An update that fixes four vulnerabilities is now available.
Description:
This update for kafka, kafka-kit fixes following issues:
Remove JDBCAppender, JMSSink, chainsaw from log4j jars during build to
prevent bsc#1194842, CVE-2022-23302, bsc#1194843, CVE-2022-23305,
bsc#1194844, CVE-2022-23307
Rebuild with kafka-kit change to Remove JMSAppender from log4j jars
during build to prevent bsc#1193662, CVE-2021-4104
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:
openSUSE Backports SLE-15-SP3:
zypper in -t patch openSUSE-2022-38=1