Alerts This Week
Warning Icon 1 681
Alerts This Week
Warning Icon 1 681

openSUSE: 2023:3441-1 Important: Java 8 Critical Update for Security Issues

opensuse
Calendar Grey August 28, 2023
Dist Opensuse Esm H88
The upgrade for java-1_8_0-ibm addresses various security vulnerabilities and includes fixes to strengthen the overall security framework.
This update for java-1_8_0-ibm fixes the following issues: Update to Java 8.0 Service Refresh 8 Fix Pack 10 (bsc#1213541) CVE-2022-40609: Fixed an unsafe deserialization flaw which...

Description

This update for java-1_8_0-ibm fixes the following issues:

* Update to Java 8.0 Service Refresh 8 Fix Pack 10 (bsc#1213541)

* CVE-2022-40609: Fixed an unsafe deserialization flaw which could allow a

remote attacker to execute arbitrary code on the system. (bsc#1213934)

* CVE-2023-22041: Fixed a flaw whcih could allow unauthorized access to

critical data or complete access. (bsc#1213475)

* CVE-2023-22049: Fixed a flaw which could result in unauthorized update.

(bsc#1213482)

* CVE-2023-22045: Fixed a flaw which could result in unauthorized read access

to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle

GraalVM for JDK accessible data. (bsc#1213481)

* CVE-2023-22044: Fixed a flaw which could result in unauthorized read access

to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle

GraalVM for JDK accessible data. (bsc#1213479)

* CVE-2023-22036: Fixed a flaw which could result in unauthorized ability to

...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory unauthorized access software update security patch Java openSUSE deserialization issue

Patch

## Patch Instructions:

To install this SUSE Important update use the SUSE recommended installation

methods like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4

zypper in -t patch openSUSE-SLE-15.4-2023-3441=1

* openSUSE Leap 15.5

zypper in -t patch openSUSE-SLE-15.5-2023-3441=1

* Legacy Module 15-SP4

zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2023-3441=1

* Legacy Module 15-SP5

zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2023-3441=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3

zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3441=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3

zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3441=1

* SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1

zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3441=1

* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2

zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3441=1

* SUSE Linux...

Read the Full Advisory

Package List

* openSUSE Leap 15.4 (nosrc ppc64le s390x x86_64)

* java-1_8_0-ibm-1.8.0_sr8.10-150000.3.80.1

* openSUSE Leap 15.4 (x86_64)

* java-1_8_0-ibm-plugin-1.8.0_sr8.10-150000.3.80.1

* java-1_8_0-ibm-devel-32bit-1.8.0_sr8.10-150000.3.80.1

* java-1_8_0-ibm-alsa-1.8.0_sr8.10-150000.3.80.1

* java-1_8_0-ibm-32bit-1.8.0_sr8.10-150000.3.80.1

* openSUSE Leap 15.4 (ppc64le s390x x86_64)

* java-1_8_0-ibm-demo-1.8.0_sr8.10-150000.3.80.1

* java-1_8_0-ibm-devel-1.8.0_sr8.10-150000.3.80.1

* java-1_8_0-ibm-src-1.8.0_sr8.10-150000.3.80.1

* openSUSE Leap 15.5 (nosrc ppc64le s390x x86_64)

* java-1_8_0-ibm-1.8.0_sr8.10-150000.3.80.1

* openSUSE Leap 15.5 (x86_64)

* java-1_8_0-ibm-plugin-1.8.0_sr8.10-150000.3.80.1

* java-1_8_0-ibm-devel-32bit-1.8.0_sr8.10-150000.3.80.1

* java-1_8_0-ibm-alsa-1.8.0_sr8.10-150000.3.80.1

* java-1_8_0-ibm-32bit-1.8.0_sr8.10-150000.3.80.1

* openSUSE Leap 15.5 (ppc64le s390x x86_64)

* java-1_8_0-ibm-demo-1.8.0_sr8.10-150000.3.80.1

* java-1_8_0-ibm-devel-1.8.0_sr8.10-150000.3.80.1

*...

Read the Full Advisory

References

* #1207922

* #1213473

* #1213474

* #1213475

* #1213479

* #1213481

* #1213482

* #1213541

* #1213934

* #1214431

## References:

* https://www.suse.com/security/cve/CVE-2022-40609.html

* https://www.suse.com/security/cve/CVE-2023-22006.html

* https://www.suse.com/security/cve/CVE-2023-22036.html

* https://www.suse.com/security/cve/CVE-2023-22041.html

* https://www.suse.com/security/cve/CVE-2023-22044.html

* https://www.suse.com/security/cve/CVE-2023-22045.html

* https://www.suse.com/security/cve/CVE-2023-22049.html

* https://www.suse.com/security/cve/CVE-2023-25193.html

* https://bugzilla.suse.com/show_bug.cgi?id=1207922

* https://bugzilla.suse.com/show_bug.cgi?id=1213473

* https://bugzilla.suse.com/show_bug.cgi?id=1213474

* https://bugzilla.suse.com/show_bug.cgi?id=1213475

* https://bugzilla.suse.com/show_bug.cgi?id=1213479

* https://bugzilla.suse.com/show_bug.cgi?id=1213481

* https://bugzilla.suse.com/show_bug.cgi?id=1213482

* https://bugzilla.suse.com/show_bug.cgi?id=1213541

*...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2023:3441-1
Rating: important

Topics%20covered

Topics Covered

security advisory unauthorized access software update security patch Java openSUSE deserialization issue

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here