SUSE-SU-2022:4166-1

Source
https://www.suse.com/support/update/announcement/2022/suse-su-20224166-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2022:4166-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2022:4166-1
Related
Published
2022-11-22T10:09:13Z
Modified
2022-11-22T10:09:13Z
Summary
Security update for java-1_8_0-ibm
Details

This update for java-180-ibm fixes the following issues:

  • CVE-2022-21626: An unauthenticated attacker with network access via HTTPS can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204471).
  • CVE-2022-21618: An unauthenticated attacker with network access via Kerberos can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204468).
  • CVE-2022-21619: An unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE (bsc#1204473).
  • CVE-2022-21628: An unauthenticated attacker with network access via HTTP can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204472).
  • CVE-2022-21624: An unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise (bsc#1204475).
  • CVE-2022-39399: An unauthenticated attacker with network access via HTTP can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204480).
  • CVE-2022-21549: Fixed exponentials issue (bsc#1201685).
  • CVE-2022-21541: Fixed an improper restriction of MethodHandle.invokeBasic() (bsc#1201692).
  • CVE-2022-34169; Fixed an integer truncation issue in Xalan (bsc#1201684).
  • CVE-2022-21540: Fixed a class compilation issue (bsc#1201694).

  • Update to Java 8.0 Service Refresh 7 Fix Pack 20.

    • Security:
      • The IBM ORB Does Not Support Object-Serialisation Data Filtering
      • Large Allocation In CipherSuite
      • Avoid Evaluating Sslalgorithmconstraints Twice
      • Cache The Results Of Constraint Checks
      • An incorrect ShortBufferException is thrown by IBMJCEPlus, IBMJCEPlusFIPS during cipher update operation
      • Disable SHA-1 Signed Jars For Ea
      • JSSE Performance Improvement
      • Oracle Road Map Kerberos Deprecation Of 3DES And RC4 Encryption
    • Java 8/Orb:
      • Upgrade ibmcfw.jar To Version o2228.02
    • Class Libraries:
      • Crash In Libjsor.So During An Rdma Failover
      • High CPU Consumption Observed In ZosEventPort$EventHandlerTask.run
      • Update Timezone Information To The Latest tzdata2022c
    • Jit Compiler:
      • Crash During JIT Compilation
      • Incorrect JIT Optimization Of Java Code
      • Incorrect Return From Class.isArray()
      • Unexpected ClassCastException
      • Performance Regression When Calling VM Helper Code On X86
    • X/Os Extentions:
      • Add RSA-OAEP Cipher Function To IBMJCECCA
  • Update to Java 8.0 Service Refresh 7 Fix Pack 16

    • Java Virtual Machine
      • Assertion failure at ClassLoaderRememberedSet.cpp
      • Assertion failure at StandardAccessBarrier.cpp when -Xgc:concurrentScavenge is set.
      • GC can have unflushed ownable synchronizer objects which can eventually lead to heap corruption and failure when -Xgc:concurrentScavenge is set.
    • JIT Compiler:
      • Incorrect JIT optimization of Java code
      • JAVA JIT Power: JIT compile time assert on AIX or LINUXPPC
    • Reliability and Serviceability:
      • javacore with 'kill -3' SIGQUIT signal freezes Java process
References

Affected packages

SUSE:Linux Enterprise Module for Legacy 15 SP3 / java-1_8_0-ibm

Package

Name
java-1_8_0-ibm
Purl
purl:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.0_sr7.20-150000.3.65.1

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-ibm-alsa": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-plugin": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-devel": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm": "1.8.0_sr7.20-150000.3.65.1"
        }
    ]
}

SUSE:Linux Enterprise Module for Legacy 15 SP4 / java-1_8_0-ibm

Package

Name
java-1_8_0-ibm
Purl
purl:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.0_sr7.20-150000.3.65.1

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-ibm-alsa": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-plugin": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-devel": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm": "1.8.0_sr7.20-150000.3.65.1"
        }
    ]
}

SUSE:Linux Enterprise Server 15-LTSS / java-1_8_0-ibm

Package

Name
java-1_8_0-ibm
Purl
purl:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.0_sr7.20-150000.3.65.1

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-ibm-alsa": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-plugin": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-devel": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm": "1.8.0_sr7.20-150000.3.65.1"
        }
    ]
}

SUSE:Linux Enterprise Server 15 SP1-BCL / java-1_8_0-ibm

Package

Name
java-1_8_0-ibm
Purl
purl:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCL

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.0_sr7.20-150000.3.65.1

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-ibm-alsa": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-plugin": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-devel": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm": "1.8.0_sr7.20-150000.3.65.1"
        }
    ]
}

SUSE:Linux Enterprise Server 15 SP1-LTSS / java-1_8_0-ibm

Package

Name
java-1_8_0-ibm
Purl
purl:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.0_sr7.20-150000.3.65.1

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-ibm-alsa": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-plugin": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-devel": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm": "1.8.0_sr7.20-150000.3.65.1"
        }
    ]
}

SUSE:Linux Enterprise Server 15 SP2-LTSS / java-1_8_0-ibm

Package

Name
java-1_8_0-ibm
Purl
purl:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.0_sr7.20-150000.3.65.1

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-ibm-alsa": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-plugin": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-devel": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm": "1.8.0_sr7.20-150000.3.65.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 15 / java-1_8_0-ibm

Package

Name
java-1_8_0-ibm
Purl
purl:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.0_sr7.20-150000.3.65.1

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-ibm-alsa": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-plugin": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-devel": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm": "1.8.0_sr7.20-150000.3.65.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 15 SP1 / java-1_8_0-ibm

Package

Name
java-1_8_0-ibm
Purl
purl:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.0_sr7.20-150000.3.65.1

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-ibm-alsa": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-plugin": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-devel": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm": "1.8.0_sr7.20-150000.3.65.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 15 SP2 / java-1_8_0-ibm

Package

Name
java-1_8_0-ibm
Purl
purl:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.0_sr7.20-150000.3.65.1

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-ibm-alsa": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-plugin": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-devel": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm": "1.8.0_sr7.20-150000.3.65.1"
        }
    ]
}

SUSE:Manager Proxy 4.1 / java-1_8_0-ibm

Package

Name
java-1_8_0-ibm
Purl
purl:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Manager%20Proxy%204.1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.0_sr7.20-150000.3.65.1

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-ibm-alsa": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-plugin": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-devel": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm": "1.8.0_sr7.20-150000.3.65.1"
        }
    ]
}

SUSE:Manager Retail Branch Server 4.1 / java-1_8_0-ibm

Package

Name
java-1_8_0-ibm
Purl
purl:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.0_sr7.20-150000.3.65.1

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-ibm-alsa": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-plugin": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-devel": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm": "1.8.0_sr7.20-150000.3.65.1"
        }
    ]
}

SUSE:Manager Server 4.1 / java-1_8_0-ibm

Package

Name
java-1_8_0-ibm
Purl
purl:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Manager%20Server%204.1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.0_sr7.20-150000.3.65.1

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-ibm-alsa": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-plugin": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-devel": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm": "1.8.0_sr7.20-150000.3.65.1"
        }
    ]
}

SUSE:Enterprise Storage 6 / java-1_8_0-ibm

Package

Name
java-1_8_0-ibm
Purl
purl:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Enterprise%20Storage%206

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.0_sr7.20-150000.3.65.1

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-ibm-alsa": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-plugin": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-devel": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm": "1.8.0_sr7.20-150000.3.65.1"
        }
    ]
}

SUSE:Enterprise Storage 7 / java-1_8_0-ibm

Package

Name
java-1_8_0-ibm
Purl
purl:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Enterprise%20Storage%207

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.0_sr7.20-150000.3.65.1

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-ibm-alsa": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-plugin": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-devel": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm": "1.8.0_sr7.20-150000.3.65.1"
        }
    ]
}

openSUSE:Leap 15.3 / java-1_8_0-ibm

Package

Name
java-1_8_0-ibm
Purl
purl:rpm/suse/java-1_8_0-ibm&distro=openSUSE%20Leap%2015.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.0_sr7.20-150000.3.65.1

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-ibm-alsa": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-plugin": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-src": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-devel-32bit": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-demo": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-devel": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-32bit": "1.8.0_sr7.20-150000.3.65.1"
        }
    ]
}

openSUSE:Leap 15.4 / java-1_8_0-ibm

Package

Name
java-1_8_0-ibm
Purl
purl:rpm/suse/java-1_8_0-ibm&distro=openSUSE%20Leap%2015.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.0_sr7.20-150000.3.65.1

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-ibm-alsa": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-plugin": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-src": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-devel-32bit": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-demo": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-devel": "1.8.0_sr7.20-150000.3.65.1",
            "java-1_8_0-ibm-32bit": "1.8.0_sr7.20-150000.3.65.1"
        }
    ]
}