Bug 1201643 - VUL-0: java-1_8_0-ibm, java-1_7_1-ibm, java-1_7_0-ibm: IBM Security Update April 2022
VUL-0: java-1_8_0-ibm, java-1_7_1-ibm, java-1_7_0-ibm: IBM Security Update Ap...
Status: RESOLVED DUPLICATE of bug 1198670
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-07-19 11:56 UTC by Pedro Monreal Gonzalez
Modified: 2022-08-03 16:24 UTC (History)
5 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Pedro Monreal Gonzalez 2022-07-19 11:56:51 UTC
IBM Security Update April 2022:
  * https://www.ibm.com/support/pages/java-sdk-security-vulnerabilities
    CVE-2022-21476 CVE-2022-21449 CVE-2022-21496 CVE-2022-21434
    CVE-2022-21426 CVE-2022-21443

New available versions:
  * java-1_8_0-ibm: 8.0.7.10
  * java-1_7_1-ibm: 7.1.5.10
  * java-1_7_0-ibm: 7.0.11.10
Comment 1 Pedro Monreal Gonzalez 2022-07-19 13:46:30 UTC
I'm adding IBM in CC.
Comment 5 Gianluca Gabrielli 2022-07-20 10:57:16 UTC
Hi Pedro, 

We were already tracking them with the following issues since April.

 CVE-2022-21476 -> bsc#1198671
 CVE-2022-21449 -> bsc#1198670
 CVE-2022-21496 -> bsc#1198673
 CVE-2022-21434 -> bsc#1198674
 CVE-2022-21426 -> bsc#1198672
 CVE-2022-21443 -> bsc#1198675

Probably nobody tagged you in them or asked to submit patches, that's our fault. Thanks to proactively submitted yourself.

I close this issue as duplicated.

*** This bug has been marked as a duplicate of bug 1198670 ***
Comment 6 Swamp Workflow Management 2022-07-23 16:16:22 UTC
SUSE-SU-2022:2539-1: An update that solves 8 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1191912,1194931,1198670,1198671,1198672,1198673,1198674,1198675,1201643
CVE References: CVE-2021-35561,CVE-2022-21299,CVE-2022-21426,CVE-2022-21434,CVE-2022-21443,CVE-2022-21449,CVE-2022-21476,CVE-2022-21496
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    java-1_7_1-ibm-1.7.1_sr5.10-38.71.1
SUSE OpenStack Cloud 9 (src):    java-1_7_1-ibm-1.7.1_sr5.10-38.71.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    java-1_7_1-ibm-1.7.1_sr5.10-38.71.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    java-1_7_1-ibm-1.7.1_sr5.10-38.71.1
SUSE Linux Enterprise Server 12-SP5 (src):    java-1_7_1-ibm-1.7.1_sr5.10-38.71.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    java-1_7_1-ibm-1.7.1_sr5.10-38.71.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    java-1_7_1-ibm-1.7.1_sr5.10-38.71.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    java-1_7_1-ibm-1.7.1_sr5.10-38.71.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 7 Swamp Workflow Management 2022-07-23 16:17:53 UTC
SUSE-SU-2022:2540-1: An update that solves 8 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1191912,1194931,1198670,1198671,1198672,1198673,1198674,1198675,1201643
CVE References: CVE-2021-35561,CVE-2022-21299,CVE-2022-21426,CVE-2022-21434,CVE-2022-21443,CVE-2022-21449,CVE-2022-21476,CVE-2022-21496
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    java-1_8_0-ibm-1.8.0_sr7.10-30.90.1
SUSE OpenStack Cloud 9 (src):    java-1_8_0-ibm-1.8.0_sr7.10-30.90.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    java-1_8_0-ibm-1.8.0_sr7.10-30.90.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    java-1_8_0-ibm-1.8.0_sr7.10-30.90.1
SUSE Linux Enterprise Server 12-SP5 (src):    java-1_8_0-ibm-1.8.0_sr7.10-30.90.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    java-1_8_0-ibm-1.8.0_sr7.10-30.90.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    java-1_8_0-ibm-1.8.0_sr7.10-30.90.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    java-1_8_0-ibm-1.8.0_sr7.10-30.90.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 8 Swamp Workflow Management 2022-08-03 16:24:22 UTC
SUSE-SU-2022:2650-1: An update that solves 8 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1191912,1194931,1198670,1198671,1198672,1198673,1198674,1198675,1201643
CVE References: CVE-2021-35561,CVE-2022-21299,CVE-2022-21426,CVE-2022-21434,CVE-2022-21443,CVE-2022-21449,CVE-2022-21476,CVE-2022-21496
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    java-1_8_0-ibm-1.8.0_sr7.10-150000.3.59.1
openSUSE Leap 15.3 (src):    java-1_8_0-ibm-1.8.0_sr7.10-150000.3.59.1
SUSE Manager Server 4.1 (src):    java-1_8_0-ibm-1.8.0_sr7.10-150000.3.59.1
SUSE Manager Retail Branch Server 4.1 (src):    java-1_8_0-ibm-1.8.0_sr7.10-150000.3.59.1
SUSE Manager Proxy 4.1 (src):    java-1_8_0-ibm-1.8.0_sr7.10-150000.3.59.1
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    java-1_8_0-ibm-1.8.0_sr7.10-150000.3.59.1
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    java-1_8_0-ibm-1.8.0_sr7.10-150000.3.59.1
SUSE Linux Enterprise Server for SAP 15 (src):    java-1_8_0-ibm-1.8.0_sr7.10-150000.3.59.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    java-1_8_0-ibm-1.8.0_sr7.10-150000.3.59.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    java-1_8_0-ibm-1.8.0_sr7.10-150000.3.59.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    java-1_8_0-ibm-1.8.0_sr7.10-150000.3.59.1
SUSE Linux Enterprise Server 15-LTSS (src):    java-1_8_0-ibm-1.8.0_sr7.10-150000.3.59.1
SUSE Linux Enterprise Module for Legacy Software 15-SP4 (src):    java-1_8_0-ibm-1.8.0_sr7.10-150000.3.59.1
SUSE Linux Enterprise Module for Legacy Software 15-SP3 (src):    java-1_8_0-ibm-1.8.0_sr7.10-150000.3.59.1
SUSE Enterprise Storage 7 (src):    java-1_8_0-ibm-1.8.0_sr7.10-150000.3.59.1
SUSE Enterprise Storage 6 (src):    java-1_8_0-ibm-1.8.0_sr7.10-150000.3.59.1
SUSE CaaS Platform 4.0 (src):    java-1_8_0-ibm-1.8.0_sr7.10-150000.3.59.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.