SUSE-SU-2022:4166-1

See a problem?

Import Source

https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2022:4166-1.json

JSON Data

https://api.osv.dev/v1/vulns/SUSE-SU-2022:4166-1

Related

Published

2022-11-22T10:09:13Z

Modified

2022-11-22T10:09:13Z

Summary

Security update for java-1_8_0-ibm

Details

This update for java-180-ibm fixes the following issues:

CVE-2022-21626: An unauthenticated attacker with network access via HTTPS can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204471).
CVE-2022-21618: An unauthenticated attacker with network access via Kerberos can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204468).
CVE-2022-21619: An unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE (bsc#1204473).
CVE-2022-21628: An unauthenticated attacker with network access via HTTP can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204472).
CVE-2022-21624: An unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise (bsc#1204475).
CVE-2022-39399: An unauthenticated attacker with network access via HTTP can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204480).
CVE-2022-21549: Fixed exponentials issue (bsc#1201685).
CVE-2022-21541: Fixed an improper restriction of MethodHandle.invokeBasic() (bsc#1201692).
CVE-2022-34169; Fixed an integer truncation issue in Xalan (bsc#1201684).
CVE-2022-21540: Fixed a class compilation issue (bsc#1201694).
Update to Java 8.0 Service Refresh 7 Fix Pack 20.
- Security:
  - The IBM ORB Does Not Support Object-Serialisation Data Filtering
  - Large Allocation In CipherSuite
  - Avoid Evaluating Sslalgorithmconstraints Twice
  - Cache The Results Of Constraint Checks
  - An incorrect ShortBufferException is thrown by IBMJCEPlus, IBMJCEPlusFIPS during cipher update operation
  - Disable SHA-1 Signed Jars For Ea
  - JSSE Performance Improvement
  - Oracle Road Map Kerberos Deprecation Of 3DES And RC4 Encryption
- Java 8/Orb:
  - Upgrade ibmcfw.jar To Version o2228.02
- Class Libraries:
  - Crash In Libjsor.So During An Rdma Failover
  - High CPU Consumption Observed In ZosEventPort$EventHandlerTask.run
  - Update Timezone Information To The Latest tzdata2022c
- Jit Compiler:
  - Crash During JIT Compilation
  - Incorrect JIT Optimization Of Java Code
  - Incorrect Return From Class.isArray()
  - Unexpected ClassCastException
  - Performance Regression When Calling VM Helper Code On X86
- X/Os Extentions:
  - Add RSA-OAEP Cipher Function To IBMJCECCA
Update to Java 8.0 Service Refresh 7 Fix Pack 16
- Java Virtual Machine
  - Assertion failure at ClassLoaderRememberedSet.cpp
  - Assertion failure at StandardAccessBarrier.cpp when -Xgc:concurrentScavenge is set.
  - GC can have unflushed ownable synchronizer objects which can eventually lead to heap corruption and failure when -Xgc:concurrentScavenge is set.
- JIT Compiler:
  - Incorrect JIT optimization of Java code
  - JAVA JIT Power: JIT compile time assert on AIX or LINUXPPC
- Reliability and Serviceability:
  - javacore with 'kill -3' SIGQUIT signal freezes Java process

References

Affected packages

SUSE:Linux Enterprise Module for Legacy 15 SP3 / java-1_8_0-ibm

Package

Name: java-1_8_0-ibm
Purl: purl:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.0_sr7.20-150000.3.65.1

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-ibm-alsa": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-plugin": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-devel": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm": "1.8.0_sr7.20-150000.3.65.1"
        }
    ]
}

SUSE:Linux Enterprise Module for Legacy 15 SP4 / java-1_8_0-ibm

Package

Name: java-1_8_0-ibm
Purl: purl:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.0_sr7.20-150000.3.65.1

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-ibm-alsa": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-plugin": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-devel": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm": "1.8.0_sr7.20-150000.3.65.1"
        }
    ]
}

SUSE:Linux Enterprise Server 15-LTSS / java-1_8_0-ibm

Package

Name: java-1_8_0-ibm
Purl: purl:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.0_sr7.20-150000.3.65.1

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-ibm-alsa": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-plugin": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-devel": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm": "1.8.0_sr7.20-150000.3.65.1"
        }
    ]
}

SUSE:Linux Enterprise Server 15 SP1-BCL / java-1_8_0-ibm

Package

Name: java-1_8_0-ibm
Purl: purl:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCL

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.0_sr7.20-150000.3.65.1

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-ibm-alsa": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-plugin": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-devel": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm": "1.8.0_sr7.20-150000.3.65.1"
        }
    ]
}

SUSE:Linux Enterprise Server 15 SP1-LTSS / java-1_8_0-ibm

Package

Name: java-1_8_0-ibm
Purl: purl:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.0_sr7.20-150000.3.65.1

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-ibm-alsa": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-plugin": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-devel": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm": "1.8.0_sr7.20-150000.3.65.1"
        }
    ]
}

SUSE:Linux Enterprise Server 15 SP2-LTSS / java-1_8_0-ibm

Package

Name: java-1_8_0-ibm
Purl: purl:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.0_sr7.20-150000.3.65.1

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-ibm-alsa": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-plugin": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-devel": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm": "1.8.0_sr7.20-150000.3.65.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 15 / java-1_8_0-ibm

Package

Name: java-1_8_0-ibm
Purl: purl:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.0_sr7.20-150000.3.65.1

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-ibm-alsa": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-plugin": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-devel": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm": "1.8.0_sr7.20-150000.3.65.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 15 SP1 / java-1_8_0-ibm

Package

Name: java-1_8_0-ibm
Purl: purl:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.0_sr7.20-150000.3.65.1

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-ibm-alsa": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-plugin": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-devel": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm": "1.8.0_sr7.20-150000.3.65.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 15 SP2 / java-1_8_0-ibm

Package

Name: java-1_8_0-ibm
Purl: purl:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.0_sr7.20-150000.3.65.1

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-ibm-alsa": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-plugin": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-devel": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm": "1.8.0_sr7.20-150000.3.65.1"
        }
    ]
}

SUSE:Manager Proxy 4.1 / java-1_8_0-ibm

Package

Name: java-1_8_0-ibm
Purl: purl:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Manager%20Proxy%204.1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.0_sr7.20-150000.3.65.1

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-ibm-alsa": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-plugin": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-devel": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm": "1.8.0_sr7.20-150000.3.65.1"
        }
    ]
}

SUSE:Manager Retail Branch Server 4.1 / java-1_8_0-ibm

Package

Name: java-1_8_0-ibm
Purl: purl:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.0_sr7.20-150000.3.65.1

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-ibm-alsa": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-plugin": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-devel": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm": "1.8.0_sr7.20-150000.3.65.1"
        }
    ]
}

SUSE:Manager Server 4.1 / java-1_8_0-ibm

Package

Name: java-1_8_0-ibm
Purl: purl:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Manager%20Server%204.1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.0_sr7.20-150000.3.65.1

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-ibm-alsa": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-plugin": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-devel": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm": "1.8.0_sr7.20-150000.3.65.1"
        }
    ]
}

SUSE:Enterprise Storage 6 / java-1_8_0-ibm

Package

Name: java-1_8_0-ibm
Purl: purl:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Enterprise%20Storage%206

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.0_sr7.20-150000.3.65.1

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-ibm-alsa": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-plugin": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-devel": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm": "1.8.0_sr7.20-150000.3.65.1"
        }
    ]
}

SUSE:Enterprise Storage 7 / java-1_8_0-ibm

Package

Name: java-1_8_0-ibm
Purl: purl:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Enterprise%20Storage%207

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.0_sr7.20-150000.3.65.1

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-ibm-alsa": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-plugin": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-devel": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm": "1.8.0_sr7.20-150000.3.65.1"
        }
    ]
}

openSUSE:Leap 15.3 / java-1_8_0-ibm

Package

Name: java-1_8_0-ibm
Purl: purl:rpm/suse/java-1_8_0-ibm&distro=openSUSE%20Leap%2015.3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.0_sr7.20-150000.3.65.1

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-ibm-alsa": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-plugin": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-src": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-devel-32bit": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-demo": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-devel": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-32bit": "1.8.0_sr7.20-150000.3.65.1"
        }
    ]
}

openSUSE:Leap 15.4 / java-1_8_0-ibm

Package

Name: java-1_8_0-ibm
Purl: purl:rpm/suse/java-1_8_0-ibm&distro=openSUSE%20Leap%2015.4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.0_sr7.20-150000.3.65.1

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-ibm-alsa": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-plugin": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-src": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-devel-32bit": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-demo": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-devel": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-32bit": "1.8.0_sr7.20-150000.3.65.1"
        }
    ]
}