Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

SUSE: 2024:1859-1 Important: Java-1_8_0-ibm Security Threat Resolutions

suse
Calendar Grey August 19, 2024
Dist Suse Esm H88
Protection patch for java-1_8_0-ibm addresses severe vulnerabilities of significant concern impacting SUSE systems.
* bsc#1222979 * bsc#1222983 * bsc#1222984 * bsc#1222986 * bsc#1222987

Summary

## This update for java-1_8_0-ibm fixes the following issues: Update to Java 8.0 Service Refresh 8 Fix Pack 25 (bsc#1223470): * CVE-2023-38264: Fixed Object Request Broker (ORB) denial of service (bsc#1224164). * CVE-2024-21094: Fixed C2 compilation fails with "Exceeded _node_regs array" (bsc#1222986). * CVE-2024-21068: Fixed integer overflow in C1 compiler address generation (bsc#1222983). * CVE-2024-21085: Fixed Pack200 excessive memory allocation (bsc#1222984). * CVE-2024-21011: Fixed Long Exception message leading to crash (bsc#1222979). * CVE-2024-21012: Fixed HTTP/2 client improper reverse DNS lookup (bsc#1222987). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

Topics%20covered

Topics Covered

security advisory denial of service update important SUSE java-1_8_0-ibm

References

* bsc#1222979

* bsc#1222983

* bsc#1222984

* bsc#1222986

* bsc#1222987

* bsc#1223470

* bsc#1224164

Cross-

* CVE-2023-38264

* CVE-2024-21011

* CVE-2024-21012

* CVE-2024-21068

* CVE-2024-21085

* CVE-2024-21094

CVSS scores:

* CVE-2023-38264 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-21011 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

* CVE-2024-21012 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

* CVE-2024-21068 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

* CVE-2024-21085 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

* CVE-2024-21094 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Affected Products:

* Legacy Module 15-SP5

* Legacy Module 15-SP6

* openSUSE Leap 15.5

* openSUSE Leap 15.6

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2024:1859-1
Rating: important

Topics%20covered

Topics Covered

security advisory denial of service update important SUSE java-1_8_0-ibm

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here