SUSE-SU-2022:3092-1
- Source
- https://www.suse.com/support/update/announcement/2022/suse-su-20223092-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2022:3092-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2022:3092-1
- Related
- Published
- 2022-09-06T05:51:30Z
- Modified
- 2022-09-06T05:51:30Z
- Summary
- Security update for java-1_8_0-openj9
- Details
-
This update for java-180-openj9 fixes the following issues:
Updated to OpenJDK 8u345 build 01 with OpenJ9 0.33.0 virtual machine:
- CVE-2022-34169: Fixed an integer truncation issue in the Xalan Java XSLT library that occurred when processing malicious stylesheets (bsc#1201684).
- CVE-2022-21541: Fixed a potential bypass of sandbox restrictions in the Hotspot component (bsc#1201692).
- CVE-2022-21540: Fixed a potential bypass of sandbox restrictions in the Hotspot component (bsc#1201694).
Updated to OpenJDK 8u332 build 09 with OpenJ9 0.32.0 virtual machine:
- CVE-2021-41041: Failed an issue that could allow unverified methods to be invoked using MethodHandles (bsc#1198935).
- CVE-2022-21426: Fixed a remote partial denial of service issue (component: JAXP) (bsc#1198672).
- CVE-2022-21434: Fixed an issue that could allow a remote attacker to update, insert or delete data (component: Libraries) (bsc#1198674).
- CVE-2022-21443: Fixed a remote partial denial of service issue (component: Libraries) (bsc#1198675).
- CVE-2022-21476: Fixed an issue that could allow unauthorized access to confidential data (component: Libraries) (bsc#1198671).
- CVE-2022-21496: Fixed an issue that could allow a remote attacker to update, insert or delete data (component: JNDI) (bsc#1198673).
- References
-
- https://www.suse.com/support/update/announcement/2022/suse-su-20223092-1/
- https://bugzilla.suse.com/1198671
- https://bugzilla.suse.com/1198672
- https://bugzilla.suse.com/1198673
- https://bugzilla.suse.com/1198674
- https://bugzilla.suse.com/1198675
- https://bugzilla.suse.com/1198935
- https://bugzilla.suse.com/1201684
- https://bugzilla.suse.com/1201692
- https://bugzilla.suse.com/1201694
- https://www.suse.com/security/cve/CVE-2021-41041
- https://www.suse.com/security/cve/CVE-2022-21426
- https://www.suse.com/security/cve/CVE-2022-21434
- https://www.suse.com/security/cve/CVE-2022-21443
- https://www.suse.com/security/cve/CVE-2022-21476
- https://www.suse.com/security/cve/CVE-2022-21496
- https://www.suse.com/security/cve/CVE-2022-21540
- https://www.suse.com/security/cve/CVE-2022-21541
- https://www.suse.com/security/cve/CVE-2022-34169
Affected packages
openSUSE:Leap 15.3 / java-1_8_0-openj9
Package
- Name
- java-1_8_0-openj9
- Purl
- purl:rpm/suse/java-1_8_0-openj9&distro=openSUSE%20Leap%2015.3
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.8.0.345-150200.3.24.1
Ecosystem specific
{
"binaries": [
{
"java-1_8_0-openj9-devel": "1.8.0.345-150200.3.24.1",
"java-1_8_0-openj9-javadoc": "1.8.0.345-150200.3.24.1",
"java-1_8_0-openj9-src": "1.8.0.345-150200.3.24.1",
"java-1_8_0-openj9-accessibility": "1.8.0.345-150200.3.24.1",
"java-1_8_0-openj9-headless": "1.8.0.345-150200.3.24.1",
"java-1_8_0-openj9-demo": "1.8.0.345-150200.3.24.1",
"java-1_8_0-openj9": "1.8.0.345-150200.3.24.1"
}
]
}
openSUSE:Leap 15.4 / java-1_8_0-openj9
Package
- Name
- java-1_8_0-openj9
- Purl
- purl:rpm/suse/java-1_8_0-openj9&distro=openSUSE%20Leap%2015.4
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.8.0.345-150200.3.24.1
Ecosystem specific
{
"binaries": [
{
"java-1_8_0-openj9-devel": "1.8.0.345-150200.3.24.1",
"java-1_8_0-openj9-javadoc": "1.8.0.345-150200.3.24.1",
"java-1_8_0-openj9-src": "1.8.0.345-150200.3.24.1",
"java-1_8_0-openj9-accessibility": "1.8.0.345-150200.3.24.1",
"java-1_8_0-openj9-headless": "1.8.0.345-150200.3.24.1",
"java-1_8_0-openj9-demo": "1.8.0.345-150200.3.24.1",
"java-1_8_0-openj9": "1.8.0.345-150200.3.24.1"
}
]
}