Bug 1197126 – VUL-0: java-1_8_0-ibm, java-1_7_1-ibm, java-1_7_0-ibm: IBM Security Update January 2022

Bug 1197126 - VUL-0: java-1_8_0-ibm, java-1_7_1-ibm, java-1_7_0-ibm: IBM Security Update January 2022


Summary:	VUL-0: java-1_8_0-ibm, java-1_7_1-ibm, java-1_7_0-ibm: IBM Security Update Ja...

Status:	NEW

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	unspecified
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/326253/
Whiteboard:	CVSSv3.1:SUSE:CVE-2022-21271:5.3:(AV:...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2022-03-15 12:53 UTC by Pedro Monreal Gonzalez
Modified:	2022-03-29 19:34 UTC (History)
CC List:	7 users (show)

See Also:	https://bugzilla.linux.ibm.com/show_bug.cgi?id=197214
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Pedro Monreal Gonzalez 2022-03-15 12:53:37 UTC

IBM Security Update January 2022:
  * https://www.ibm.com/support/pages/java-sdk-security-vulnerabilities
    CVE-2022-21366, CVE-2022-21365, CVE-2022-21360, CVE-2022-21349
    CVE-2022-21341, CVE-2022-21340, CVE-2022-21305, CVE-2022-21277
    CVE-2022-21299, CVE-2022-21296, CVE-2022-21282, CVE-2022-21294
    CVE-2022-21293, CVE-2022-21291, CVE-2022-21283, CVE-2022-21248
    CVE-2022-21271

New versions:
  * java-1_8_0-ibm: 8.0.7.5
  * java-1_7_1-ibm: 7.1.5.5
  * java-1_7_0-ibm: 7.0.11.5

Comment 1 Pedro Monreal Gonzalez 2022-03-15 16:41:10 UTC

I'm adding also IBM in CC to the bug report.

Comment 4 Gianluca Gabrielli 2022-03-21 10:34:53 UTC

Hi Pedro, do you know if the following packages are affected as well?
 - SUSE:SLE-11:Update/java-1_4_2-ibm
 - SUSE:SLE-11-SP1:Update/java-1_6_0-ibm
 - SUSE:SLE-12:Update/java-1_6_0-ibm

Comment 5 Pedro Monreal Gonzalez 2022-03-21 10:39:18 UTC

(In reply to Gianluca Gabrielli from comment #4)
> Hi Pedro, do you know if the following packages are affected as well?
>  - SUSE:SLE-11:Update/java-1_4_2-ibm
>  - SUSE:SLE-11-SP1:Update/java-1_6_0-ibm
>  - SUSE:SLE-12:Update/java-1_6_0-ibm

Only java-1_7_0-ibm, java-1_7_1-ibm and java-1_8_0-ibm are maintained. Previous versions are not supported anymore.

Comment 6 Marcus Meissner 2022-03-21 13:01:23 UTC

I untagged supportstatus from java-1_4_2-ibm and java-1_6_0-ibm

Comment 7 Swamp Workflow Management 2022-03-23 11:19:02 UTC

SUSE-SU-2022:14926-1: An update that fixes 17 vulnerabilities is now available.

Category: security (important)
Bug References: 1194925,1194926,1194927,1194928,1194929,1194930,1194931,1194932,1194933,1194934,1194935,1194937,1194939,1194940,1194941,1196500,1197126
CVE References: CVE-2022-21248,CVE-2022-21271,CVE-2022-21277,CVE-2022-21282,CVE-2022-21283,CVE-2022-21291,CVE-2022-21293,CVE-2022-21294,CVE-2022-21296,CVE-2022-21299,CVE-2022-21305,CVE-2022-21340,CVE-2022-21341,CVE-2022-21349,CVE-2022-21360,CVE-2022-21365,CVE-2022-21366
JIRA References: 
Sources used:
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    java-1_7_0-ibm-1.7.0_sr11.5-65.66.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 8 Swamp Workflow Management 2022-03-23 14:19:08 UTC

SUSE-SU-2022:14927-1: An update that fixes 17 vulnerabilities is now available.

Category: security (important)
Bug References: 1194925,1194926,1194927,1194928,1194929,1194930,1194931,1194932,1194933,1194934,1194935,1194937,1194939,1194940,1194941,1196500,1197126
CVE References: CVE-2022-21248,CVE-2022-21271,CVE-2022-21277,CVE-2022-21282,CVE-2022-21283,CVE-2022-21291,CVE-2022-21293,CVE-2022-21294,CVE-2022-21296,CVE-2022-21299,CVE-2022-21305,CVE-2022-21340,CVE-2022-21341,CVE-2022-21349,CVE-2022-21360,CVE-2022-21365,CVE-2022-21366
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 11-SP4-LTSS (src):    java-1_7_1-ibm-1.7.1_sr5.5-26.71.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 9 Swamp Workflow Management 2022-03-29 19:22:09 UTC

SUSE-SU-2022:1026-1: An update that solves 17 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1194925,1194926,1194927,1194928,1194929,1194930,1194931,1194932,1194933,1194934,1194935,1194937,1194939,1194940,1194941,1195146,1196500,1197126
CVE References: CVE-2022-21248,CVE-2022-21271,CVE-2022-21277,CVE-2022-21282,CVE-2022-21283,CVE-2022-21291,CVE-2022-21293,CVE-2022-21294,CVE-2022-21296,CVE-2022-21299,CVE-2022-21305,CVE-2022-21340,CVE-2022-21341,CVE-2022-21349,CVE-2022-21360,CVE-2022-21365,CVE-2022-21366
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    java-1_8_0-ibm-1.8.0_sr7.5-30.87.1
SUSE OpenStack Cloud Crowbar 8 (src):    java-1_8_0-ibm-1.8.0_sr7.5-30.87.1
SUSE OpenStack Cloud 9 (src):    java-1_8_0-ibm-1.8.0_sr7.5-30.87.1
SUSE OpenStack Cloud 8 (src):    java-1_8_0-ibm-1.8.0_sr7.5-30.87.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    java-1_8_0-ibm-1.8.0_sr7.5-30.87.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    java-1_8_0-ibm-1.8.0_sr7.5-30.87.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    java-1_8_0-ibm-1.8.0_sr7.5-30.87.1
SUSE Linux Enterprise Server 12-SP5 (src):    java-1_8_0-ibm-1.8.0_sr7.5-30.87.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    java-1_8_0-ibm-1.8.0_sr7.5-30.87.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    java-1_8_0-ibm-1.8.0_sr7.5-30.87.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    java-1_8_0-ibm-1.8.0_sr7.5-30.87.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    java-1_8_0-ibm-1.8.0_sr7.5-30.87.1
HPE Helion Openstack 8 (src):    java-1_8_0-ibm-1.8.0_sr7.5-30.87.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 10 Swamp Workflow Management 2022-03-29 19:27:04 UTC

SUSE-SU-2022:1027-1: An update that solves 17 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1194925,1194926,1194927,1194928,1194929,1194930,1194931,1194932,1194933,1194934,1194935,1194937,1194939,1194940,1194941,1195146,1196500,1197126
CVE References: CVE-2022-21248,CVE-2022-21271,CVE-2022-21277,CVE-2022-21282,CVE-2022-21283,CVE-2022-21291,CVE-2022-21293,CVE-2022-21294,CVE-2022-21296,CVE-2022-21299,CVE-2022-21305,CVE-2022-21340,CVE-2022-21341,CVE-2022-21349,CVE-2022-21360,CVE-2022-21365,CVE-2022-21366
JIRA References: 
Sources used:
SUSE Manager Server 4.1 (src):    java-1_8_0-ibm-1.8.0_sr7.5-150000.3.56.1
SUSE Manager Retail Branch Server 4.1 (src):    java-1_8_0-ibm-1.8.0_sr7.5-150000.3.56.1
SUSE Manager Proxy 4.1 (src):    java-1_8_0-ibm-1.8.0_sr7.5-150000.3.56.1
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    java-1_8_0-ibm-1.8.0_sr7.5-150000.3.56.1
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    java-1_8_0-ibm-1.8.0_sr7.5-150000.3.56.1
SUSE Linux Enterprise Server for SAP 15 (src):    java-1_8_0-ibm-1.8.0_sr7.5-150000.3.56.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    java-1_8_0-ibm-1.8.0_sr7.5-150000.3.56.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    java-1_8_0-ibm-1.8.0_sr7.5-150000.3.56.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    java-1_8_0-ibm-1.8.0_sr7.5-150000.3.56.1
SUSE Linux Enterprise Server 15-LTSS (src):    java-1_8_0-ibm-1.8.0_sr7.5-150000.3.56.1
SUSE Linux Enterprise Module for Legacy Software 15-SP4 (src):    java-1_8_0-ibm-1.8.0_sr7.5-150000.3.56.1
SUSE Linux Enterprise Module for Legacy Software 15-SP3 (src):    java-1_8_0-ibm-1.8.0_sr7.5-150000.3.56.1
SUSE Enterprise Storage 7 (src):    java-1_8_0-ibm-1.8.0_sr7.5-150000.3.56.1
SUSE Enterprise Storage 6 (src):    java-1_8_0-ibm-1.8.0_sr7.5-150000.3.56.1
SUSE CaaS Platform 4.0 (src):    java-1_8_0-ibm-1.8.0_sr7.5-150000.3.56.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 11 Swamp Workflow Management 2022-03-29 19:29:34 UTC

SUSE-SU-2022:1025-1: An update that fixes 17 vulnerabilities is now available.

Category: security (important)
Bug References: 1194925,1194926,1194927,1194928,1194929,1194930,1194931,1194932,1194933,1194934,1194935,1194937,1194939,1194940,1194941,1196500,1197126
CVE References: CVE-2022-21248,CVE-2022-21271,CVE-2022-21277,CVE-2022-21282,CVE-2022-21283,CVE-2022-21291,CVE-2022-21293,CVE-2022-21294,CVE-2022-21296,CVE-2022-21299,CVE-2022-21305,CVE-2022-21340,CVE-2022-21341,CVE-2022-21349,CVE-2022-21360,CVE-2022-21365,CVE-2022-21366
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    java-1_7_1-ibm-1.7.1_sr5.5-38.68.1
SUSE OpenStack Cloud Crowbar 8 (src):    java-1_7_1-ibm-1.7.1_sr5.5-38.68.1
SUSE OpenStack Cloud 9 (src):    java-1_7_1-ibm-1.7.1_sr5.5-38.68.1
SUSE OpenStack Cloud 8 (src):    java-1_7_1-ibm-1.7.1_sr5.5-38.68.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    java-1_7_1-ibm-1.7.1_sr5.5-38.68.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    java-1_7_1-ibm-1.7.1_sr5.5-38.68.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    java-1_7_1-ibm-1.7.1_sr5.5-38.68.1
SUSE Linux Enterprise Server 12-SP5 (src):    java-1_7_1-ibm-1.7.1_sr5.5-38.68.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    java-1_7_1-ibm-1.7.1_sr5.5-38.68.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    java-1_7_1-ibm-1.7.1_sr5.5-38.68.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    java-1_7_1-ibm-1.7.1_sr5.5-38.68.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    java-1_7_1-ibm-1.7.1_sr5.5-38.68.1
HPE Helion Openstack 8 (src):    java-1_7_1-ibm-1.7.1_sr5.5-38.68.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 12 Swamp Workflow Management 2022-03-29 19:34:24 UTC

openSUSE-SU-2022:1027-1: An update that solves 17 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1194925,1194926,1194927,1194928,1194929,1194930,1194931,1194932,1194933,1194934,1194935,1194937,1194939,1194940,1194941,1195146,1196500,1197126
CVE References: CVE-2022-21248,CVE-2022-21271,CVE-2022-21277,CVE-2022-21282,CVE-2022-21283,CVE-2022-21291,CVE-2022-21293,CVE-2022-21294,CVE-2022-21296,CVE-2022-21299,CVE-2022-21305,CVE-2022-21340,CVE-2022-21341,CVE-2022-21349,CVE-2022-21360,CVE-2022-21365,CVE-2022-21366
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    java-1_8_0-ibm-1.8.0_sr7.5-150000.3.56.1
openSUSE Leap 15.3 (src):    java-1_8_0-ibm-1.8.0_sr7.5-150000.3.56.1