SUSE-SU-2022:4290-1

Source
https://www.suse.com/support/update/announcement/2022/suse-su-20224290-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2022:4290-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2022:4290-1
Related
Published
2022-11-29T14:59:56Z
Modified
2022-11-29T14:59:56Z
Summary
Security update for java-1_8_0-ibm
Details

This update for java-180-ibm fixes the following issues:

  • CVE-2022-21626: An unauthenticated attacker with network access via HTTPS can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204471).
  • CVE-2022-21618: An unauthenticated attacker with network access via Kerberos can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204468).
  • CVE-2022-21619: An unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE (bsc#1204473).
  • CVE-2022-21628: An unauthenticated attacker with network access via HTTP can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204472).
  • CVE-2022-21624: An unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise (bsc#1204475).
  • CVE-2022-39399: An unauthenticated attacker with network access via HTTP can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204480).

  • Update to Java 8.0 Service Refresh 7 Fix Pack 20 [bsc#1205302]

    • Security:
      • The IBM ORB Does Not Support Object-Serialisation Data Filtering
      • Large Allocation In CipherSuite
      • Avoid Evaluating Sslalgorithmconstraints Twice
      • Cache The Results Of Constraint Checks
      • An incorrect ShortBufferException is thrown by IBMJCEPlus, IBMJCEPlusFIPS during cipher update operation
      • Disable SHA-1 Signed Jars For Ea
      • JSSE Performance Improvement
      • Oracle Road Map Kerberos Deprecation Of 3DES And RC4 Encryption
    • Java 8/Orb:
      • Upgrade ibmcfw.jar To Version o2228.02
    • Class Libraries:
      • Crash In Libjsor.So During An Rdma Failover
      • High CPU Consumption Observed In ZosEventPort$EventHandlerTask.run
      • Update Timezone Information To The Latest tzdata2022c
    • Jit Compiler:
      • Crash During JIT Compilation
      • Incorrect JIT Optimization Of Java Code
      • Incorrect Return From Class.isArray()
      • Unexpected ClassCastException
      • Performance Regression When Calling VM Helper Code On X86
    • X/Os Extentions:
      • Add RSA-OAEP Cipher Function To IBMJCECCA
  • Update to Java 8.0 Service Refresh 7 Fix Pack 16

    • Java Virtual Machine
      • Assertion failure at ClassLoaderRememberedSet.cpp
      • Assertion failure at StandardAccessBarrier.cpp when -Xgc:concurrentScavenge is set.
      • GC can have unflushed ownable synchronizer objects which can eventually lead to heap corruption and failure when -Xgc:concurrentScavenge is set.
    • JIT Compiler:
      • Incorrect JIT optimization of Java code
      • JAVA JIT Power: JIT compile time assert on AIX or LINUXPPC
    • Reliability and Serviceability:
      • javacore with 'kill -3' SIGQUIT signal freezes Java process
References

Affected packages

SUSE:OpenStack Cloud 9 / java-1_8_0-ibm

Package

Name
java-1_8_0-ibm
Purl
purl:rpm/suse/java-1_8_0-ibm&distro=SUSE%20OpenStack%20Cloud%209

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.0_sr7.20-30.99.1

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-ibm-alsa": "1.8.0_sr7.20-30.99.1",
            "java-1_8_0-ibm-plugin": "1.8.0_sr7.20-30.99.1",
            "java-1_8_0-ibm-devel": "1.8.0_sr7.20-30.99.1",
            "java-1_8_0-ibm": "1.8.0_sr7.20-30.99.1"
        }
    ]
}

SUSE:OpenStack Cloud Crowbar 9 / java-1_8_0-ibm

Package

Name
java-1_8_0-ibm
Purl
purl:rpm/suse/java-1_8_0-ibm&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.0_sr7.20-30.99.1

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-ibm-alsa": "1.8.0_sr7.20-30.99.1",
            "java-1_8_0-ibm-plugin": "1.8.0_sr7.20-30.99.1",
            "java-1_8_0-ibm-devel": "1.8.0_sr7.20-30.99.1",
            "java-1_8_0-ibm": "1.8.0_sr7.20-30.99.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP4 / java-1_8_0-ibm

Package

Name
java-1_8_0-ibm
Purl
purl:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.0_sr7.20-30.99.1

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-ibm-alsa": "1.8.0_sr7.20-30.99.1",
            "java-1_8_0-ibm-plugin": "1.8.0_sr7.20-30.99.1",
            "java-1_8_0-ibm-devel": "1.8.0_sr7.20-30.99.1",
            "java-1_8_0-ibm": "1.8.0_sr7.20-30.99.1"
        }
    ]
}

SUSE:Linux Enterprise Software Development Kit 12 SP5 / java-1_8_0-ibm

Package

Name
java-1_8_0-ibm
Purl
purl:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.0_sr7.20-30.99.1

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-ibm-devel": "1.8.0_sr7.20-30.99.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP2-BCL / java-1_8_0-ibm

Package

Name
java-1_8_0-ibm
Purl
purl:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.0_sr7.20-30.99.1

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-ibm-alsa": "1.8.0_sr7.20-30.99.1",
            "java-1_8_0-ibm-plugin": "1.8.0_sr7.20-30.99.1",
            "java-1_8_0-ibm-devel": "1.8.0_sr7.20-30.99.1",
            "java-1_8_0-ibm": "1.8.0_sr7.20-30.99.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP3-BCL / java-1_8_0-ibm

Package

Name
java-1_8_0-ibm
Purl
purl:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCL

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.0_sr7.20-30.99.1

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-ibm-alsa": "1.8.0_sr7.20-30.99.1",
            "java-1_8_0-ibm-plugin": "1.8.0_sr7.20-30.99.1",
            "java-1_8_0-ibm-devel": "1.8.0_sr7.20-30.99.1",
            "java-1_8_0-ibm": "1.8.0_sr7.20-30.99.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP4-LTSS / java-1_8_0-ibm

Package

Name
java-1_8_0-ibm
Purl
purl:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.0_sr7.20-30.99.1

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-ibm-alsa": "1.8.0_sr7.20-30.99.1",
            "java-1_8_0-ibm-plugin": "1.8.0_sr7.20-30.99.1",
            "java-1_8_0-ibm-devel": "1.8.0_sr7.20-30.99.1",
            "java-1_8_0-ibm": "1.8.0_sr7.20-30.99.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP5 / java-1_8_0-ibm

Package

Name
java-1_8_0-ibm
Purl
purl:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.0_sr7.20-30.99.1

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-ibm-alsa": "1.8.0_sr7.20-30.99.1",
            "java-1_8_0-ibm-plugin": "1.8.0_sr7.20-30.99.1",
            "java-1_8_0-ibm-devel": "1.8.0_sr7.20-30.99.1",
            "java-1_8_0-ibm": "1.8.0_sr7.20-30.99.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP5 / java-1_8_0-ibm

Package

Name
java-1_8_0-ibm
Purl
purl:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.0_sr7.20-30.99.1

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-ibm-alsa": "1.8.0_sr7.20-30.99.1",
            "java-1_8_0-ibm-plugin": "1.8.0_sr7.20-30.99.1",
            "java-1_8_0-ibm-devel": "1.8.0_sr7.20-30.99.1",
            "java-1_8_0-ibm": "1.8.0_sr7.20-30.99.1"
        }
    ]
}