An update for testng is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2024-1072 Final 1.0 1.0 2024-01-12 Initial 2024-01-12 2024-01-12 openEuler SA Tool V1.0 2024-01-12 testng security update An update for testng is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3. TestNG is a testing framework inspired from JUnit and NUnit but introducing some new functionality that make it more powerful and easier to use, such as: * Annotations. * Run your tests in arbitrarily big thread pools with various policies available (all methods in their own thread, one thread per test class, etc...). * Test that your code is multithread safe. * Flexible test configuration. * Support for data-driven testing (with @DataProvider). * Support for parameters. * Powerful execution model (no more TestSuite). * Supported by a variety of tools and plug-ins (Eclipse, IDEA, Maven, etc...). * Embeds BeanShell for further flexibility. * Default JDK functions for runtime and logging (no dependencies). * Dependent methods for application server testing. Security Fix(es): A vulnerability was found in cbeust testng 7.5.0/7.6.0/7.6.1/7.7.0. It has been declared as critical. Affected by this vulnerability is the function testngXmlExistsInJar of the file testng-core/src/main/java/org/testng/JarFileUtils.java of the component XML File Parser. The manipulation leads to path traversal. The attack can be launched remotely. Upgrading to version 7.5.1 and 7.7.1 is able to address this issue. The patch is named 9150736cd2c123a6a3b60e6193630859f9f0422b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-214027.(CVE-2022-4065) An update for testng is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High testng https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1072 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-4065 https://nvd.nist.gov/vuln/detail/CVE-2022-4065 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS openEuler-22.03-LTS-SP1 openEuler-22.03-LTS-SP2 openEuler-22.03-LTS-SP3 testng-javadoc-6.14.3-7.oe1.noarch.rpm testng-6.14.3-7.oe1.noarch.rpm testng-6.14.3-7.oe2003sp4.noarch.rpm testng-javadoc-6.14.3-7.oe2003sp4.noarch.rpm testng-javadoc-6.14.3-7.oe2203.noarch.rpm testng-6.14.3-7.oe2203.noarch.rpm testng-6.14.3-7.oe2203sp1.noarch.rpm testng-javadoc-6.14.3-7.oe2203sp1.noarch.rpm testng-6.14.3-7.oe2203sp2.noarch.rpm testng-javadoc-6.14.3-7.oe2203sp2.noarch.rpm testng-6.14.3-7.oe2203sp3.noarch.rpm testng-javadoc-6.14.3-7.oe2203sp3.noarch.rpm testng-6.14.3-7.oe1.src.rpm testng-6.14.3-7.oe2003sp4.src.rpm testng-6.14.3-7.oe2203.src.rpm testng-6.14.3-7.oe2203sp1.src.rpm testng-6.14.3-7.oe2203sp2.src.rpm testng-6.14.3-7.oe2203sp3.src.rpm A vulnerability was found in cbeust testng 7.5.0/7.6.0/7.6.1/7.7.0. It has been declared as critical. Affected by this vulnerability is the function testngXmlExistsInJar of the file testng-core/src/main/java/org/testng/JarFileUtils.java of the component XML File Parser. The manipulation leads to path traversal. The attack can be launched remotely. Upgrading to version 7.5.1 and 7.7.1 is able to address this issue. The patch is named 9150736cd2c123a6a3b60e6193630859f9f0422b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-214027. 2024-01-12 CVE-2022-4065 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS openEuler-22.03-LTS-SP1 openEuler-22.03-LTS-SP2 openEuler-22.03-LTS-SP3 High 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H testng security update 2024-01-12 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1072