SUSE-SU-2024:4252-1
- Source
- https://www.suse.com/support/update/announcement/2024/suse-su-20244252-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2024:4252-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/SUSE-SU-2024:4252-1
- Related
- Published
- 2024-12-06T15:40:23Z
- Modified
- 2024-12-06T15:40:23Z
- Summary
- Security update for java-1_8_0-ibm
- Details
-
This update for java-180-ibm fixes the following issues:
Updated to Java 8.0 Service Refresh 8 Fix Pack 35 with Oracle October 15 2024 CPU (bsc#1232064): - CVE-2024-21208: Fixed partial DoS in component Networking (bsc#1231702,JDK-8328286) - CVE-2024-21210: Fixed unauthorized update, insert or delete access to some of Oracle Java SE accessible data in component Hotspot (bsc#1231711,JDK-8328544) - CVE-2024-21217: Fixed partial DoS in component Serialization (bsc#1231716,JDK-8331446) - CVE-2024-21235: Fixed unauthorized read/write access to data in component Hotspot (bsc#1231719,JDK-8332644)
Other issues fixed in past releases: - CVE-2024-3933: Fixed evaluate constant byteLenNode of arrayCopyChild (bsc#1225470)
- References
-
- https://www.suse.com/support/update/announcement/2024/suse-su-20244252-1/
- https://bugzilla.suse.com/1225470
- https://bugzilla.suse.com/1231702
- https://bugzilla.suse.com/1231711
- https://bugzilla.suse.com/1231716
- https://bugzilla.suse.com/1231719
- https://bugzilla.suse.com/1232064
- https://www.suse.com/security/cve/CVE-2024-21208
- https://www.suse.com/security/cve/CVE-2024-21210
- https://www.suse.com/security/cve/CVE-2024-21217
- https://www.suse.com/security/cve/CVE-2024-21235
- https://www.suse.com/security/cve/CVE-2024-3933
Affected packages
SUSE:Linux Enterprise Server 12 SP5-LTSS / java-1_8_0-ibm
Package
- Name
- java-1_8_0-ibm
- Purl
- pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSS