Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

SUSE: 2022:2819-1 Important: Java OpenJDK Security Issues Fixed

suse
Calendar Grey August 16, 2022
Dist Suse Esm H88
A crucial security patch for java-1_8_0-openjdk tackles significant vulnerabilities in SUSE Linux operating systems.
An update that solves three vulnerabilities and has one errata is now available

Summary

This update for java-1_8_0-openjdk fixes the following issues: - Updated to version jdk8u345 (icedtea-3.24.0) - CVE-2022-21540: Fixed a potential Java sandbox bypass (bsc#1201694). - CVE-2022-21541: Fixed a potential Java sandbox bypass (bsc#1201692). - CVE-2022-34169: Fixed an issue where arbitrary bytecode could be executed via a malicious stylesheet (bsc#1201684). - Non-security fixes: - Allowed for customization of PKCS12 keystores (bsc#1195163). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-2819=1 - SUSE OpenStack Cloud 9:

Topics%20covered

Topics Covered

security advisory security issue code execution important SUSE sandbox bypass Java OpenJDK

References

#1195163 #1201684 #1201692 #1201694

Cross- CVE-2022-21540 CVE-2022-21541 CVE-2022-34169

CVSS scores:

CVE-2022-21540 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVE-2022-21540 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVE-2022-21541 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

CVE-2022-21541 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

CVE-2022-34169 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2022-34169 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected Products:

SUSE Linux Enterprise Server 12-SP2-BCL

SUSE Linux Enterprise Server 12-SP3-BCL

SUSE Linux Enterprise Server 12-SP4-LTSS

SUSE Linux Enterprise Server 12-SP5

SUSE Linux Enterprise Server for SAP 12-SP4

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:2819-1
Rating: important

Topics%20covered

Topics Covered

security advisory security issue code execution important SUSE sandbox bypass Java OpenJDK

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here