Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 12 articles for you...
202
security advisoryunauthorized accesssoftware updateopenSUSE: 2023:3441-1 Important: Java 8 Critical Update for Security Issues
This update for java-1_8_0-ibm fixes the following issues: Update to Java 8.0 Service Refresh 8 Fix Pack 10 (bsc#1213541) CVE-2022-40609: Fixed an unsafe deserialization flaw which could allow a. # Security update for java-1_8_0-ibm Announcement ID: SUSE-SU-2023:3441-1 Rating: important References: * #1207922 * #1213473 * #1213474 * #1213475 * #1213479 * #1213481 * #1213482 * #1213541 * #1213934 * #1214431 Cross-References: * CVE-2022-40609 * CVE-2023-22006 * CVE-2023-22036 * CVE-2023-22041 * CVE-2023-22044 * CVE-2023-22045 * CVE-2023-22049 * CVE-2023-25193 CVSS scores: * CVE-2022-40609 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2022-40609 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-22006 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2023-22006 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2023-22036 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-22036 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-22041 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-22041 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-22044 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2023-22044 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2023-22045 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2023-22045 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2023-22049 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-22049 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-25193 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-25193 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Legacy Module 15-SP4 * Legacy Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE CaaS Platform 4.0 * SUSEEnterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves eight vulnerabilities and has two fixes can now be installed. ## Description: This update for java-1_8_0-ibm fixes the following issues: * Update to Java 8.0 Service Refresh 8 Fix Pack 10 (bsc#1213541) * CVE-2022-40609: Fixed an unsafe deserialization flaw which could allow a remote attacker to execute arbitrary code on the system. (bsc#1213934) * CVE-2023-22041: Fixed a flaw whcih could allow unauthorized access to critical data or complete access. (bsc#1213475) * CVE-2023-22049: Fixed a flaw which could result in unauthorized update. (bsc#1213482) * CVE-2023-22045: Fixed a flaw which could result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. (bsc#1213481) * CVE-2023-22044: Fixed a flaw which could result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVMfor JDK accessible data. (bsc#1213479) * CVE-2023-22036: Fixed a flaw which could result in unauthorized ability to cause a partial denial of service. (bsc#1213474) * CVE-2023-25193: Fixed a flaw which could allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks. (bsc#1207922) * CVE-2023-22006: Fixed a flaw which could result in unauthorized update, insert or delete access for JDK accessible data. (bsc#1213473) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3441=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3441=1 * Legacy Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2023-3441=1 * Legacy Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2023-3441=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3441=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3441=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3441=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3441=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3441=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3441=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3441=1 * SUSE Linux Enterprise Server for SAP Applications 15SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3441=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3441=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-3441=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (nosrc ppc64le s390x x86_64) * java-1_8_0-ibm-1.8.0_sr8.10-150000.3.80.1 * openSUSE Leap 15.4 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.10-150000.3.80.1 * java-1_8_0-ibm-devel-32bit-1.8.0_sr8.10-150000.3.80.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.10-150000.3.80.1 * java-1_8_0-ibm-32bit-1.8.0_sr8.10-150000.3.80.1 * openSUSE Leap 15.4 (ppc64le s390x x86_64) * java-1_8_0-ibm-demo-1.8.0_sr8.10-150000.3.80.1 * java-1_8_0-ibm-devel-1.8.0_sr8.10-150000.3.80.1 * java-1_8_0-ibm-src-1.8.0_sr8.10-150000.3.80.1 * openSUSE Leap 15.5 (nosrc ppc64le s390x x86_64) * java-1_8_0-ibm-1.8.0_sr8.10-150000.3.80.1 * openSUSE Leap 15.5 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.10-150000.3.80.1 * java-1_8_0-ibm-devel-32bit-1.8.0_sr8.10-150000.3.80.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.10-150000.3.80.1 * java-1_8_0-ibm-32bit-1.8.0_sr8.10-150000.3.80.1 * openSUSE Leap 15.5 (ppc64le s390x x86_64) * java-1_8_0-ibm-demo-1.8.0_sr8.10-150000.3.80.1 * java-1_8_0-ibm-devel-1.8.0_sr8.10-150000.3.80.1 * java-1_8_0-ibm-src-1.8.0_sr8.10-150000.3.80.1 * Legacy Module 15-SP4 (nosrc ppc64le s390x x86_64) * java-1_8_0-ibm-1.8.0_sr8.10-150000.3.80.1 * Legacy Module 15-SP4 (ppc64le s390x x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.10-150000.3.80.1 * Legacy Module 15-SP4 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.10-150000.3.80.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.10-150000.3.80.1 * Legacy Module 15-SP5 (nosrc ppc64le s390x x86_64) *java-1_8_0-ibm-1.8.0_sr8.10-150000.3.80.1 * Legacy Module 15-SP5 (ppc64le s390x x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.10-150000.3.80.1 * Legacy Module 15-SP5 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.10-150000.3.80.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.10-150000.3.80.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (nosrc x86_64) * java-1_8_0-ibm-1.8.0_sr8.10-150000.3.80.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.10-150000.3.80.1 * java-1_8_0-ibm-devel-1.8.0_sr8.10-150000.3.80.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.10-150000.3.80.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (nosrc x86_64) * java-1_8_0-ibm-1.8.0_sr8.10-150000.3.80.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.10-150000.3.80.1 * java-1_8_0-ibm-devel-1.8.0_sr8.10-150000.3.80.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.10-150000.3.80.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (nosrc ppc64le s390x x86_64) * java-1_8_0-ibm-1.8.0_sr8.10-150000.3.80.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (ppc64le s390x x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.10-150000.3.80.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.10-150000.3.80.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.10-150000.3.80.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (nosrc ppc64le s390x x86_64) * java-1_8_0-ibm-1.8.0_sr8.10-150000.3.80.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (ppc64le s390x x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.10-150000.3.80.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.10-150000.3.80.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.10-150000.3.80.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (nosrc ppc64le s390x x86_64) * java-1_8_0-ibm-1.8.0_sr8.10-150000.3.80.1 * SUSE Linux Enterprise Server 15 SP3 LTSS15-SP3 (ppc64le s390x x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.10-150000.3.80.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.10-150000.3.80.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.10-150000.3.80.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (nosrc ppc64le x86_64) * java-1_8_0-ibm-1.8.0_sr8.10-150000.3.80.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.10-150000.3.80.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.10-150000.3.80.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.10-150000.3.80.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (nosrc ppc64le x86_64) * java-1_8_0-ibm-1.8.0_sr8.10-150000.3.80.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.10-150000.3.80.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.10-150000.3.80.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.10-150000.3.80.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (nosrc ppc64le x86_64) * java-1_8_0-ibm-1.8.0_sr8.10-150000.3.80.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.10-150000.3.80.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.10-150000.3.80.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.10-150000.3.80.1 * SUSE Enterprise Storage 7.1 (nosrc x86_64) * java-1_8_0-ibm-1.8.0_sr8.10-150000.3.80.1 * SUSE Enterprise Storage 7.1 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.10-150000.3.80.1 * java-1_8_0-ibm-devel-1.8.0_sr8.10-150000.3.80.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.10-150000.3.80.1 * SUSE Enterprise Storage 7 (nosrc x86_64) * java-1_8_0-ibm-1.8.0_sr8.10-150000.3.80.1 * SUSE Enterprise Storage 7 (x86_64) *java-1_8_0-ibm-plugin-1.8.0_sr8.10-150000.3.80.1 * java-1_8_0-ibm-devel-1.8.0_sr8.10-150000.3.80.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.10-150000.3.80.1 * SUSE CaaS Platform 4.0 (nosrc x86_64) * java-1_8_0-ibm-1.8.0_sr8.10-150000.3.80.1 * SUSE CaaS Platform 4.0 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.10-150000.3.80.1 * java-1_8_0-ibm-devel-1.8.0_sr8.10-150000.3.80.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.10-150000.3.80.1 ## References: * https://www.suse.com/security/cve/CVE-2022-40609.html * https://www.suse.com/security/cve/CVE-2023-22006.html * https://www.suse.com/security/cve/CVE-2023-22036.html * https://www.suse.com/security/cve/CVE-2023-22041.html * https://www.suse.com/security/cve/CVE-2023-22044.html * https://www.suse.com/security/cve/CVE-2023-22045.html * https://www.suse.com/security/cve/CVE-2023-22049.html * https://www.suse.com/security/cve/CVE-2023-25193.html * https://bugzilla.suse.com/show_bug.cgi?id=1207922 * https://bugzilla.suse.com/show_bug.cgi?id=1213473 * https://bugzilla.suse.com/show_bug.cgi?id=1213474 * https://bugzilla.suse.com/show_bug.cgi?id=1213475 * https://bugzilla.suse.com/show_bug.cgi?id=1213479 * https://bugzilla.suse.com/show_bug.cgi?id=1213481 * https://bugzilla.suse.com/show_bug.cgi?id=1213482 * https://bugzilla.suse.com/show_bug.cgi?id=1213541 * https://bugzilla.suse.com/show_bug.cgi?id=1213934 * https://bugzilla.suse.com/show_bug.cgi?id=1214431 . The upgrade for java-1_8_0-ibm addresses various security vulnerabilities and includes fixes to strengthen the overall security framework.. Java 8 Update, OpenSUSE Security, Software Fix, Security Patch, Update Instructions. . Severity: Important. LinuxSecurity.com Team
Aug 28, 2023
•Important
OpenSUSE
100
security advisoryupdateimportantSUSE: 2022:2044-1 Important Update For google-gson Deserialization Issue
An update that fixes one vulnerability, contains one feature is now available. . SUSE Security Update: Security update for google-gson ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2044-1 Rating: important References: #1199064 SLE-24261 Cross-References: CVE-2022-25647 CVSS scores: CVE-2022-25647 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-25647 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Module for SUSE Manager Server 4.2 SUSE Linux Enterprise Module for SUSE Manager Server 4.3 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability, contains one feature is now available. Description: This update for google-gson fixes the following issues: - CVE-2022-25647: Fixed deserialization of untrusted data (bsc#1199064). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2044=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2044=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2044=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2044=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2044=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2044=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2044=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2044=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.3: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2022-2044=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-2044=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-2044=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-2044=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2044=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2044=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2044=1 Package List: - openSUSE Leap 15.4 (noarch): google-gson-2.8.9-150200.3.6.3 google-gson-javadoc-2.8.9-150200.3.6.3 - openSUSE Leap 15.3 (noarch): google-gson-2.8.9-150200.3.6.3 google-gson-javadoc-2.8.9-150200.3.6.3 - SUSE Manager Server 4.1 (noarch): google-gson-2.8.9-150200.3.6.3 - SUSE Manager Retail Branch Server 4.1 (noarch): google-gson-2.8.9-150200.3.6.3 - SUSE Manager Proxy 4.1 (noarch): google-gson-2.8.9-150200.3.6.3 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): google-gson-2.8.9-150200.3.6.3 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): google-gson-2.8.9-150200.3.6.3 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): google-gson-2.8.9-150200.3.6.3 - SUSE Linux Enterprise Module for SUSE Manager Server 4.3 (noarch): google-gson-2.8.9-150200.3.6.3 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (noarch): google-gson-2.8.9-150200.3.6.3 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (noarch): google-gson-2.8.9-150200.3.6.3 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): google-gson-2.8.9-150200.3.6.3 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): google-gson-2.8.9-150200.3.6.3 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): google-gson-2.8.9-150200.3.6.3 - SUSE Enterprise Storage 7 (noarch): google-gson-2.8.9-150200.3.6.3 References: https://www.suse.com/security/cve/CVE-2022-25647.html https://bugzilla.suse.com/1199064 . SUSE has issued a security patch for google-gson that tackles a severe vulnerability related to deserialization, aimed at bolstering system protection.. SUSE Security, google-gson Patch, deserialization Fix. . Severity: Important. LinuxSecurity.com Team
Jun 10, 2022
•Important
SuSE
197
security advisorydebianDoS threatDebian LTS: DLA-3001-1 Moderate: libgoogle-gson-java DoS Risk
It was discovered that the package com.google.code.gson:gson before 2.8.9 is vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks. . ------------------------------------------------------------------------- Debian LTS Advisory DLA-3001-1
May 13, 2022
Debian LTS
98
security advisoryRed Hatremote code executionRed Hat JBoss Data Virtualization 6.4.8.SP1 Important: Remote Code Exec
An update is now available for Red Hat JBoss Data Virtualization. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Data Virtualization 6.4.8.SP1 security update Advisory ID: RHSA-2022:0497-01 Product: Red Hat JBoss Data Virtualization Advisory URL: https://access.redhat.com/errata/RHSA-2022:0497 Issue date: 2022-02-09 CVE Names: CVE-2019-17571 CVE-2020-9488 CVE-2021-4104 CVE-2022-23302 CVE-2022-23305 CVE-2022-23307 ==================================================================== 1. Summary: An update is now available for Red Hat JBoss Data Virtualization. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat JBoss Data Virtualization is a lean data integration solution that provides easy, real-time, and unified data access across disparate sources to multiple applications and users. JBoss Data Virtualization makes data spread across physically distinct systems - such as multiple databases, XML files, and even Hadoop systems - appear as a set of tables in a local database. This Service Pack release of Red Hat JBoss Data Virtualization 6.4.8.SP1 (Service Pack 1) serves as a replacement for Red Hat JBoss Data Virtualization 6.4.8, and mitigates the impact of the log4j CVE's referenced in this document by removing the affected classes from the patch. Note: customers should update their EAP 6.4 installation with the corresponding securityfixes that have been released for that (see RHSA-2022:0437 and https://access.redhat.com/site/solutions/625683) Security Fix(es): * log4j: deserialization of untrusted data in SocketServer (CVE-2019-17571) * log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender (CVE-2022-23305) * log4j: Unsafe deserialization flaw in Chainsaw log viewer (CVE-2022-23307) * log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender (CVE-2021-4104) * log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink (CVE-2022-23302) * log4j: improper validation of certificate with host mismatch in SMTP appender (CVE-2020-9488) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link (you must log in to download the update). 4. Bugs fixed (https://bugzilla.redhat.com/): 1785616 - CVE-2019-17571 log4j: deserialization of untrusted data in SocketServer 1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender 2031667 - CVE-2021-4104 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender 2041949 - CVE-2022-23302 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink 2041959 - CVE-2022-23305 log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender 2041967 - CVE-2022-23307 log4j: Unsafe deserialization flaw in Chainsaw log viewer 5.References: https://access.redhat.com/security/cve/CVE-2019-17571 https://access.redhat.com/security/cve/CVE-2020-9488 https://access.redhat.com/security/cve/CVE-2021-4104 https://access.redhat.com/security/cve/CVE-2022-23302 https://access.redhat.com/security/cve/CVE-2022-23305 https://access.redhat.com/security/cve/CVE-2022-23307 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=data.services.platform&downloadType=securityPatches&version=6.4 https://access.redhat.com/documentation/en-us/red_hat_jboss_data_virtualization/6.4/html/release_notes/ 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYgQ8pdzjgjWX9erEAQhibxAApNNpCu1QEqL04k+P/5qAF72t/lJahuXm 2BrICnANDEbog4sSBpIvmIDA0E/uGZWYCtyhYw+bEYfOScIfhecEe4AwsAmkMBCE qpGroP2Dv27f0w0fxUGuekLebKDVjmR5OqMmJTtkeMlLsH/jh05D6/A09afPhjqo NgRkqP46DIQa34rpt5CVJDB06W/gavL+Yj1kfDKfQXQyiGQOjEebFGAznPvhmLIa X0RA2NztJafpU2oI2MuEof6yVMHPf4eZjV7XJN98gbhr0HT+nkgqzIYTqR42CStw szLLu+Smrwjp1w+lHqdKLta/v0ze4r+iI9bIWyuaoG2zlxj6xrQCbXTduzkONsAN eAe6gevya9xRa3yQGdqTp4ajor06mMEP3EwQQEtlOcu8ZbglrAzF5ToLPf8CNnrU HhSwHa2eNH6GmwpmUt7AfTzzixvm1nZW7+in8SIf4TaE2c8fI1s7hl/Mniuvz8r6 qsE/GyNCS17qRGJSUThZzW5hfhlsUP+v3g44CYpmWcKnOUIW8InUdK5WRkjJaWM8 bGnTVqREQaA1tIny9KeILUg+xFmqUM5U9ZeZ5VaQK97SBmc9JxhL2cMDldDj5wcI TcXUL1f91+yCvSD9IcEvjbqBQcMsFXdP8hZc4xO7ZF9QzXeH2jDA9YZpXUg20XtE XI5RNeExtTE=Xke9 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Feb 09, 2022
•Important
Red Hat
202
security advisoryremote code executionimportantopenSUSE: 2022:0226-1 Important: Log4j12 Remote Code Execution
An update that solves three vulnerabilities and has one errata is now available. . openSUSE Security Update: Security update for log4j12 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:0226-1 Rating: important References: #1193184 #1194842 #1194843 #1194844 Cross-References: CVE-2022-23302 CVE-2022-23305 CVE-2022-23307 CVSS scores: CVE-2022-23302 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23302 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-23305 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-23305 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-23307 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Leap 15.4 openSUSE Leap 15.3 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for log4j12 fixes the following issues: - CVE-2022-23307: Fix deserialization issue by removing the chainsaw sub-package. (bsc#1194844) - CVE-2022-23305: Fix SQL injection by removing src/main/java/org/apache/log4j/jdbc/JDBCAppender.java. (bsc#1194843) - CVE-2022-23302: Fix remote code execution by removing src/main/java/org/apache/log4j/net/JMSSink.java. (bsc#1194842) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-226=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-226=1 Package List: - openSUSE Leap 15.4 (noarch): log4j12-1.2.17-4.9.1 log4j12-javadoc-1.2.17-4.9.1 log4j12-manual-1.2.17-4.9.1 - openSUSE Leap 15.3 (noarch): log4j12-1.2.17-4.9.1 log4j12-javadoc-1.2.17-4.9.1 log4j12-manual-1.2.17-4.9.1 References: https://www.suse.com/security/cve/CVE-2022-23302.html https://www.suse.com/security/cve/CVE-2022-23305.html https://www.suse.com/security/cve/CVE-2022-23307.html https://bugzilla.suse.com/1193184 https://bugzilla.suse.com/1194842 https://bugzilla.suse.com/1194843 https://bugzilla.suse.com/1194844 . The latest patch for openSUSE resolves significant vulnerabilities in log4j12, addressing concerns related to deserialization, SQL injection, and risks of remote code execution.. log4j12 update, openSUSE security, remote code execution, SQL injection, important update. . Severity: Important. LinuxSecurity.com Team
Jan 28, 2022
•Important
OpenSUSE
98
security advisorymoderatesecurity updateRedHat: RHSA-2022-0306-01 Moderate: OpenJDK Security Fixes
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: java-1.8.0-openjdk security update Advisory ID: RHSA-2022:0306-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:0306 Issue date: 2022-01-27 CVE Names: CVE-2022-21248 CVE-2022-21282 CVE-2022-21283 CVE-2022-21293 CVE-2022-21294 CVE-2022-21296 CVE-2022-21299 CVE-2022-21305 CVE-2022-21340 CVE-2022-21341 CVE-2022-21360 CVE-2022-21365 ==================================================================== 1. Summary: An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. SecurityFix(es): * OpenJDK: Incomplete deserialization class filtering in ObjectInputStream (Serialization, 8264934) (CVE-2022-21248) * OpenJDK: Insufficient URI checks in the XSLT TransformerImpl (JAXP, 8270492) (CVE-2022-21282) * OpenJDK: Unexpected exception thrown in regex Pattern (Libraries, 8268813) (CVE-2022-21283) * OpenJDK: Incomplete checks of StringBuffer and StringBuilder during deserialization (Libraries, 8270392) (CVE-2022-21293) * OpenJDK: Incorrect IdentityHashMap size checks during deserialization (Libraries, 8270416) (CVE-2022-21294) * OpenJDK: Incorrect access checks in XMLEntityManager (JAXP, 8270498) (CVE-2022-21296) * OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646) (CVE-2022-21299) * OpenJDK: Array indexing issues in LIRGenerator (Hotspot, 8272014) (CVE-2022-21305) * OpenJDK: Excessive resource use when reading JAR manifest attributes (Libraries, 8272026) (CVE-2022-21340) * OpenJDK: Insufficient checks when deserializing exceptions in ObjectInputStream (Serialization, 8272236) (CVE-2022-21341) * OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8273756) (CVE-2022-21360) * OpenJDK: Integer overflow in BMPImageReader (ImageIO, 8273838) (CVE-2022-21365) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of OpenJDK Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2022809 - Prepare for the next quarterly OpenJDK upstream release (2022-01, 8u322) [rhel-7] 2041400 - CVE-2022-21283 OpenJDK: Unexpected exception thrown in regex Pattern (Libraries, 8268813) 2041417 - CVE-2022-21293 OpenJDK: Incomplete checks of StringBuffer and StringBuilder duringdeserialization (Libraries, 8270392) 2041427 - CVE-2022-21294 OpenJDK: Incorrect IdentityHashMap size checks during deserialization (Libraries, 8270416) 2041435 - CVE-2022-21282 OpenJDK: Insufficient URI checks in the XSLT TransformerImpl (JAXP, 8270492) 2041439 - CVE-2022-21296 OpenJDK: Incorrect access checks in XMLEntityManager (JAXP, 8270498) 2041472 - CVE-2022-21299 OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646) 2041491 - CVE-2022-21360 OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8273756) 2041785 - CVE-2022-21365 OpenJDK: Integer overflow in BMPImageReader (ImageIO, 8273838) 2041801 - CVE-2022-21248 OpenJDK: Incomplete deserialization class filtering in ObjectInputStream (Serialization, 8264934) 2041878 - CVE-2022-21305 OpenJDK: Array indexing issues in LIRGenerator (Hotspot, 8272014) 2041884 - CVE-2022-21340 OpenJDK: Excessive resource use when reading JAR manifest attributes (Libraries, 8272026) 2041897 - CVE-2022-21341 OpenJDK: Insufficient checks when deserializing exceptions in ObjectInputStream (Serialization, 8272236) 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: java-1.8.0-openjdk-1.8.0.322.b06-1.el7_9.src.rpm x86_64: java-1.8.0-openjdk-1.8.0.322.b06-1.el7_9.i686.rpm java-1.8.0-openjdk-1.8.0.322.b06-1.el7_9.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.322.b06-1.el7_9.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.322.b06-1.el7_9.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.322.b06-1.el7_9.i686.rpm java-1.8.0-openjdk-headless-1.8.0.322.b06-1.el7_9.x86_64.rpm Red Hat Enterprise Linux Client Optional (v.7): noarch: java-1.8.0-openjdk-javadoc-1.8.0.322.b06-1.el7_9.noarch.rpm java-1.8.0-openjdk-javadoc-zip-1.8.0.322.b06-1.el7_9.noarch.rpm x86_64: java-1.8.0-openjdk-accessibility-1.8.0.322.b06-1.el7_9.i686.rpm java-1.8.0-openjdk-accessibility-1.8.0.322.b06-1.el7_9.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.322.b06-1.el7_9.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.322.b06-1.el7_9.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.322.b06-1.el7_9.i686.rpm java-1.8.0-openjdk-demo-1.8.0.322.b06-1.el7_9.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.322.b06-1.el7_9.i686.rpm java-1.8.0-openjdk-devel-1.8.0.322.b06-1.el7_9.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.322.b06-1.el7_9.i686.rpm java-1.8.0-openjdk-src-1.8.0.322.b06-1.el7_9.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: java-1.8.0-openjdk-1.8.0.322.b06-1.el7_9.src.rpm x86_64: java-1.8.0-openjdk-1.8.0.322.b06-1.el7_9.i686.rpm java-1.8.0-openjdk-1.8.0.322.b06-1.el7_9.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.322.b06-1.el7_9.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.322.b06-1.el7_9.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.322.b06-1.el7_9.i686.rpm java-1.8.0-openjdk-headless-1.8.0.322.b06-1.el7_9.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: java-1.8.0-openjdk-javadoc-1.8.0.322.b06-1.el7_9.noarch.rpm java-1.8.0-openjdk-javadoc-zip-1.8.0.322.b06-1.el7_9.noarch.rpm x86_64: java-1.8.0-openjdk-accessibility-1.8.0.322.b06-1.el7_9.i686.rpm java-1.8.0-openjdk-accessibility-1.8.0.322.b06-1.el7_9.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.322.b06-1.el7_9.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.322.b06-1.el7_9.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.322.b06-1.el7_9.i686.rpm java-1.8.0-openjdk-demo-1.8.0.322.b06-1.el7_9.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.322.b06-1.el7_9.i686.rpm java-1.8.0-openjdk-devel-1.8.0.322.b06-1.el7_9.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.322.b06-1.el7_9.i686.rpm java-1.8.0-openjdk-src-1.8.0.322.b06-1.el7_9.x86_64.rpm Red Hat Enterprise Linux Server (v.7): Source: java-1.8.0-openjdk-1.8.0.322.b06-1.el7_9.src.rpm ppc64: java-1.8.0-openjdk-1.8.0.322.b06-1.el7_9.ppc64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.322.b06-1.el7_9.ppc64.rpm java-1.8.0-openjdk-devel-1.8.0.322.b06-1.el7_9.ppc64.rpm java-1.8.0-openjdk-headless-1.8.0.322.b06-1.el7_9.ppc64.rpm ppc64le: java-1.8.0-openjdk-1.8.0.322.b06-1.el7_9.ppc64le.rpm java-1.8.0-openjdk-debuginfo-1.8.0.322.b06-1.el7_9.ppc64le.rpm java-1.8.0-openjdk-devel-1.8.0.322.b06-1.el7_9.ppc64le.rpm java-1.8.0-openjdk-headless-1.8.0.322.b06-1.el7_9.ppc64le.rpm s390x: java-1.8.0-openjdk-1.8.0.322.b06-1.el7_9.s390x.rpm java-1.8.0-openjdk-debuginfo-1.8.0.322.b06-1.el7_9.s390x.rpm java-1.8.0-openjdk-devel-1.8.0.322.b06-1.el7_9.s390x.rpm java-1.8.0-openjdk-headless-1.8.0.322.b06-1.el7_9.s390x.rpm x86_64: java-1.8.0-openjdk-1.8.0.322.b06-1.el7_9.i686.rpm java-1.8.0-openjdk-1.8.0.322.b06-1.el7_9.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.322.b06-1.el7_9.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.322.b06-1.el7_9.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.322.b06-1.el7_9.i686.rpm java-1.8.0-openjdk-devel-1.8.0.322.b06-1.el7_9.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.322.b06-1.el7_9.i686.rpm java-1.8.0-openjdk-headless-1.8.0.322.b06-1.el7_9.x86_64.rpm Red Hat Enterprise Linux Server Optional (v.7): noarch: java-1.8.0-openjdk-javadoc-1.8.0.322.b06-1.el7_9.noarch.rpm java-1.8.0-openjdk-javadoc-zip-1.8.0.322.b06-1.el7_9.noarch.rpm ppc64: java-1.8.0-openjdk-accessibility-1.8.0.322.b06-1.el7_9.ppc64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.322.b06-1.el7_9.ppc64.rpm java-1.8.0-openjdk-demo-1.8.0.322.b06-1.el7_9.ppc64.rpm java-1.8.0-openjdk-src-1.8.0.322.b06-1.el7_9.ppc64.rpm ppc64le: java-1.8.0-openjdk-accessibility-1.8.0.322.b06-1.el7_9.ppc64le.rpm java-1.8.0-openjdk-debuginfo-1.8.0.322.b06-1.el7_9.ppc64le.rpm java-1.8.0-openjdk-demo-1.8.0.322.b06-1.el7_9.ppc64le.rpm java-1.8.0-openjdk-src-1.8.0.322.b06-1.el7_9.ppc64le.rpm s390x: java-1.8.0-openjdk-accessibility-1.8.0.322.b06-1.el7_9.s390x.rpm java-1.8.0-openjdk-debuginfo-1.8.0.322.b06-1.el7_9.s390x.rpm java-1.8.0-openjdk-demo-1.8.0.322.b06-1.el7_9.s390x.rpm java-1.8.0-openjdk-src-1.8.0.322.b06-1.el7_9.s390x.rpm x86_64: java-1.8.0-openjdk-accessibility-1.8.0.322.b06-1.el7_9.i686.rpm java-1.8.0-openjdk-accessibility-1.8.0.322.b06-1.el7_9.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.322.b06-1.el7_9.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.322.b06-1.el7_9.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.322.b06-1.el7_9.i686.rpm java-1.8.0-openjdk-demo-1.8.0.322.b06-1.el7_9.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.322.b06-1.el7_9.i686.rpm java-1.8.0-openjdk-src-1.8.0.322.b06-1.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: java-1.8.0-openjdk-1.8.0.322.b06-1.el7_9.src.rpm x86_64: java-1.8.0-openjdk-1.8.0.322.b06-1.el7_9.i686.rpm java-1.8.0-openjdk-1.8.0.322.b06-1.el7_9.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.322.b06-1.el7_9.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.322.b06-1.el7_9.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.322.b06-1.el7_9.i686.rpm java-1.8.0-openjdk-devel-1.8.0.322.b06-1.el7_9.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.322.b06-1.el7_9.i686.rpm java-1.8.0-openjdk-headless-1.8.0.322.b06-1.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v.7): noarch: java-1.8.0-openjdk-javadoc-1.8.0.322.b06-1.el7_9.noarch.rpm java-1.8.0-openjdk-javadoc-zip-1.8.0.322.b06-1.el7_9.noarch.rpm x86_64: java-1.8.0-openjdk-accessibility-1.8.0.322.b06-1.el7_9.i686.rpm java-1.8.0-openjdk-accessibility-1.8.0.322.b06-1.el7_9.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.322.b06-1.el7_9.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.322.b06-1.el7_9.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.322.b06-1.el7_9.i686.rpm java-1.8.0-openjdk-demo-1.8.0.322.b06-1.el7_9.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.322.b06-1.el7_9.i686.rpm java-1.8.0-openjdk-src-1.8.0.322.b06-1.el7_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-21248 https://access.redhat.com/security/cve/CVE-2022-21282 https://access.redhat.com/security/cve/CVE-2022-21283 https://access.redhat.com/security/cve/CVE-2022-21293 https://access.redhat.com/security/cve/CVE-2022-21294 https://access.redhat.com/security/cve/CVE-2022-21296 https://access.redhat.com/security/cve/CVE-2022-21299 https://access.redhat.com/security/cve/CVE-2022-21305 https://access.redhat.com/security/cve/CVE-2022-21340 https://access.redhat.com/security/cve/CVE-2022-21341 https://access.redhat.com/security/cve/CVE-2022-21360 https://access.redhat.com/security/cve/CVE-2022-21365 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYfLjENzjgjWX9erEAQhOwA//W/n4zEYQ2aC2Uj7djTNrrV24gfp04Qna yGFYbVxYhKOAC4/pcEdR5DRqQAoqVCvR4oEkDmsC61Or61/gLgykcOwF02BBT1Ex XwClmnlKHEa5Esb6cwj1r08Ui0YvjRovVXykRWnEY4jdv/duGO586jFld+JhW+Sf OyMYtzVe0g1G1BdoCpRi6G7WhYjbdfPh/kpjK25bb7zWsW6a3qE4cpGJGm97p2/P ZfriCFySz1Cf+SVVjE5HKbL6pTLTK8oaPBxcCScj8Bc7U1FEQNXi316be9DFJZ6Y l2kiQt5Yt9UTwCor/+PQZH4wZw7Bj9I+vch5p7SV6pbR/CimtH5AjQhbDpl+c6vq zjbjxM4HzrUXP969akGdx6Ikh34WZD3BI5UZGrz2p0gbrbGNVptXP0oyi0PZ1VWL 8fmV/jRAYIeAYWO/BnxgpPWFei4snR93U6RYL99I/vx14oxjSnWAyw5RFy1fU/dv cblu+x0FE7LbFH6SYgdaW9D8pVq8xnIteuG9IDj2KjZDZX4N6jYLBiQlilmfv05s gvTCqx55L3UPKIK7riXbMtjnaOUvp3WQlD3LpmgWCP4hmXGrl2Q9nQYZeZimwLm1 Xrqj5OpXkTk99u1m1e1KgHFK7CuCQIqI6e4LAu2YRaxWq2rGDPjz5FIEDAT6sivF v9v8Mf/77M8=EYVY -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jan 27, 2022
Red Hat
98
security advisorymoderatesecurity updateRedHat: RHSA-2022-0245:03 Important: python-3.9 Security Patch Released
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: java-11-openjdk security update Advisory ID: RHSA-2022:0233-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:0233 Issue date: 2022-01-24 CVE Names: CVE-2022-21248 CVE-2022-21277 CVE-2022-21282 CVE-2022-21283 CVE-2022-21291 CVE-2022-21293 CVE-2022-21294 CVE-2022-21296 CVE-2022-21299 CVE-2022-21305 CVE-2022-21340 CVE-2022-21341 CVE-2022-21360 CVE-2022-21365 CVE-2022-21366 ==================================================================== 1. Summary: An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream E4S (v. 8.1) - aarch64, ppc64le, s390x, x86_64 3. Description: The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): * OpenJDK: Incomplete deserialization class filtering in ObjectInputStream (Serialization, 8264934) (CVE-2022-21248) * OpenJDK: Incorrect reading of TIFF files in TIFFNullDecompressor (ImageIO, 8270952) (CVE-2022-21277) * OpenJDK: Insufficient URI checks in the XSLT TransformerImpl(JAXP, 8270492) (CVE-2022-21282) * OpenJDK: Unexpected exception thrown in regex Pattern (Libraries, 8268813) (CVE-2022-21283) * OpenJDK: Incorrect marking of writeable fields (Hotspot, 8270386) (CVE-2022-21291) * OpenJDK: Incomplete checks of StringBuffer and StringBuilder during deserialization (Libraries, 8270392) (CVE-2022-21293) * OpenJDK: Incorrect IdentityHashMap size checks during deserialization (Libraries, 8270416) (CVE-2022-21294) * OpenJDK: Incorrect access checks in XMLEntityManager (JAXP, 8270498) (CVE-2022-21296) * OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646) (CVE-2022-21299) * OpenJDK: Array indexing issues in LIRGenerator (Hotspot, 8272014) (CVE-2022-21305) * OpenJDK: Excessive resource use when reading JAR manifest attributes (Libraries, 8272026) (CVE-2022-21340) * OpenJDK: Insufficient checks when deserializing exceptions in ObjectInputStream (Serialization, 8272236) (CVE-2022-21341) * OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8273756) (CVE-2022-21360) * OpenJDK: Integer overflow in BMPImageReader (ImageIO, 8273838) (CVE-2022-21365) * OpenJDK: Excessive memory allocation in TIFF*Decompressor (ImageIO, 8274096) (CVE-2022-21366) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of OpenJDK Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2041400 - CVE-2022-21283 OpenJDK: Unexpected exception thrown in regex Pattern (Libraries, 8268813) 2041417 - CVE-2022-21293 OpenJDK: Incomplete checks of StringBuffer and StringBuilder during deserialization (Libraries, 8270392) 2041427 - CVE-2022-21294 OpenJDK: Incorrect IdentityHashMap size checksduring deserialization (Libraries, 8270416) 2041435 - CVE-2022-21282 OpenJDK: Insufficient URI checks in the XSLT TransformerImpl (JAXP, 8270492) 2041439 - CVE-2022-21296 OpenJDK: Incorrect access checks in XMLEntityManager (JAXP, 8270498) 2041472 - CVE-2022-21299 OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646) 2041479 - CVE-2022-21277 OpenJDK: Incorrect reading of TIFF files in TIFFNullDecompressor (ImageIO, 8270952) 2041491 - CVE-2022-21360 OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8273756) 2041785 - CVE-2022-21365 OpenJDK: Integer overflow in BMPImageReader (ImageIO, 8273838) 2041789 - CVE-2022-21366 OpenJDK: Excessive memory allocation in TIFF*Decompressor (ImageIO, 8274096) 2041801 - CVE-2022-21248 OpenJDK: Incomplete deserialization class filtering in ObjectInputStream (Serialization, 8264934) 2041831 - CVE-2022-21291 OpenJDK: Incorrect marking of writeable fields (Hotspot, 8270386) 2041878 - CVE-2022-21305 OpenJDK: Array indexing issues in LIRGenerator (Hotspot, 8272014) 2041884 - CVE-2022-21340 OpenJDK: Excessive resource use when reading JAR manifest attributes (Libraries, 8272026) 2041897 - CVE-2022-21341 OpenJDK: Insufficient checks when deserializing exceptions in ObjectInputStream (Serialization, 8272236) 6. Package List: Red Hat Enterprise Linux AppStream E4S (v.8.1): Source: java-11-openjdk-11.0.14.0.9-1.el8_1.src.rpm aarch64: java-11-openjdk-11.0.14.0.9-1.el8_1.aarch64.rpm java-11-openjdk-debuginfo-11.0.14.0.9-1.el8_1.aarch64.rpm java-11-openjdk-debugsource-11.0.14.0.9-1.el8_1.aarch64.rpm java-11-openjdk-demo-11.0.14.0.9-1.el8_1.aarch64.rpm java-11-openjdk-devel-11.0.14.0.9-1.el8_1.aarch64.rpm java-11-openjdk-devel-debuginfo-11.0.14.0.9-1.el8_1.aarch64.rpm java-11-openjdk-devel-slowdebug-debuginfo-11.0.14.0.9-1.el8_1.aarch64.rpm java-11-openjdk-headless-11.0.14.0.9-1.el8_1.aarch64.rpm java-11-openjdk-headless-debuginfo-11.0.14.0.9-1.el8_1.aarch64.rpm java-11-openjdk-headless-slowdebug-debuginfo-11.0.14.0.9-1.el8_1.aarch64.rpm java-11-openjdk-javadoc-11.0.14.0.9-1.el8_1.aarch64.rpm java-11-openjdk-javadoc-zip-11.0.14.0.9-1.el8_1.aarch64.rpm java-11-openjdk-jmods-11.0.14.0.9-1.el8_1.aarch64.rpm java-11-openjdk-slowdebug-debuginfo-11.0.14.0.9-1.el8_1.aarch64.rpm java-11-openjdk-src-11.0.14.0.9-1.el8_1.aarch64.rpm ppc64le: java-11-openjdk-11.0.14.0.9-1.el8_1.ppc64le.rpm java-11-openjdk-debuginfo-11.0.14.0.9-1.el8_1.ppc64le.rpm java-11-openjdk-debugsource-11.0.14.0.9-1.el8_1.ppc64le.rpm java-11-openjdk-demo-11.0.14.0.9-1.el8_1.ppc64le.rpm java-11-openjdk-devel-11.0.14.0.9-1.el8_1.ppc64le.rpm java-11-openjdk-devel-debuginfo-11.0.14.0.9-1.el8_1.ppc64le.rpm java-11-openjdk-devel-slowdebug-debuginfo-11.0.14.0.9-1.el8_1.ppc64le.rpm java-11-openjdk-headless-11.0.14.0.9-1.el8_1.ppc64le.rpm java-11-openjdk-headless-debuginfo-11.0.14.0.9-1.el8_1.ppc64le.rpm java-11-openjdk-headless-slowdebug-debuginfo-11.0.14.0.9-1.el8_1.ppc64le.rpm java-11-openjdk-javadoc-11.0.14.0.9-1.el8_1.ppc64le.rpm java-11-openjdk-javadoc-zip-11.0.14.0.9-1.el8_1.ppc64le.rpm java-11-openjdk-jmods-11.0.14.0.9-1.el8_1.ppc64le.rpm java-11-openjdk-slowdebug-debuginfo-11.0.14.0.9-1.el8_1.ppc64le.rpm java-11-openjdk-src-11.0.14.0.9-1.el8_1.ppc64le.rpm s390x: java-11-openjdk-11.0.14.0.9-1.el8_1.s390x.rpm java-11-openjdk-debuginfo-11.0.14.0.9-1.el8_1.s390x.rpm java-11-openjdk-debugsource-11.0.14.0.9-1.el8_1.s390x.rpm java-11-openjdk-demo-11.0.14.0.9-1.el8_1.s390x.rpm java-11-openjdk-devel-11.0.14.0.9-1.el8_1.s390x.rpm java-11-openjdk-devel-debuginfo-11.0.14.0.9-1.el8_1.s390x.rpm java-11-openjdk-devel-slowdebug-debuginfo-11.0.14.0.9-1.el8_1.s390x.rpm java-11-openjdk-headless-11.0.14.0.9-1.el8_1.s390x.rpm java-11-openjdk-headless-debuginfo-11.0.14.0.9-1.el8_1.s390x.rpm java-11-openjdk-headless-slowdebug-debuginfo-11.0.14.0.9-1.el8_1.s390x.rpm java-11-openjdk-javadoc-11.0.14.0.9-1.el8_1.s390x.rpm java-11-openjdk-javadoc-zip-11.0.14.0.9-1.el8_1.s390x.rpm java-11-openjdk-jmods-11.0.14.0.9-1.el8_1.s390x.rpm java-11-openjdk-slowdebug-debuginfo-11.0.14.0.9-1.el8_1.s390x.rpm java-11-openjdk-src-11.0.14.0.9-1.el8_1.s390x.rpm x86_64: java-11-openjdk-11.0.14.0.9-1.el8_1.x86_64.rpm java-11-openjdk-debuginfo-11.0.14.0.9-1.el8_1.x86_64.rpm java-11-openjdk-debugsource-11.0.14.0.9-1.el8_1.x86_64.rpm java-11-openjdk-demo-11.0.14.0.9-1.el8_1.x86_64.rpm java-11-openjdk-devel-11.0.14.0.9-1.el8_1.x86_64.rpm java-11-openjdk-devel-debuginfo-11.0.14.0.9-1.el8_1.x86_64.rpm java-11-openjdk-devel-slowdebug-debuginfo-11.0.14.0.9-1.el8_1.x86_64.rpm java-11-openjdk-headless-11.0.14.0.9-1.el8_1.x86_64.rpm java-11-openjdk-headless-debuginfo-11.0.14.0.9-1.el8_1.x86_64.rpm java-11-openjdk-headless-slowdebug-debuginfo-11.0.14.0.9-1.el8_1.x86_64.rpm java-11-openjdk-javadoc-11.0.14.0.9-1.el8_1.x86_64.rpm java-11-openjdk-javadoc-zip-11.0.14.0.9-1.el8_1.x86_64.rpm java-11-openjdk-jmods-11.0.14.0.9-1.el8_1.x86_64.rpm java-11-openjdk-slowdebug-debuginfo-11.0.14.0.9-1.el8_1.x86_64.rpm java-11-openjdk-src-11.0.14.0.9-1.el8_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7.References: https://access.redhat.com/security/cve/CVE-2022-21248 https://access.redhat.com/security/cve/CVE-2022-21277 https://access.redhat.com/security/cve/CVE-2022-21282 https://access.redhat.com/security/cve/CVE-2022-21283 https://access.redhat.com/security/cve/CVE-2022-21291 https://access.redhat.com/security/cve/CVE-2022-21293 https://access.redhat.com/security/cve/CVE-2022-21294 https://access.redhat.com/security/cve/CVE-2022-21296 https://access.redhat.com/security/cve/CVE-2022-21299 https://access.redhat.com/security/cve/CVE-2022-21305 https://access.redhat.com/security/cve/CVE-2022-21340 https://access.redhat.com/security/cve/CVE-2022-21341 https://access.redhat.com/security/cve/CVE-2022-21360 https://access.redhat.com/security/cve/CVE-2022-21365 https://access.redhat.com/security/cve/CVE-2022-21366 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYe6LaNzjgjWX9erEAQjRtw/9FQ6GpGud8COcxb9D8+vGGWFJbUYkr8qJ mXQtgIwiCDnBJL4gwIjtkc3VfN49qNmHo22Rj7aTvpcs0BrGv3qJ+uk5H6/IJp55 6pHY4jZ+EV8SG53rCPQbG6/r4Nd9Ppzm8kSIu8SPD75+0mlucxU0IWk/87OVsk4e jGxJ7qCpRDuqPh1e0hSVYsgC6pESOU8I4zGc2Z6xvKY9jO+xKF2lLRRFQApFQ8Q4 Imx5KONsF7SX5auP6WiEWzfRd4/DFiveuV6r2zsptoCMYyNlnymyyfeIMb2ZpXf/ YHZo2tM50E/Te+DwzwbVOzMiQRs2gMGjMeQDhS5jjmKmoPFs55RxSzf8vRkIh4tz OYzELaHFa/So3p5mepqKIk1BMVANjdhq5P+edK6oO8fiXK/1gI63fFh9IT/ywCMC JydW2wQfjAadeVxH8CUS/8Vw78L7AII0kPhNr88mfMWHF9NOekeNI8ruY+83CTQo L8098XMywKhTFSTblDWqkidbbG3+d3nX5UE52kwDjRM6zCwvWkr6Q6XdJ7qybQEM Y5YVzEscjvvQ1NdXBESEYt13wSpFKEKJqE6u2y1GrKn91lSRfswopZpG2H8ndmKn sPccaVztkLhYoRIpbNZzHMXDpPpLQUJV0HCXMK9u7Ri0LYjfHnVGC8EjjJgqLl9R ZHxQsjpDqLE=bGYu -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jan 24, 2022
•Important
Red Hat
197
security advisorydebiandeserialization issueDebian LTS: DLA-2342-1 Moderate: Libjackson-Json-Java Security Fix
Several vulnerabilities were fixed in libjackson-json-java, a Java JSON processor. CVE-2017-7525 . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2342-1
Aug 24, 2020
Debian LTS
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!