exploitDog

SUSE-SU-2022:4602-1

Опубликовано: 21 дек. 2022

Источник: suse-cvrf

Описание

Security update for java-1_8_0-ibm

This update for java-1_8_0-ibm fixes the following issues:

IBM Security Update November 2022: (bsc#1205302, bsc#1204703)

CVE-2022-3676: A security vulnerability was fixed in version 8.0.7.20, adding the reference here.

Список пакетов

SUSE Linux Enterprise Server 12 SP2-BCL

java-1_8_0-ibm-1.8.0_sr7.20-30.102.1

java-1_8_0-ibm-alsa-1.8.0_sr7.20-30.102.1

java-1_8_0-ibm-devel-1.8.0_sr7.20-30.102.1

java-1_8_0-ibm-plugin-1.8.0_sr7.20-30.102.1

SUSE Linux Enterprise Server 12 SP4-LTSS

java-1_8_0-ibm-1.8.0_sr7.20-30.102.1

java-1_8_0-ibm-alsa-1.8.0_sr7.20-30.102.1

java-1_8_0-ibm-devel-1.8.0_sr7.20-30.102.1

java-1_8_0-ibm-plugin-1.8.0_sr7.20-30.102.1

SUSE Linux Enterprise Server 12 SP5

java-1_8_0-ibm-1.8.0_sr7.20-30.102.1

java-1_8_0-ibm-alsa-1.8.0_sr7.20-30.102.1

java-1_8_0-ibm-devel-1.8.0_sr7.20-30.102.1

java-1_8_0-ibm-plugin-1.8.0_sr7.20-30.102.1

SUSE Linux Enterprise Server for SAP Applications 12 SP4

java-1_8_0-ibm-1.8.0_sr7.20-30.102.1

java-1_8_0-ibm-alsa-1.8.0_sr7.20-30.102.1

java-1_8_0-ibm-devel-1.8.0_sr7.20-30.102.1

java-1_8_0-ibm-plugin-1.8.0_sr7.20-30.102.1

SUSE Linux Enterprise Server for SAP Applications 12 SP5

java-1_8_0-ibm-1.8.0_sr7.20-30.102.1

java-1_8_0-ibm-alsa-1.8.0_sr7.20-30.102.1

java-1_8_0-ibm-devel-1.8.0_sr7.20-30.102.1

java-1_8_0-ibm-plugin-1.8.0_sr7.20-30.102.1

SUSE Linux Enterprise Software Development Kit 12 SP5

java-1_8_0-ibm-devel-1.8.0_sr7.20-30.102.1

SUSE OpenStack Cloud 9

java-1_8_0-ibm-1.8.0_sr7.20-30.102.1

java-1_8_0-ibm-alsa-1.8.0_sr7.20-30.102.1

java-1_8_0-ibm-devel-1.8.0_sr7.20-30.102.1

java-1_8_0-ibm-plugin-1.8.0_sr7.20-30.102.1

SUSE OpenStack Cloud Crowbar 9

java-1_8_0-ibm-1.8.0_sr7.20-30.102.1

java-1_8_0-ibm-alsa-1.8.0_sr7.20-30.102.1

java-1_8_0-ibm-devel-1.8.0_sr7.20-30.102.1

java-1_8_0-ibm-plugin-1.8.0_sr7.20-30.102.1

Ссылки

https://www.suse.com/support/update/announcement/2022/suse-su-20224602-1/
Link for SUSE-SU-2022:4602-1
https://lists.suse.com/pipermail/sle-security-updates/2022-December/013304.html
E-Mail link for SUSE-SU-2022:4602-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1204703
SUSE Bug 1204703
https://bugzilla.suse.com/1205302
SUSE Bug 1205302
https://www.suse.com/security/cve/CVE-2022-3676/
SUSE CVE CVE-2022-3676 page

Описание

In Eclipse Openj9 before version 0.35.0, interface calls can be inlined without a runtime type check. Malicious bytecode could make use of this inlining to access or modify memory via an incompatible type.

Затронутые продукты

SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-1.8.0_sr7.20-30.102.1

SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-alsa-1.8.0_sr7.20-30.102.1

SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-devel-1.8.0_sr7.20-30.102.1

SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-plugin-1.8.0_sr7.20-30.102.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-3676.html
CVE-2022-3676
https://bugzilla.suse.com/1204703
SUSE Bug 1204703