SUSE-SU-2023:1823-1

Source
https://www.suse.com/support/update/announcement/2023/suse-su-20231823-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:1823-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2023:1823-1
Related
Published
2023-04-12T09:36:15Z
Modified
2023-04-12T09:36:15Z
Summary
Security update for java-1_8_0-ibm
Details

This update for java-180-ibm fixes the following issues:

  • Update to Java 8.0 Service Refresh 8 (bsc#1208480):

    • Security fixes:

      • CVE-2023-21830: Fixed improper restrictions in CORBA deserialization (bsc#1207249).
      • CVE-2023-21835: Fixed handshake DoS attack against DTLS connections (bsc#1207246).
      • CVE-2023-21843: Fixed soundbank URL remote loading (bsc#1207248).
    • New Features/Enhancements:

      • Add RSA-PSS signature to IBMJCECCA.
    • Defect Fixes:
      • IJ45437 Service, Build, Packaging and Deliver: Getting FIPSRUNTIMEEXCEPTION when calling java code: MESSAGEDIGEST.GETINSTANCE('SHA256', 'IBMJCEFIPS'); in MAC
      • IJ45272 Class Libraries: Fix security vulnerability CVE-2023-21843
      • IJ45280 Class Libraries: Update timezone information to the latest TZDATA2022F
      • IJ44896 Class Libraries: Update timezone information to the latest TZDATA2022G
      • IJ45436 Java Virtual Machine: Stack walking code gets into endless loop, hanging the application
      • IJ44079 Java Virtual Machine: When -DFILE.ENCODING is specified multiple times on the same command line the first option takes precedence instead of the last
      • IJ44532 JIT Compiler: Java JIT: Crash in DECREFERENCECOUNT() due to a NULL pointer
      • IJ44596 JIT Compiler: Java JIT: Invalid hard-coding of static final field object properties
      • IJ44107 JIT Compiler: JIT publishes new object reference to other threads without executing a memory flush
      • IX90193 ORB: Fix security vulnerability CVE-2023-21830
      • IJ44267 Security: 8273553: SSLENGINEIMPL.CLOSEINBOUND also has similar error of JDK-8253368
      • IJ45148 Security: code changes for tech preview
      • IJ44621 Security: Computing Diffie-Hellman secret repeatedly, using IBMJCEPLUS, causes a small memory leak
      • IJ44172 Security: Disable SHA-1 signed jars for EA
      • IJ44040 Security: Generating Diffie-Hellman key pairs repeatedly, using IBMJCEPLUS, Causes a small memory leak
      • IJ45200 Security: IBMJCEPLUS provider, during CHACHA20-POLY1305 crypto operations, incorrectly throws an ILLEGALSTATEEXCEPTION
      • IJ45182 Security: IBMJCEPLUS provider fails in RSAPSS and ECDSA during signature operations resulting in Java cores
      • IJ45201 Security: IBMJCEPLUS provider failures (two) with AESGCM algorithm
      • IJ45202 Security: KEYTOOL NPE if signing certificate does not contain a SUBJECTKEYIDENTIFIER extension
      • IJ44075 Security: PKCS11KEYSTORE.JAVA - DOESPUBLICKEYMATCHPRIVATEKEY() method uses SHA1XXXX signature algorithms to match private and public keys
      • IJ45203 Security: RSAPSS multiple names for KEYTYPE
      • IJ43920 Security: The PKCS12 keystore update and the PBES2 support
      • IJ40002 XML: Fix security vulnerability CVE-2022-21426
References

Affected packages

SUSE:OpenStack Cloud 9 / java-1_8_0-ibm

Package

Name
java-1_8_0-ibm
Purl
pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20OpenStack%20Cloud%209

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.0_sr8.0-30.105.1

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-ibm-alsa": "1.8.0_sr8.0-30.105.1",
            "java-1_8_0-ibm-plugin": "1.8.0_sr8.0-30.105.1",
            "java-1_8_0-ibm-devel": "1.8.0_sr8.0-30.105.1",
            "java-1_8_0-ibm": "1.8.0_sr8.0-30.105.1"
        }
    ]
}

SUSE:OpenStack Cloud Crowbar 9 / java-1_8_0-ibm

Package

Name
java-1_8_0-ibm
Purl
pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.0_sr8.0-30.105.1

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-ibm-alsa": "1.8.0_sr8.0-30.105.1",
            "java-1_8_0-ibm-plugin": "1.8.0_sr8.0-30.105.1",
            "java-1_8_0-ibm-devel": "1.8.0_sr8.0-30.105.1",
            "java-1_8_0-ibm": "1.8.0_sr8.0-30.105.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP4 / java-1_8_0-ibm

Package

Name
java-1_8_0-ibm
Purl
pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.0_sr8.0-30.105.1

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-ibm-alsa": "1.8.0_sr8.0-30.105.1",
            "java-1_8_0-ibm-plugin": "1.8.0_sr8.0-30.105.1",
            "java-1_8_0-ibm-devel": "1.8.0_sr8.0-30.105.1",
            "java-1_8_0-ibm": "1.8.0_sr8.0-30.105.1"
        }
    ]
}

SUSE:Linux Enterprise Software Development Kit 12 SP5 / java-1_8_0-ibm

Package

Name
java-1_8_0-ibm
Purl
pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.0_sr8.0-30.105.1

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-ibm-devel": "1.8.0_sr8.0-30.105.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP2-BCL / java-1_8_0-ibm

Package

Name
java-1_8_0-ibm
Purl
pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.0_sr8.0-30.105.1

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-ibm-alsa": "1.8.0_sr8.0-30.105.1",
            "java-1_8_0-ibm-plugin": "1.8.0_sr8.0-30.105.1",
            "java-1_8_0-ibm-devel": "1.8.0_sr8.0-30.105.1",
            "java-1_8_0-ibm": "1.8.0_sr8.0-30.105.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP4-ESPOS / java-1_8_0-ibm

Package

Name
java-1_8_0-ibm
Purl
pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-ESPOS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.0_sr8.0-30.105.1

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-ibm-alsa": "1.8.0_sr8.0-30.105.1",
            "java-1_8_0-ibm-plugin": "1.8.0_sr8.0-30.105.1",
            "java-1_8_0-ibm-devel": "1.8.0_sr8.0-30.105.1",
            "java-1_8_0-ibm": "1.8.0_sr8.0-30.105.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP4-LTSS / java-1_8_0-ibm

Package

Name
java-1_8_0-ibm
Purl
pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.0_sr8.0-30.105.1

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-ibm-alsa": "1.8.0_sr8.0-30.105.1",
            "java-1_8_0-ibm-plugin": "1.8.0_sr8.0-30.105.1",
            "java-1_8_0-ibm-devel": "1.8.0_sr8.0-30.105.1",
            "java-1_8_0-ibm": "1.8.0_sr8.0-30.105.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP5 / java-1_8_0-ibm

Package

Name
java-1_8_0-ibm
Purl
pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.0_sr8.0-30.105.1

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-ibm-alsa": "1.8.0_sr8.0-30.105.1",
            "java-1_8_0-ibm-plugin": "1.8.0_sr8.0-30.105.1",
            "java-1_8_0-ibm-devel": "1.8.0_sr8.0-30.105.1",
            "java-1_8_0-ibm": "1.8.0_sr8.0-30.105.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP5 / java-1_8_0-ibm

Package

Name
java-1_8_0-ibm
Purl
pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.0_sr8.0-30.105.1

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-ibm-alsa": "1.8.0_sr8.0-30.105.1",
            "java-1_8_0-ibm-plugin": "1.8.0_sr8.0-30.105.1",
            "java-1_8_0-ibm-devel": "1.8.0_sr8.0-30.105.1",
            "java-1_8_0-ibm": "1.8.0_sr8.0-30.105.1"
        }
    ]
}