SUSE: 2022:4373-1 moderate: java-1_8_0-openjdk | LinuxSecurity.com

What Are You Looking For?

Popular Tags

Sign Up

   SUSE Security Update: Security update for java-1_8_0-openjdk
______________________________________________________________________________

Announcement ID:    SUSE-SU-2022:4373-1
Rating:             moderate
References:         #1204471 #1204472 #1204473 #1204475 
Cross-References:   CVE-2022-21619 CVE-2022-21624 CVE-2022-21626
                    CVE-2022-21628
CVSS scores:
                    CVE-2022-21619 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
                    CVE-2022-21619 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
                    CVE-2022-21624 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
                    CVE-2022-21624 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
                    CVE-2022-21626 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2022-21626 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2022-21628 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2022-21628 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products:
                    SUSE Linux Enterprise Server 12-SP2-BCL
                    SUSE Linux Enterprise Server 12-SP3-BCL
                    SUSE Linux Enterprise Server 12-SP4-LTSS
                    SUSE Linux Enterprise Server 12-SP5
                    SUSE Linux Enterprise Server for SAP 12-SP4
                    SUSE OpenStack Cloud 9
                    SUSE OpenStack Cloud Crowbar 9
______________________________________________________________________________

   An update that fixes four vulnerabilities is now available.

Description:

   This update for java-1_8_0-openjdk fixes the following issues:

   Update to version jdk8u352 (icedtea-3.25.0):

   - CVE-2022-21619,CVE-2022-21624: Fixed difficult to exploit vulnerability
     allows unauthenticated attacker with network access and can cause
     unauthorized update, insert or delete access via multiple protocols
     (bsc#1204473,bsc#1204475).
   - CVE-2022-21626: Fixed easily exploitable vulnerability allows
     unauthenticated attacker with network access via HTTPS to cause partial
     denial of service (bsc#1204471).
   - CVE-2022-21628: Fixed easily exploitable vulnerability allows
     unauthenticated attacker with network access via HTTP to cause partial
     denial of service (bsc#1204472).


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE OpenStack Cloud Crowbar 9:

      zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-4373=1

   - SUSE OpenStack Cloud 9:

      zypper in -t patch SUSE-OpenStack-Cloud-9-2022-4373=1

   - SUSE Linux Enterprise Server for SAP 12-SP4:

      zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-4373=1

   - SUSE Linux Enterprise Server 12-SP5:

      zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4373=1

   - SUSE Linux Enterprise Server 12-SP4-LTSS:

      zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-4373=1

   - SUSE Linux Enterprise Server 12-SP3-BCL:

      zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-4373=1

   - SUSE Linux Enterprise Server 12-SP2-BCL:

      zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-4373=1



Package List:

   - SUSE OpenStack Cloud Crowbar 9 (x86_64):

      java-1_8_0-openjdk-1.8.0.352-27.81.1
      java-1_8_0-openjdk-debuginfo-1.8.0.352-27.81.1
      java-1_8_0-openjdk-debugsource-1.8.0.352-27.81.1
      java-1_8_0-openjdk-demo-1.8.0.352-27.81.1
      java-1_8_0-openjdk-demo-debuginfo-1.8.0.352-27.81.1
      java-1_8_0-openjdk-devel-1.8.0.352-27.81.1
      java-1_8_0-openjdk-devel-debuginfo-1.8.0.352-27.81.1
      java-1_8_0-openjdk-headless-1.8.0.352-27.81.1
      java-1_8_0-openjdk-headless-debuginfo-1.8.0.352-27.81.1

   - SUSE OpenStack Cloud 9 (x86_64):

      java-1_8_0-openjdk-1.8.0.352-27.81.1
      java-1_8_0-openjdk-debuginfo-1.8.0.352-27.81.1
      java-1_8_0-openjdk-debugsource-1.8.0.352-27.81.1
      java-1_8_0-openjdk-demo-1.8.0.352-27.81.1
      java-1_8_0-openjdk-demo-debuginfo-1.8.0.352-27.81.1
      java-1_8_0-openjdk-devel-1.8.0.352-27.81.1
      java-1_8_0-openjdk-devel-debuginfo-1.8.0.352-27.81.1
      java-1_8_0-openjdk-headless-1.8.0.352-27.81.1
      java-1_8_0-openjdk-headless-debuginfo-1.8.0.352-27.81.1

   - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64):

      java-1_8_0-openjdk-1.8.0.352-27.81.1
      java-1_8_0-openjdk-debuginfo-1.8.0.352-27.81.1
      java-1_8_0-openjdk-debugsource-1.8.0.352-27.81.1
      java-1_8_0-openjdk-demo-1.8.0.352-27.81.1
      java-1_8_0-openjdk-demo-debuginfo-1.8.0.352-27.81.1
      java-1_8_0-openjdk-devel-1.8.0.352-27.81.1
      java-1_8_0-openjdk-devel-debuginfo-1.8.0.352-27.81.1
      java-1_8_0-openjdk-headless-1.8.0.352-27.81.1
      java-1_8_0-openjdk-headless-debuginfo-1.8.0.352-27.81.1

   - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):

      java-1_8_0-openjdk-1.8.0.352-27.81.1
      java-1_8_0-openjdk-debuginfo-1.8.0.352-27.81.1
      java-1_8_0-openjdk-debugsource-1.8.0.352-27.81.1
      java-1_8_0-openjdk-demo-1.8.0.352-27.81.1
      java-1_8_0-openjdk-demo-debuginfo-1.8.0.352-27.81.1
      java-1_8_0-openjdk-devel-1.8.0.352-27.81.1
      java-1_8_0-openjdk-devel-debuginfo-1.8.0.352-27.81.1
      java-1_8_0-openjdk-headless-1.8.0.352-27.81.1
      java-1_8_0-openjdk-headless-debuginfo-1.8.0.352-27.81.1

   - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64):

      java-1_8_0-openjdk-1.8.0.352-27.81.1
      java-1_8_0-openjdk-debuginfo-1.8.0.352-27.81.1
      java-1_8_0-openjdk-debugsource-1.8.0.352-27.81.1
      java-1_8_0-openjdk-demo-1.8.0.352-27.81.1
      java-1_8_0-openjdk-demo-debuginfo-1.8.0.352-27.81.1
      java-1_8_0-openjdk-devel-1.8.0.352-27.81.1
      java-1_8_0-openjdk-devel-debuginfo-1.8.0.352-27.81.1
      java-1_8_0-openjdk-headless-1.8.0.352-27.81.1
      java-1_8_0-openjdk-headless-debuginfo-1.8.0.352-27.81.1

   - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64):

      java-1_8_0-openjdk-1.8.0.352-27.81.1
      java-1_8_0-openjdk-debuginfo-1.8.0.352-27.81.1
      java-1_8_0-openjdk-debugsource-1.8.0.352-27.81.1
      java-1_8_0-openjdk-demo-1.8.0.352-27.81.1
      java-1_8_0-openjdk-demo-debuginfo-1.8.0.352-27.81.1
      java-1_8_0-openjdk-devel-1.8.0.352-27.81.1
      java-1_8_0-openjdk-devel-debuginfo-1.8.0.352-27.81.1
      java-1_8_0-openjdk-headless-1.8.0.352-27.81.1
      java-1_8_0-openjdk-headless-debuginfo-1.8.0.352-27.81.1

   - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):

      java-1_8_0-openjdk-1.8.0.352-27.81.1
      java-1_8_0-openjdk-debuginfo-1.8.0.352-27.81.1
      java-1_8_0-openjdk-debugsource-1.8.0.352-27.81.1
      java-1_8_0-openjdk-demo-1.8.0.352-27.81.1
      java-1_8_0-openjdk-demo-debuginfo-1.8.0.352-27.81.1
      java-1_8_0-openjdk-devel-1.8.0.352-27.81.1
      java-1_8_0-openjdk-devel-debuginfo-1.8.0.352-27.81.1
      java-1_8_0-openjdk-headless-1.8.0.352-27.81.1
      java-1_8_0-openjdk-headless-debuginfo-1.8.0.352-27.81.1


References:

   https://www.suse.com/security/cve/CVE-2022-21619.html
   https://www.suse.com/security/cve/CVE-2022-21624.html
   https://www.suse.com/security/cve/CVE-2022-21626.html
   https://www.suse.com/security/cve/CVE-2022-21628.html
   https://bugzilla.suse.com/1204471
   https://bugzilla.suse.com/1204472
   https://bugzilla.suse.com/1204473
   https://bugzilla.suse.com/1204475

SUSE: 2022:4373-1 moderate: java-1_8_0-openjdk

December 8, 2022
An update that fixes four vulnerabilities is now available

Summary

This update for java-1_8_0-openjdk fixes the following issues: Update to version jdk8u352 (icedtea-3.25.0): - CVE-2022-21619,CVE-2022-21624: Fixed difficult to exploit vulnerability allows unauthenticated attacker with network access and can cause unauthorized update, insert or delete access via multiple protocols (bsc#1204473,bsc#1204475). - CVE-2022-21626: Fixed easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to cause partial denial of service (bsc#1204471). - CVE-2022-21628: Fixed easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to cause partial denial of service (bsc#1204472). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-4373=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-4373=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-4373=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4373=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-4373=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-4373=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-4373=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): java-1_8_0-openjdk-1.8.0.352-27.81.1 java-1_8_0-openjdk-debuginfo-1.8.0.352-27.81.1 java-1_8_0-openjdk-debugsource-1.8.0.352-27.81.1 java-1_8_0-openjdk-demo-1.8.0.352-27.81.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.352-27.81.1 java-1_8_0-openjdk-devel-1.8.0.352-27.81.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.352-27.81.1 java-1_8_0-openjdk-headless-1.8.0.352-27.81.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.352-27.81.1 - SUSE OpenStack Cloud 9 (x86_64): java-1_8_0-openjdk-1.8.0.352-27.81.1 java-1_8_0-openjdk-debuginfo-1.8.0.352-27.81.1 java-1_8_0-openjdk-debugsource-1.8.0.352-27.81.1 java-1_8_0-openjdk-demo-1.8.0.352-27.81.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.352-27.81.1 java-1_8_0-openjdk-devel-1.8.0.352-27.81.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.352-27.81.1 java-1_8_0-openjdk-headless-1.8.0.352-27.81.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.352-27.81.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): java-1_8_0-openjdk-1.8.0.352-27.81.1 java-1_8_0-openjdk-debuginfo-1.8.0.352-27.81.1 java-1_8_0-openjdk-debugsource-1.8.0.352-27.81.1 java-1_8_0-openjdk-demo-1.8.0.352-27.81.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.352-27.81.1 java-1_8_0-openjdk-devel-1.8.0.352-27.81.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.352-27.81.1 java-1_8_0-openjdk-headless-1.8.0.352-27.81.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.352-27.81.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.352-27.81.1 java-1_8_0-openjdk-debuginfo-1.8.0.352-27.81.1 java-1_8_0-openjdk-debugsource-1.8.0.352-27.81.1 java-1_8_0-openjdk-demo-1.8.0.352-27.81.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.352-27.81.1 java-1_8_0-openjdk-devel-1.8.0.352-27.81.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.352-27.81.1 java-1_8_0-openjdk-headless-1.8.0.352-27.81.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.352-27.81.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.352-27.81.1 java-1_8_0-openjdk-debuginfo-1.8.0.352-27.81.1 java-1_8_0-openjdk-debugsource-1.8.0.352-27.81.1 java-1_8_0-openjdk-demo-1.8.0.352-27.81.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.352-27.81.1 java-1_8_0-openjdk-devel-1.8.0.352-27.81.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.352-27.81.1 java-1_8_0-openjdk-headless-1.8.0.352-27.81.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.352-27.81.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): java-1_8_0-openjdk-1.8.0.352-27.81.1 java-1_8_0-openjdk-debuginfo-1.8.0.352-27.81.1 java-1_8_0-openjdk-debugsource-1.8.0.352-27.81.1 java-1_8_0-openjdk-demo-1.8.0.352-27.81.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.352-27.81.1 java-1_8_0-openjdk-devel-1.8.0.352-27.81.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.352-27.81.1 java-1_8_0-openjdk-headless-1.8.0.352-27.81.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.352-27.81.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): java-1_8_0-openjdk-1.8.0.352-27.81.1 java-1_8_0-openjdk-debuginfo-1.8.0.352-27.81.1 java-1_8_0-openjdk-debugsource-1.8.0.352-27.81.1 java-1_8_0-openjdk-demo-1.8.0.352-27.81.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.352-27.81.1 java-1_8_0-openjdk-devel-1.8.0.352-27.81.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.352-27.81.1 java-1_8_0-openjdk-headless-1.8.0.352-27.81.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.352-27.81.1

References

#1204471 #1204472 #1204473 #1204475

Cross- CVE-2022-21619 CVE-2022-21624 CVE-2022-21626

CVE-2022-21628

CVSS scores:

CVE-2022-21619 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

CVE-2022-21619 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

CVE-2022-21624 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

CVE-2022-21624 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

CVE-2022-21626 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CVE-2022-21626 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CVE-2022-21628 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CVE-2022-21628 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products:

SUSE Linux Enterprise Server 12-SP2-BCL

SUSE Linux Enterprise Server 12-SP3-BCL

SUSE Linux Enterprise Server 12-SP4-LTSS

SUSE Linux Enterprise Server 12-SP5

SUSE Linux Enterprise Server for SAP 12-SP4

SUSE OpenStack Cloud 9

SUSE OpenStack Cloud Crowbar 9

https://www.suse.com/security/cve/CVE-2022-21619.html

https://www.suse.com/security/cve/CVE-2022-21624.html

https://www.suse.com/security/cve/CVE-2022-21626.html

https://www.suse.com/security/cve/CVE-2022-21628.html

https://bugzilla.suse.com/1204471

https://bugzilla.suse.com/1204472

https://bugzilla.suse.com/1204473

https://bugzilla.suse.com/1204475

Severity
Announcement ID: SUSE-SU-2022:4373-1
Rating: moderate

Related News

Multiple Easily Exploitable OpenSSL DoS Bugs Fixed

Important Linux Kernel DoS, Code Execution Bugs Fixed

High-Severity ntfs-3g Buffer Overflow Vulns Fixed

Important Fix for c-ares DoS Bug Released

News

Advisories

HOWTOs

Features

Linux Container Security Primer
Email Phishing Using Kali Linux
Is Linux A More Secure Option Than Windows For Businesses?
How Secure Is Linux?
How To Secure Against WordPress Vulnerabilities with Predictive Analysis Detection & Automated Remediation

About Us

Powered By

Footer Logo

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

Learn More About Our Cookie Policy