SUSE-SU-2022:4166-1
- Source
- https://www.suse.com/support/update/announcement/2022/suse-su-20224166-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2022:4166-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2022:4166-1
- Related
- Published
- 2022-11-22T10:09:13Z
- Modified
- 2022-11-22T10:09:13Z
- Summary
- Security update for java-1_8_0-ibm
- Details
-
This update for java-180-ibm fixes the following issues:
- CVE-2022-21626: An unauthenticated attacker with network access via HTTPS can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204471).
- CVE-2022-21618: An unauthenticated attacker with network access via Kerberos can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204468).
- CVE-2022-21619: An unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE (bsc#1204473).
- CVE-2022-21628: An unauthenticated attacker with network access via HTTP can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204472).
- CVE-2022-21624: An unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise (bsc#1204475).
- CVE-2022-39399: An unauthenticated attacker with network access via HTTP can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204480).
- CVE-2022-21549: Fixed exponentials issue (bsc#1201685).
- CVE-2022-21541: Fixed an improper restriction of MethodHandle.invokeBasic() (bsc#1201692).
- CVE-2022-34169; Fixed an integer truncation issue in Xalan (bsc#1201684).
CVE-2022-21540: Fixed a class compilation issue (bsc#1201694).
Update to Java 8.0 Service Refresh 7 Fix Pack 20.
- Security:
- The IBM ORB Does Not Support Object-Serialisation Data Filtering
- Large Allocation In CipherSuite
- Avoid Evaluating Sslalgorithmconstraints Twice
- Cache The Results Of Constraint Checks
- An incorrect ShortBufferException is thrown by IBMJCEPlus, IBMJCEPlusFIPS during cipher update operation
- Disable SHA-1 Signed Jars For Ea
- JSSE Performance Improvement
- Oracle Road Map Kerberos Deprecation Of 3DES And RC4 Encryption
- Java 8/Orb:
- Upgrade ibmcfw.jar To Version o2228.02
- Class Libraries:
- Crash In Libjsor.So During An Rdma Failover
- High CPU Consumption Observed In ZosEventPort$EventHandlerTask.run
- Update Timezone Information To The Latest tzdata2022c
- Jit Compiler:
- Crash During JIT Compilation
- Incorrect JIT Optimization Of Java Code
- Incorrect Return From Class.isArray()
- Unexpected ClassCastException
- Performance Regression When Calling VM Helper Code On X86
- X/Os Extentions:
- Add RSA-OAEP Cipher Function To IBMJCECCA
- Security:
Update to Java 8.0 Service Refresh 7 Fix Pack 16
- Java Virtual Machine
- Assertion failure at ClassLoaderRememberedSet.cpp
- Assertion failure at StandardAccessBarrier.cpp when -Xgc:concurrentScavenge is set.
- GC can have unflushed ownable synchronizer objects which can eventually lead to heap corruption and failure when -Xgc:concurrentScavenge is set.
- JIT Compiler:
- Incorrect JIT optimization of Java code
- JAVA JIT Power: JIT compile time assert on AIX or LINUXPPC
- Reliability and Serviceability:
- javacore with 'kill -3' SIGQUIT signal freezes Java process
- Java Virtual Machine
- References
-
- https://www.suse.com/support/update/announcement/2022/suse-su-20224166-1/
- https://bugzilla.suse.com/1201684
- https://bugzilla.suse.com/1201685
- https://bugzilla.suse.com/1201692
- https://bugzilla.suse.com/1201694
- https://bugzilla.suse.com/1202427
- https://bugzilla.suse.com/1204468
- https://bugzilla.suse.com/1204471
- https://bugzilla.suse.com/1204472
- https://bugzilla.suse.com/1204473
- https://bugzilla.suse.com/1204475
- https://bugzilla.suse.com/1204480
- https://bugzilla.suse.com/1205302
- https://www.suse.com/security/cve/CVE-2022-21540
- https://www.suse.com/security/cve/CVE-2022-21541
- https://www.suse.com/security/cve/CVE-2022-21549
- https://www.suse.com/security/cve/CVE-2022-21618
- https://www.suse.com/security/cve/CVE-2022-21619
- https://www.suse.com/security/cve/CVE-2022-21624
- https://www.suse.com/security/cve/CVE-2022-21626
- https://www.suse.com/security/cve/CVE-2022-21628
- https://www.suse.com/security/cve/CVE-2022-34169
- https://www.suse.com/security/cve/CVE-2022-39399
Affected packages
SUSE:Linux Enterprise Module for Legacy 15 SP3 / java-1_8_0-ibm
Package
- Name
- java-1_8_0-ibm
- Purl
- purl:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP3
SUSE:Linux Enterprise Module for Legacy 15 SP4 / java-1_8_0-ibm
Package
- Name
- java-1_8_0-ibm
- Purl
- purl:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP4
SUSE:Linux Enterprise Server 15-LTSS / java-1_8_0-ibm
Package
- Name
- java-1_8_0-ibm
- Purl
- purl:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSS
SUSE:Linux Enterprise Server 15 SP1-BCL / java-1_8_0-ibm
Package
- Name
- java-1_8_0-ibm
- Purl
- purl:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCL
SUSE:Linux Enterprise Server 15 SP1-LTSS / java-1_8_0-ibm
Package
- Name
- java-1_8_0-ibm
- Purl
- purl:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS
SUSE:Linux Enterprise Server 15 SP2-LTSS / java-1_8_0-ibm
Package
- Name
- java-1_8_0-ibm
- Purl
- purl:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS
SUSE:Linux Enterprise Server for SAP Applications 15 / java-1_8_0-ibm
Package
- Name
- java-1_8_0-ibm
- Purl
- purl:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015
SUSE:Linux Enterprise Server for SAP Applications 15 SP1 / java-1_8_0-ibm
Package
- Name
- java-1_8_0-ibm
- Purl
- purl:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1
SUSE:Linux Enterprise Server for SAP Applications 15 SP2 / java-1_8_0-ibm
Package
- Name
- java-1_8_0-ibm
- Purl
- purl:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2
SUSE:Manager Proxy 4.1 / java-1_8_0-ibm
Package
- Name
- java-1_8_0-ibm
- Purl
- purl:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Manager%20Proxy%204.1
SUSE:Manager Retail Branch Server 4.1 / java-1_8_0-ibm
Package
- Name
- java-1_8_0-ibm
- Purl
- purl:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1
SUSE:Manager Server 4.1 / java-1_8_0-ibm
Package
- Name
- java-1_8_0-ibm
- Purl
- purl:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Manager%20Server%204.1
SUSE:Enterprise Storage 6 / java-1_8_0-ibm
Package
- Name
- java-1_8_0-ibm
- Purl
- purl:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Enterprise%20Storage%206
SUSE:Enterprise Storage 7 / java-1_8_0-ibm
Package
- Name
- java-1_8_0-ibm
- Purl
- purl:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Enterprise%20Storage%207
openSUSE:Leap 15.3 / java-1_8_0-ibm
Package
- Name
- java-1_8_0-ibm
- Purl
- purl:rpm/suse/java-1_8_0-ibm&distro=openSUSE%20Leap%2015.3
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.8.0_sr7.20-150000.3.65.1
Ecosystem specific
{
"binaries": [
{
"java-1_8_0-ibm-alsa": "1.8.0_sr7.20-150000.3.65.1",
"java-1_8_0-ibm-plugin": "1.8.0_sr7.20-150000.3.65.1",
"java-1_8_0-ibm-src": "1.8.0_sr7.20-150000.3.65.1",
"java-1_8_0-ibm": "1.8.0_sr7.20-150000.3.65.1",
"java-1_8_0-ibm-devel-32bit": "1.8.0_sr7.20-150000.3.65.1",
"java-1_8_0-ibm-demo": "1.8.0_sr7.20-150000.3.65.1",
"java-1_8_0-ibm-devel": "1.8.0_sr7.20-150000.3.65.1",
"java-1_8_0-ibm-32bit": "1.8.0_sr7.20-150000.3.65.1"
}
]
}
openSUSE:Leap 15.4 / java-1_8_0-ibm
Package
- Name
- java-1_8_0-ibm
- Purl
- purl:rpm/suse/java-1_8_0-ibm&distro=openSUSE%20Leap%2015.4
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.8.0_sr7.20-150000.3.65.1
Ecosystem specific
{
"binaries": [
{
"java-1_8_0-ibm-alsa": "1.8.0_sr7.20-150000.3.65.1",
"java-1_8_0-ibm-plugin": "1.8.0_sr7.20-150000.3.65.1",
"java-1_8_0-ibm-src": "1.8.0_sr7.20-150000.3.65.1",
"java-1_8_0-ibm": "1.8.0_sr7.20-150000.3.65.1",
"java-1_8_0-ibm-devel-32bit": "1.8.0_sr7.20-150000.3.65.1",
"java-1_8_0-ibm-demo": "1.8.0_sr7.20-150000.3.65.1",
"java-1_8_0-ibm-devel": "1.8.0_sr7.20-150000.3.65.1",
"java-1_8_0-ibm-32bit": "1.8.0_sr7.20-150000.3.65.1"
}
]
}