Описание
Security update for java-1_8_0-ibm
This update for java-1_8_0-ibm fixes the following issues:
- Update to Java 8.0 Service Refresh 8 Fix Pack 10 (bsc#1213541)
- CVE-2022-40609: Fixed an unsafe deserialization flaw which could allow a remote attacker to execute arbitrary code on the system. (bsc#1213934)
- CVE-2023-22041: Fixed a flaw whcih could allow unauthorized access to critical data or complete access. (bsc#1213475)
- CVE-2023-22049: Fixed a flaw which could result in unauthorized update. (bsc#1213482)
- CVE-2023-22045: Fixed a flaw which could result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. (bsc#1213481)
- CVE-2023-22044: Fixed a flaw which could result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. (bsc#1213479)
- CVE-2023-22036: Fixed a flaw which could result in unauthorized ability to cause a partial denial of service. (bsc#1213474)
- CVE-2023-25193: Fixed a flaw which could allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks. (bsc#1207922)
- CVE-2023-22006: Fixed a flaw which could result in unauthorized update, insert or delete access for JDK accessible data. (bsc#1213473)
Список пакетов
SUSE Linux Enterprise Server 12 SP5
java-1_8_0-ibm-1.8.0_sr8.10-30.114.1
java-1_8_0-ibm-alsa-1.8.0_sr8.10-30.114.1
java-1_8_0-ibm-devel-1.8.0_sr8.10-30.114.1
java-1_8_0-ibm-plugin-1.8.0_sr8.10-30.114.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
java-1_8_0-ibm-1.8.0_sr8.10-30.114.1
java-1_8_0-ibm-alsa-1.8.0_sr8.10-30.114.1
java-1_8_0-ibm-devel-1.8.0_sr8.10-30.114.1
java-1_8_0-ibm-plugin-1.8.0_sr8.10-30.114.1
SUSE Linux Enterprise Software Development Kit 12 SP5
java-1_8_0-ibm-devel-1.8.0_sr8.10-30.114.1
Ссылки
- Link for SUSE-SU-2023:3406-1
- E-Mail link for SUSE-SU-2023:3406-1
- SUSE Security Ratings
- SUSE Bug 1214431
- SUSE CVE CVE-2022-40609 page
- SUSE CVE CVE-2023-22006 page
- SUSE CVE CVE-2023-22036 page
- SUSE CVE CVE-2023-22041 page
- SUSE CVE CVE-2023-22044 page
- SUSE CVE CVE-2023-22045 page
- SUSE CVE CVE-2023-22049 page
- SUSE CVE CVE-2023-25193 page
Описание
IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By sending specially-crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 236069.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.10-30.114.1
SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.10-30.114.1
SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.10-30.114.1
SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.10-30.114.1
Ссылки
- CVE-2022-40609
- SUSE Bug 1213934
- SUSE Bug 1214431
Описание
unknown
Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.10-30.114.1
SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.10-30.114.1
SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.10-30.114.1
SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.10-30.114.1
Ссылки
- CVE-2023-22006
- SUSE Bug 1213473
Описание
unknown
Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.10-30.114.1
SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.10-30.114.1
SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.10-30.114.1
SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.10-30.114.1
Ссылки
- CVE-2023-22036
- SUSE Bug 1213474
Описание
unknown
Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.10-30.114.1
SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.10-30.114.1
SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.10-30.114.1
SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.10-30.114.1
Ссылки
- CVE-2023-22041
- SUSE Bug 1213475
Описание
unknown
Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.10-30.114.1
SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.10-30.114.1
SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.10-30.114.1
SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.10-30.114.1
Ссылки
- CVE-2023-22044
- SUSE Bug 1213479
Описание
unknown
Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.10-30.114.1
SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.10-30.114.1
SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.10-30.114.1
SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.10-30.114.1
Ссылки
- CVE-2023-22045
- SUSE Bug 1213481
Описание
unknown
Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.10-30.114.1
SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.10-30.114.1
SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.10-30.114.1
SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.10-30.114.1
Ссылки
- CVE-2023-22049
- SUSE Bug 1213482
Описание
hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.10-30.114.1
SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.10-30.114.1
SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.10-30.114.1
SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.10-30.114.1
Ссылки
- CVE-2023-25193
- SUSE Bug 1207922
- SUSE Bug 1213939