SUSE-SU-2023:1850-1

See a problem?
Please try reporting it to the source first.

Source

https://www.suse.com/support/update/announcement/2023/suse-su-20231850-1/

Import Source

https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:1850-1.json

JSON Data

https://api.osv.dev/v1/vulns/SUSE-SU-2023:1850-1

Related

Published

2023-04-14T13:07:14Z

Modified

2023-04-14T13:07:14Z

Summary

Security update for java-1_8_0-ibm

Details

This update for java-180-ibm fixes the following issues:

Update to Java 8.0 Service Refresh 8 (bsc#1208480):
- Security fixes:
  - CVE-2023-21830: Fixed improper restrictions in CORBA deserialization (bsc#1207249).
  - CVE-2023-21835: Fixed handshake DoS attack against DTLS connections (bsc#1207246).
  - CVE-2023-21843: Fixed soundbank URL remote loading (bsc#1207248).
- New Features/Enhancements:
  - Add RSA-PSS signature to IBMJCECCA.
- Defect Fixes:
  - IJ45437 Service, Build, Packaging and Deliver: Getting FIPSRUNTIMEEXCEPTION when calling java code: MESSAGEDIGEST.GETINSTANCE('SHA256', 'IBMJCEFIPS'); in MAC
  - IJ45272 Class Libraries: Fix security vulnerability CVE-2023-21843
  - IJ45280 Class Libraries: Update timezone information to the latest TZDATA2022F
  - IJ44896 Class Libraries: Update timezone information to the latest TZDATA2022G
  - IJ45436 Java Virtual Machine: Stack walking code gets into endless loop, hanging the application
  - IJ44079 Java Virtual Machine: When -DFILE.ENCODING is specified multiple times on the same command line the first option takes precedence instead of the last
  - IJ44532 JIT Compiler: Java JIT: Crash in DECREFERENCECOUNT() due to a NULL pointer
  - IJ44596 JIT Compiler: Java JIT: Invalid hard-coding of static final field object properties
  - IJ44107 JIT Compiler: JIT publishes new object reference to other threads without executing a memory flush
  - IX90193 ORB: Fix security vulnerability CVE-2023-21830
  - IJ44267 Security: 8273553: SSLENGINEIMPL.CLOSEINBOUND also has similar error of JDK-8253368
  - IJ45148 Security: code changes for tech preview
  - IJ44621 Security: Computing Diffie-Hellman secret repeatedly, using IBMJCEPLUS, causes a small memory leak
  - IJ44172 Security: Disable SHA-1 signed jars for EA
  - IJ44040 Security: Generating Diffie-Hellman key pairs repeatedly, using IBMJCEPLUS, Causes a small memory leak
  - IJ45200 Security: IBMJCEPLUS provider, during CHACHA20-POLY1305 crypto operations, incorrectly throws an ILLEGALSTATEEXCEPTION
  - IJ45182 Security: IBMJCEPLUS provider fails in RSAPSS and ECDSA during signature operations resulting in Java cores
  - IJ45201 Security: IBMJCEPLUS provider failures (two) with AESGCM algorithm
  - IJ45202 Security: KEYTOOL NPE if signing certificate does not contain a SUBJECTKEYIDENTIFIER extension
  - IJ44075 Security: PKCS11KEYSTORE.JAVA - DOESPUBLICKEYMATCHPRIVATEKEY() method uses SHA1XXXX signature algorithms to match private and public keys
  - IJ45203 Security: RSAPSS multiple names for KEYTYPE
  - IJ43920 Security: The PKCS12 keystore update and the PBES2 support
  - IJ40002 XML: Fix security vulnerability CVE-2022-21426

References

Affected packages

SUSE:Linux Enterprise Module for Legacy 15 SP4 / java-1_8_0-ibm

Package

Name: java-1_8_0-ibm
Purl: purl:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.0_sr8.0-150000.3.71.1

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-ibm-alsa": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm-plugin": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm-devel": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm": "1.8.0_sr8.0-150000.3.71.1"
        }
    ]
}

SUSE:Linux Enterprise High Performance Computing 15 SP3-ESPOS / java-1_8_0-ibm

Package

Name: java-1_8_0-ibm
Purl: purl:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.0_sr8.0-150000.3.71.1

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-ibm-alsa": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm-plugin": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm-devel": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm": "1.8.0_sr8.0-150000.3.71.1"
        }
    ]
}

SUSE:Linux Enterprise High Performance Computing 15 SP3-LTSS / java-1_8_0-ibm

Package

Name: java-1_8_0-ibm
Purl: purl:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.0_sr8.0-150000.3.71.1

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-ibm-alsa": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm-plugin": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm-devel": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm": "1.8.0_sr8.0-150000.3.71.1"
        }
    ]
}

SUSE:Linux Enterprise Server 15 SP1-LTSS / java-1_8_0-ibm

Package

Name: java-1_8_0-ibm
Purl: purl:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.0_sr8.0-150000.3.71.1

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-ibm-alsa": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm-plugin": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm-devel": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm": "1.8.0_sr8.0-150000.3.71.1"
        }
    ]
}

SUSE:Linux Enterprise Server 15 SP2-LTSS / java-1_8_0-ibm

Package

Name: java-1_8_0-ibm
Purl: purl:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.0_sr8.0-150000.3.71.1

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-ibm-alsa": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm-plugin": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm-devel": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm": "1.8.0_sr8.0-150000.3.71.1"
        }
    ]
}

SUSE:Linux Enterprise Server 15 SP3-LTSS / java-1_8_0-ibm

Package

Name: java-1_8_0-ibm
Purl: purl:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.0_sr8.0-150000.3.71.1

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-ibm-alsa": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm-plugin": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm-devel": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm": "1.8.0_sr8.0-150000.3.71.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 15 SP1 / java-1_8_0-ibm

Package

Name: java-1_8_0-ibm
Purl: purl:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.0_sr8.0-150000.3.71.1

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-ibm-alsa": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm-plugin": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm-devel": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm": "1.8.0_sr8.0-150000.3.71.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 15 SP2 / java-1_8_0-ibm

Package

Name: java-1_8_0-ibm
Purl: purl:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.0_sr8.0-150000.3.71.1

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-ibm-alsa": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm-plugin": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm-devel": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm": "1.8.0_sr8.0-150000.3.71.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 15 SP3 / java-1_8_0-ibm

Package

Name: java-1_8_0-ibm
Purl: purl:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.0_sr8.0-150000.3.71.1

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-ibm-alsa": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm-plugin": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm-devel": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm": "1.8.0_sr8.0-150000.3.71.1"
        }
    ]
}

SUSE:Enterprise Storage 7 / java-1_8_0-ibm

Package

Name: java-1_8_0-ibm
Purl: purl:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Enterprise%20Storage%207

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.0_sr8.0-150000.3.71.1

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-ibm-alsa": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm-plugin": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm-devel": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm": "1.8.0_sr8.0-150000.3.71.1"
        }
    ]
}

SUSE:Enterprise Storage 7.1 / java-1_8_0-ibm

Package

Name: java-1_8_0-ibm
Purl: purl:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Enterprise%20Storage%207.1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.0_sr8.0-150000.3.71.1

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-ibm-alsa": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm-plugin": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm-devel": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm": "1.8.0_sr8.0-150000.3.71.1"
        }
    ]
}

openSUSE:Leap 15.4 / java-1_8_0-ibm

Package

Name: java-1_8_0-ibm
Purl: purl:rpm/suse/java-1_8_0-ibm&distro=openSUSE%20Leap%2015.4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.0_sr8.0-150000.3.71.1

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-ibm-alsa": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm-plugin": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm-src": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm-devel-32bit": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm-demo": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm-devel": "1.8.0_sr8.0-150000.3.71.1",
            "java-1_8_0-ibm-32bit": "1.8.0_sr8.0-150000.3.71.1"
        }
    ]
}