Security update for eclipse SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2021:0485-1 Final 1 1 2021-03-30T01:21:41Z current 2021-03-30T01:21:41Z 2021-03-30T01:21:41Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for eclipse This update for eclipse fixes the following issues: - CVE-2020-27225: Authenticate active help requests to the local help web server (bsc#1183728). This update was imported from the SUSE:SLE-15-SP2:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2021-485 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GFMJOYKYZTYC75UCIIQQRAD674LFJI3L/ E-Mail link for openSUSE-SU-2021:0485-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1183728 SUSE Bug 1183728 https://www.suse.com/security/cve/CVE-2020-27225/ SUSE CVE CVE-2020-27225 page openSUSE Leap 15.2 eclipse-contributor-tools-4.9.0-lp152.3.3.1 eclipse-contributor-tools-bootstrap-4.9.0-lp152.3.3.1 eclipse-equinox-osgi-4.9.0-lp152.3.3.1 eclipse-equinox-osgi-bootstrap-4.9.0-lp152.3.3.1 eclipse-jdt-4.9.0-lp152.3.3.1 eclipse-jdt-bootstrap-4.9.0-lp152.3.3.1 eclipse-p2-discovery-4.9.0-lp152.3.3.1 eclipse-p2-discovery-bootstrap-4.9.0-lp152.3.3.1 eclipse-pde-4.9.0-lp152.3.3.1 eclipse-pde-bootstrap-4.9.0-lp152.3.3.1 eclipse-platform-4.9.0-lp152.3.3.1 eclipse-platform-bootstrap-4.9.0-lp152.3.3.1 eclipse-swt-4.9.0-lp152.3.3.1 eclipse-swt-bootstrap-4.9.0-lp152.3.3.1 eclipse-tests-4.9.0-lp152.3.3.1 eclipse-tests-bootstrap-4.9.0-lp152.3.3.1 eclipse-contributor-tools-4.9.0-lp152.3.3.1 as a component of openSUSE Leap 15.2 eclipse-contributor-tools-bootstrap-4.9.0-lp152.3.3.1 as a component of openSUSE Leap 15.2 eclipse-equinox-osgi-4.9.0-lp152.3.3.1 as a component of openSUSE Leap 15.2 eclipse-equinox-osgi-bootstrap-4.9.0-lp152.3.3.1 as a component of openSUSE Leap 15.2 eclipse-jdt-4.9.0-lp152.3.3.1 as a component of openSUSE Leap 15.2 eclipse-jdt-bootstrap-4.9.0-lp152.3.3.1 as a component of openSUSE Leap 15.2 eclipse-p2-discovery-4.9.0-lp152.3.3.1 as a component of openSUSE Leap 15.2 eclipse-p2-discovery-bootstrap-4.9.0-lp152.3.3.1 as a component of openSUSE Leap 15.2 eclipse-pde-4.9.0-lp152.3.3.1 as a component of openSUSE Leap 15.2 eclipse-pde-bootstrap-4.9.0-lp152.3.3.1 as a component of openSUSE Leap 15.2 eclipse-platform-4.9.0-lp152.3.3.1 as a component of openSUSE Leap 15.2 eclipse-platform-bootstrap-4.9.0-lp152.3.3.1 as a component of openSUSE Leap 15.2 eclipse-swt-4.9.0-lp152.3.3.1 as a component of openSUSE Leap 15.2 eclipse-swt-bootstrap-4.9.0-lp152.3.3.1 as a component of openSUSE Leap 15.2 eclipse-tests-4.9.0-lp152.3.3.1 as a component of openSUSE Leap 15.2 eclipse-tests-bootstrap-4.9.0-lp152.3.3.1 as a component of openSUSE Leap 15.2 In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform process. CVE-2020-27225 openSUSE Leap 15.2:eclipse-contributor-tools-4.9.0-lp152.3.3.1 openSUSE Leap 15.2:eclipse-contributor-tools-bootstrap-4.9.0-lp152.3.3.1 openSUSE Leap 15.2:eclipse-equinox-osgi-4.9.0-lp152.3.3.1 openSUSE Leap 15.2:eclipse-equinox-osgi-bootstrap-4.9.0-lp152.3.3.1 openSUSE Leap 15.2:eclipse-jdt-4.9.0-lp152.3.3.1 openSUSE Leap 15.2:eclipse-jdt-bootstrap-4.9.0-lp152.3.3.1 openSUSE Leap 15.2:eclipse-p2-discovery-4.9.0-lp152.3.3.1 openSUSE Leap 15.2:eclipse-p2-discovery-bootstrap-4.9.0-lp152.3.3.1 openSUSE Leap 15.2:eclipse-pde-4.9.0-lp152.3.3.1 openSUSE Leap 15.2:eclipse-pde-bootstrap-4.9.0-lp152.3.3.1 openSUSE Leap 15.2:eclipse-platform-4.9.0-lp152.3.3.1 openSUSE Leap 15.2:eclipse-platform-bootstrap-4.9.0-lp152.3.3.1 openSUSE Leap 15.2:eclipse-swt-4.9.0-lp152.3.3.1 openSUSE Leap 15.2:eclipse-swt-bootstrap-4.9.0-lp152.3.3.1 openSUSE Leap 15.2:eclipse-tests-4.9.0-lp152.3.3.1 openSUSE Leap 15.2:eclipse-tests-bootstrap-4.9.0-lp152.3.3.1 important 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GFMJOYKYZTYC75UCIIQQRAD674LFJI3L/ https://www.suse.com/security/cve/CVE-2020-27225.html CVE-2020-27225 https://bugzilla.suse.com/1183728 SUSE Bug 1183728