pipermail/sle-security-updates/2023-August/015754.html E-Mail link for SUSE-CU-2023:2505-1 https://lists.suse.com/pipermail/sle-updates/2023-August/030678.html E-Mail link for SUSE-SU-2023:3090-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings Container bci/openjdk-devel:11-8.43 Container bci/openjdk-devel:17-10.40 SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Module for Development Tools 15 SP4 SUSE Linux Enterprise Module for Development Tools 15 SP5 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS SUSE Linux Enterprise Module for Development Tools 15 SP4 SUSE Linux Enterprise Module for Development Tools 15 SP5 SUSE Linux Enterprise Real Time 15 SP3 SUSE Linux Enterprise Server 15 SP2-LTSS SUSE Linux Enterprise Server 15 SP3-LTSS SUSE Linux Enterprise Module for Development Tools 15 SP4 SUSE Linux Enterprise Server 15 SP4-TERADATA SUSE Linux Enterprise Module for Development Tools 15 SP5 SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Linux Enterprise Server for SAP Applications 15 SP3 SUSE Linux Enterprise Module for Development Tools 15 SP4 SUSE Linux Enterprise Module for Development Tools 15 SP5 SUSE Linux Enterprise Module for Development Tools 15 SP4 SUSE Linux Enterprise Module for Development Tools 15 SP4 SUSE Linux Enterprise Module for Development Tools 15 SP4 SUSE Manager Server Module 4.2 SUSE Manager Server Module 4.3 openSUSE Leap 15.4 openSUSE Leap 15.5 openSUSE Tumbleweed guava guava-32.0.1-1.1 guava-32.0.1-150200.3.7.1 guava-javadoc-32.0.1-1.1 guava-javadoc-32.0.1-150200.3.7.1 guava-testlib-32.0.1-1.1 guava-testlib-32.0.1-150200.3.7.1 guava-32.0.1-150200.3.7.1 as a component of Container bci/openjdk-devel:11-8.43 guava-32.0.1-150200.3.7.1 as a component of Container bci/openjdk-devel:17-10.40 guava-32.0.1-150200.3.7.1 as a component of SUSE Linux Enterprise Module for Development Tools 15 SP4 guava-32.0.1-150200.3.7.1 as a component of SUSE Linux Enterprise Module for Development Tools 15 SP5 guava-32.0.1-150200.3.7.1 as a component of SUSE Linux Enterprise Real Time 15 SP3 guava-32.0.1-150200.3.7.1 as a component of SUSE Linux Enterprise Server 15 SP4-TERADATA guava-32.0.1-150200.3.7.1 as a component of openSUSE Leap 15.4 guava-javadoc-32.0.1-150200.3.7.1 as a component of openSUSE Leap 15.4 guava-testlib-32.0.1-150200.3.7.1 as a component of openSUSE Leap 15.4 guava-32.0.1-150200.3.7.1 as a component of openSUSE Leap 15.5 guava-javadoc-32.0.1-150200.3.7.1 as a component of openSUSE Leap 15.5 guava-testlib-32.0.1-150200.3.7.1 as a component of openSUSE Leap 15.5 guava-32.0.1-1.1 as a component of openSUSE Tumbleweed guava-javadoc-32.0.1-1.1 as a component of openSUSE Tumbleweed guava-testlib-32.0.1-1.1 as a component of openSUSE Tumbleweed guava as a component of SUSE Enterprise Storage 7 guava as a component of SUSE Enterprise Storage 7.1 guava as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS guava as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS guava as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS guava as a component of SUSE Linux Enterprise Server 15 SP2-LTSS guava as a component of SUSE Linux Enterprise Server 15 SP3-LTSS guava as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 guava as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 guava as a component of SUSE Manager Server Module 4.2 guava as a component of SUSE Manager Server Module 4.3 Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows. CVE-2023-2976 Container bci/openjdk-devel:11-8.43:guava-32.0.1-150200.3.7.1 Container bci/openjdk-devel:17-10.40:guava-32.0.1-150200.3.7.1 SUSE Linux Enterprise Module for Development Tools 15 SP4:guava-32.0.1-150200.3.7.1 SUSE Linux Enterprise Module for Development Tools 15 SP5:guava-32.0.1-150200.3.7.1 SUSE Linux Enterprise Real Time 15 SP3:guava-32.0.1-150200.3.7.1 SUSE Linux Enterprise Server 15 SP4-TERADATA:guava-32.0.1-150200.3.7.1 openSUSE Leap 15.4:guava-32.0.1-150200.3.7.1 openSUSE Leap 15.4:guava-javadoc-32.0.1-150200.3.7.1 openSUSE Leap 15.4:guava-testlib-32.0.1-150200.3.7.1 openSUSE Leap 15.5:guava-32.0.1-150200.3.7.1 openSUSE Leap 15.5:guava-javadoc-32.0.1-150200.3.7.1 openSUSE Leap 15.5:guava-testlib-32.0.1-150200.3.7.1 openSUSE Tumbleweed:guava-32.0.1-1.1 openSUSE Tumbleweed:guava-javadoc-32.0.1-1.1 openSUSE Tumbleweed:guava-testlib-32.0.1-1.1 SUSE Manager Server Module 4.2:guava SUSE Manager Server Module 4.3:guava SUSE Enterprise Storage 7.1:guava SUSE Enterprise Storage 7:guava SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:guava SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:guava SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:guava SUSE Linux Enterprise Server 15 SP2-LTSS:guava SUSE Linux Enterprise Server 15 SP3-LTSS:guava SUSE Linux Enterprise Server for SAP Applications 15 SP2:guava SUSE Linux Enterprise Server for SAP Applications 15 SP3:guava moderate 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N