SUSE-SU-2023:1850-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:1850-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2023:1850-1
Related
Published
2023-04-14T13:07:14Z
Modified
2023-04-14T13:07:14Z
Summary
Security update for java-1_8_0-ibm
Details

This update for java-180-ibm fixes the following issues:

  • Update to Java 8.0 Service Refresh 8 (bsc#1208480):

    • Security fixes:

      • CVE-2023-21830: Fixed improper restrictions in CORBA deserialization (bsc#1207249).
      • CVE-2023-21835: Fixed handshake DoS attack against DTLS connections (bsc#1207246).
      • CVE-2023-21843: Fixed soundbank URL remote loading (bsc#1207248).
    • New Features/Enhancements:

      • Add RSA-PSS signature to IBMJCECCA.
    • Defect Fixes:
      • IJ45437 Service, Build, Packaging and Deliver: Getting FIPSRUNTIMEEXCEPTION when calling java code: MESSAGEDIGEST.GETINSTANCE('SHA256', 'IBMJCEFIPS'); in MAC
      • IJ45272 Class Libraries: Fix security vulnerability CVE-2023-21843
      • IJ45280 Class Libraries: Update timezone information to the latest TZDATA2022F
      • IJ44896 Class Libraries: Update timezone information to the latest TZDATA2022G
      • IJ45436 Java Virtual Machine: Stack walking code gets into endless loop, hanging the application
      • IJ44079 Java Virtual Machine: When -DFILE.ENCODING is specified multiple times on the same command line the first option takes precedence instead of the last
      • IJ44532 JIT Compiler: Java JIT: Crash in DECREFERENCECOUNT() due to a NULL pointer
      • IJ44596 JIT Compiler: Java JIT: Invalid hard-coding of static final field object properties
      • IJ44107 JIT Compiler: JIT publishes new object reference to other threads without executing a memory flush
      • IX90193 ORB: Fix security vulnerability CVE-2023-21830
      • IJ44267 Security: 8273553: SSLENGINEIMPL.CLOSEINBOUND also has similar error of JDK-8253368
      • IJ45148 Security: code changes for tech preview
      • IJ44621 Security: Computing Diffie-Hellman secret repeatedly, using IBMJCEPLUS, causes a small memory leak
      • IJ44172 Security: Disable SHA-1 signed jars for EA
      • IJ44040 Security: Generating Diffie-Hellman key pairs repeatedly, using IBMJCEPLUS, Causes a small memory leak
      • IJ45200 Security: IBMJCEPLUS provider, during CHACHA20-POLY1305 crypto operations, incorrectly throws an ILLEGALSTATEEXCEPTION
      • IJ45182 Security: IBMJCEPLUS provider fails in RSAPSS and ECDSA during signature operations resulting in Java cores
      • IJ45201 Security: IBMJCEPLUS provider failures (two) with AESGCM algorithm
      • IJ45202 Security: KEYTOOL NPE if signing certificate does not contain a SUBJECTKEYIDENTIFIER extension
      • IJ44075 Security: PKCS11KEYSTORE.JAVA - DOESPUBLICKEYMATCHPRIVATEKEY() method uses SHA1XXXX signature algorithms to match private and public keys
      • IJ45203 Security: RSAPSS multiple names for KEYTYPE
      • IJ43920 Security: The PKCS12 keystore update and the PBES2 support
      • IJ40002 XML: Fix security vulnerability CVE-2022-21426
References

Affected packages

SUSE:Linux Enterprise Module for Legacy 15 SP4 / java-1_8_0-ibm

Package

Name
java-1_8_0-ibm
Purl
purl:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.0_sr8.0-150000.3.71.1

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-ibm-alsa": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm-plugin": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm-devel": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm": "1.8.0_sr8.0-150000.3.71.1"
        }
    ]
}

SUSE:Linux Enterprise High Performance Computing 15 SP3-ESPOS / java-1_8_0-ibm

Package

Name
java-1_8_0-ibm
Purl
purl:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.0_sr8.0-150000.3.71.1

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-ibm-alsa": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm-plugin": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm-devel": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm": "1.8.0_sr8.0-150000.3.71.1"
        }
    ]
}

SUSE:Linux Enterprise High Performance Computing 15 SP3-LTSS / java-1_8_0-ibm

Package

Name
java-1_8_0-ibm
Purl
purl:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.0_sr8.0-150000.3.71.1

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-ibm-alsa": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm-plugin": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm-devel": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm": "1.8.0_sr8.0-150000.3.71.1"
        }
    ]
}

SUSE:Linux Enterprise Server 15 SP1-LTSS / java-1_8_0-ibm

Package

Name
java-1_8_0-ibm
Purl
purl:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.0_sr8.0-150000.3.71.1

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-ibm-alsa": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm-plugin": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm-devel": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm": "1.8.0_sr8.0-150000.3.71.1"
        }
    ]
}

SUSE:Linux Enterprise Server 15 SP2-LTSS / java-1_8_0-ibm

Package

Name
java-1_8_0-ibm
Purl
purl:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.0_sr8.0-150000.3.71.1

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-ibm-alsa": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm-plugin": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm-devel": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm": "1.8.0_sr8.0-150000.3.71.1"
        }
    ]
}

SUSE:Linux Enterprise Server 15 SP3-LTSS / java-1_8_0-ibm

Package

Name
java-1_8_0-ibm
Purl
purl:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.0_sr8.0-150000.3.71.1

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-ibm-alsa": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm-plugin": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm-devel": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm": "1.8.0_sr8.0-150000.3.71.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 15 SP1 / java-1_8_0-ibm

Package

Name
java-1_8_0-ibm
Purl
purl:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.0_sr8.0-150000.3.71.1

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-ibm-alsa": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm-plugin": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm-devel": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm": "1.8.0_sr8.0-150000.3.71.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 15 SP2 / java-1_8_0-ibm

Package

Name
java-1_8_0-ibm
Purl
purl:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.0_sr8.0-150000.3.71.1

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-ibm-alsa": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm-plugin": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm-devel": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm": "1.8.0_sr8.0-150000.3.71.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 15 SP3 / java-1_8_0-ibm

Package

Name
java-1_8_0-ibm
Purl
purl:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.0_sr8.0-150000.3.71.1

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-ibm-alsa": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm-plugin": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm-devel": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm": "1.8.0_sr8.0-150000.3.71.1"
        }
    ]
}

SUSE:Enterprise Storage 7 / java-1_8_0-ibm

Package

Name
java-1_8_0-ibm
Purl
purl:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Enterprise%20Storage%207

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.0_sr8.0-150000.3.71.1

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-ibm-alsa": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm-plugin": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm-devel": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm": "1.8.0_sr8.0-150000.3.71.1"
        }
    ]
}

SUSE:Enterprise Storage 7.1 / java-1_8_0-ibm

Package

Name
java-1_8_0-ibm
Purl
purl:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Enterprise%20Storage%207.1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.0_sr8.0-150000.3.71.1

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-ibm-alsa": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm-plugin": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm-devel": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm": "1.8.0_sr8.0-150000.3.71.1"
        }
    ]
}

openSUSE:Leap 15.4 / java-1_8_0-ibm

Package

Name
java-1_8_0-ibm
Purl
purl:rpm/suse/java-1_8_0-ibm&distro=openSUSE%20Leap%2015.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.0_sr8.0-150000.3.71.1

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-ibm-alsa": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm-plugin": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm-src": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm-devel-32bit": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm-demo": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm-devel": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm-32bit": "1.8.0_sr8.0-150000.3.71.1"
        }
    ]
}