SUSE-SU-2023:2476-1

Опубликовано: 09 июн. 2023

Источник: suse-cvrf

Описание

Security update for java-1_8_0-ibm

This update for java-1_8_0-ibm fixes the following issues:

CVE-2023-21930: Fixed possible compromise from unauthenticated attacker with network access via TLS (bsc#1210628).
CVE-2023-21937: Fixed vulnerability inside the networking component (bsc#1210631).
CVE-2023-21938: Fixed vulnerability inside the library component (bsc#1210632).
CVE-2023-21939: Fixed vulnerability inside the swing component (bsc#1210634).
CVE-2023-21968: Fixed vulnerability inside the library component (bsc#1210637).
CVE-2023-2597: Fixed buffer overflow in shared cache implementation (bsc#1211615).
CVE-2023-21967: Fixed vulnerability inside the JSSE component (bsc#1210636).
CVE-2023-21954: Fixed vulnerability inside the hotspot component (bsc#1210635).

Additional reference fixed already in 8.0.7.15:

CVE-2023-30441: Fixed components that could have exposed sensitive information using a combination of flaws and configurations (bsc#1210711).

Список пакетов

SUSE Linux Enterprise Server 12 SP2-BCL

java-1_8_0-ibm-1.8.0_sr8.5-30.108.1

java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1

java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1

java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1

SUSE Linux Enterprise Server 12 SP4-ESPOS

java-1_8_0-ibm-1.8.0_sr8.5-30.108.1

java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1

java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1

java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1

SUSE Linux Enterprise Server 12 SP4-LTSS

java-1_8_0-ibm-1.8.0_sr8.5-30.108.1

java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1

java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1

java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1

SUSE Linux Enterprise Server 12 SP5

java-1_8_0-ibm-1.8.0_sr8.5-30.108.1

java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1

java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1

java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1

SUSE Linux Enterprise Server for SAP Applications 12 SP4

java-1_8_0-ibm-1.8.0_sr8.5-30.108.1

java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1

java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1

java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1

SUSE Linux Enterprise Server for SAP Applications 12 SP5

java-1_8_0-ibm-1.8.0_sr8.5-30.108.1

java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1

java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1

java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1

SUSE Linux Enterprise Software Development Kit 12 SP5

java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1

SUSE OpenStack Cloud 9

java-1_8_0-ibm-1.8.0_sr8.5-30.108.1

java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1

java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1

java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1

SUSE OpenStack Cloud Crowbar 9

java-1_8_0-ibm-1.8.0_sr8.5-30.108.1

java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1

java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1

java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20232476-1/
Link for SUSE-SU-2023:2476-1
https://lists.suse.com/pipermail/sle-security-updates/2023-June/015130.html
E-Mail link for SUSE-SU-2023:2476-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1210628
SUSE Bug 1210628
https://bugzilla.suse.com/1210631
SUSE Bug 1210631
https://bugzilla.suse.com/1210632
SUSE Bug 1210632
https://bugzilla.suse.com/1210634
SUSE Bug 1210634
https://bugzilla.suse.com/1210635
SUSE Bug 1210635
https://bugzilla.suse.com/1210636
SUSE Bug 1210636
https://bugzilla.suse.com/1210637
SUSE Bug 1210637
https://bugzilla.suse.com/1210711
SUSE Bug 1210711
https://bugzilla.suse.com/1210826
SUSE Bug 1210826
https://bugzilla.suse.com/1211615
SUSE Bug 1211615
https://www.suse.com/security/cve/CVE-2023-21930/
SUSE CVE CVE-2023-21930 page
https://www.suse.com/security/cve/CVE-2023-21937/
SUSE CVE CVE-2023-21937 page
https://www.suse.com/security/cve/CVE-2023-21938/
SUSE CVE CVE-2023-21938 page
https://www.suse.com/security/cve/CVE-2023-21939/
SUSE CVE CVE-2023-21939 page
https://www.suse.com/security/cve/CVE-2023-21954/
SUSE CVE CVE-2023-21954 page
https://www.suse.com/security/cve/CVE-2023-21967/
SUSE CVE CVE-2023-21967 page
https://www.suse.com/security/cve/CVE-2023-21968/
SUSE CVE CVE-2023-21968 page

Описание

unknown

Затронутые продукты

SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1

SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1

SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1

SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-21930.html
CVE-2023-21930
https://bugzilla.suse.com/1210628
SUSE Bug 1210628

Описание

unknown

Затронутые продукты

SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1

SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1

SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1

SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-21937.html
CVE-2023-21937
https://bugzilla.suse.com/1210631
SUSE Bug 1210631

Описание

unknown

Затронутые продукты

SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1

SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1

SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1

SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-21938.html
CVE-2023-21938
https://bugzilla.suse.com/1210632
SUSE Bug 1210632

Описание

unknown

Затронутые продукты

SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1

SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1

SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1

SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-21939.html
CVE-2023-21939
https://bugzilla.suse.com/1210634
SUSE Bug 1210634

Описание

unknown

Затронутые продукты

SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1

SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1

SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1

SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-21954.html
CVE-2023-21954
https://bugzilla.suse.com/1210635
SUSE Bug 1210635

Описание

unknown

Затронутые продукты

SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1

SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1

SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1

SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-21967.html
CVE-2023-21967
https://bugzilla.suse.com/1210636
SUSE Bug 1210636

Описание

unknown

Затронутые продукты

SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1

SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1

SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1

SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-21968.html
CVE-2023-21968
https://bugzilla.suse.com/1210637
SUSE Bug 1210637

Описание

In Eclipse Openj9 before version 0.38.0, in the implementation of the shared cache (which is enabled by default in OpenJ9 builds) the size of a string is not properly checked against the size of the buffer.

Затронутые продукты

SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1

SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1

SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1

SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-2597.html
CVE-2023-2597
https://bugzilla.suse.com/1211615
SUSE Bug 1211615

Описание

IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 components could expose sensitive information using a combination of flaws and configurations. IBM X-Force ID: 253188.

Затронутые продукты

SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1

SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1

SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1

SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-30441.html
CVE-2023-30441
https://bugzilla.suse.com/1210711
SUSE Bug 1210711

SUSE-SU-2023:2476-1

Описание

Список пакетов

SUSE Linux Enterprise Server 12 SP2-BCL

SUSE Linux Enterprise Server 12 SP4-ESPOS

SUSE Linux Enterprise Server 12 SP4-LTSS

SUSE Linux Enterprise Server 12 SP5

SUSE Linux Enterprise Server for SAP Applications 12 SP4

SUSE Linux Enterprise Server for SAP Applications 12 SP5

SUSE Linux Enterprise Software Development Kit 12 SP5

SUSE OpenStack Cloud 9

SUSE OpenStack Cloud Crowbar 9

Ссылки

Уязвимость: CVE-2023-21930

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2023-21937

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2023-21938

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2023-21939

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2023-21954

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2023-21967

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2023-21968

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2023-2597

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2023-30441

Описание

Затронутые продукты

Ссылки