{"affected":[{"ecosystem_specific":{"binaries":[{"kafka-kit":"2.1.0-bp153.2.6.1","kafka-source":"2.1.0-bp153.2.6.1"}]},"package":{"ecosystem":"SUSE:Package Hub 15 SP3","name":"kafka","purl":"pkg:rpm/suse/kafka&distro=SUSE%20Package%20Hub%2015%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.1.0-bp153.2.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"kafka-kit":"2.1.0-bp153.2.6.1","kafka-source":"2.1.0-bp153.2.6.1"}]},"package":{"ecosystem":"SUSE:Package Hub 15 SP3","name":"kafka-kit","purl":"pkg:rpm/suse/kafka-kit&distro=SUSE%20Package%20Hub%2015%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.1.0-bp153.2.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"kafka-kit":"2.1.0-bp153.2.6.1","kafka-source":"2.1.0-bp153.2.6.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.3","name":"kafka","purl":"pkg:rpm/opensuse/kafka&distro=openSUSE%20Leap%2015.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.1.0-bp153.2.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"kafka-kit":"2.1.0-bp153.2.6.1","kafka-source":"2.1.0-bp153.2.6.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.3","name":"kafka-kit","purl":"pkg:rpm/opensuse/kafka-kit&distro=openSUSE%20Leap%2015.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.1.0-bp153.2.6.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"\nThis update for kafka, kafka-kit fixes following issues:\n\n\n- Remove JDBCAppender, JMSSink, chainsaw from log4j jars during build to\n  prevent bsc#1194842, CVE-2022-23302, bsc#1194843, CVE-2022-23305,\n  bsc#1194844, CVE-2022-23307\n\n- Rebuild with kafka-kit change to\n  Remove JMSAppender from log4j jars during build to\n  prevent bsc#1193662, CVE-2021-4104\n","id":"openSUSE-SU-2022:0038-1","modified":"2022-02-16T14:29:17Z","published":"2022-02-16T14:29:17Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LX6N6XLYOR6GINGSRITWVKJ743FCLHXK/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1193662"},{"type":"REPORT","url":"https://bugzilla.suse.com/1194842"},{"type":"REPORT","url":"https://bugzilla.suse.com/1194843"},{"type":"REPORT","url":"https://bugzilla.suse.com/1194844"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-4104"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-23302"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-23305"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-23307"}],"related":["CVE-2021-4104","CVE-2022-23302","CVE-2022-23305","CVE-2022-23307"],"summary":"Security update for kafka","upstream":["CVE-2021-4104","CVE-2022-23302","CVE-2022-23305","CVE-2022-23307"]}