Bug 1201643 – VUL-0: java-1_8_0-ibm, java-1_7_1-ibm, java-1_7_0-ibm: IBM Security Update April 2022

Bug 1201643 - VUL-0: java-1_8_0-ibm, java-1_7_1-ibm, java-1_7_0-ibm: IBM Security Update April 2022


Summary:	VUL-0: java-1_8_0-ibm, java-1_7_1-ibm, java-1_7_0-ibm: IBM Security Update Ap...

Status:	RESOLVED DUPLICATE of bug 1198670

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2022-07-19 11:56 UTC by Pedro Monreal Gonzalez
Modified:	2022-08-03 16:24 UTC (History)
CC List:	5 users (show)

See Also:	https://bugzilla.linux.ibm.com/show_bug.cgi?id=199036
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Pedro Monreal Gonzalez 2022-07-19 11:56:51 UTC

IBM Security Update April 2022:
  * https://www.ibm.com/support/pages/java-sdk-security-vulnerabilities
    CVE-2022-21476 CVE-2022-21449 CVE-2022-21496 CVE-2022-21434
    CVE-2022-21426 CVE-2022-21443

New available versions:
  * java-1_8_0-ibm: 8.0.7.10
  * java-1_7_1-ibm: 7.1.5.10
  * java-1_7_0-ibm: 7.0.11.10

Comment 1 Pedro Monreal Gonzalez 2022-07-19 13:46:30 UTC

I'm adding IBM in CC.

Comment 5 Gianluca Gabrielli 2022-07-20 10:57:16 UTC

Hi Pedro, 

We were already tracking them with the following issues since April.

 CVE-2022-21476 -> bsc#1198671
 CVE-2022-21449 -> bsc#1198670
 CVE-2022-21496 -> bsc#1198673
 CVE-2022-21434 -> bsc#1198674
 CVE-2022-21426 -> bsc#1198672
 CVE-2022-21443 -> bsc#1198675

Probably nobody tagged you in them or asked to submit patches, that's our fault. Thanks to proactively submitted yourself.

I close this issue as duplicated.

*** This bug has been marked as a duplicate of bug 1198670 ***

Comment 6 Swamp Workflow Management 2022-07-23 16:16:22 UTC

SUSE-SU-2022:2539-1: An update that solves 8 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1191912,1194931,1198670,1198671,1198672,1198673,1198674,1198675,1201643
CVE References: CVE-2021-35561,CVE-2022-21299,CVE-2022-21426,CVE-2022-21434,CVE-2022-21443,CVE-2022-21449,CVE-2022-21476,CVE-2022-21496
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    java-1_7_1-ibm-1.7.1_sr5.10-38.71.1
SUSE OpenStack Cloud 9 (src):    java-1_7_1-ibm-1.7.1_sr5.10-38.71.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    java-1_7_1-ibm-1.7.1_sr5.10-38.71.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    java-1_7_1-ibm-1.7.1_sr5.10-38.71.1
SUSE Linux Enterprise Server 12-SP5 (src):    java-1_7_1-ibm-1.7.1_sr5.10-38.71.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    java-1_7_1-ibm-1.7.1_sr5.10-38.71.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    java-1_7_1-ibm-1.7.1_sr5.10-38.71.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    java-1_7_1-ibm-1.7.1_sr5.10-38.71.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 7 Swamp Workflow Management 2022-07-23 16:17:53 UTC

SUSE-SU-2022:2540-1: An update that solves 8 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1191912,1194931,1198670,1198671,1198672,1198673,1198674,1198675,1201643
CVE References: CVE-2021-35561,CVE-2022-21299,CVE-2022-21426,CVE-2022-21434,CVE-2022-21443,CVE-2022-21449,CVE-2022-21476,CVE-2022-21496
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    java-1_8_0-ibm-1.8.0_sr7.10-30.90.1
SUSE OpenStack Cloud 9 (src):    java-1_8_0-ibm-1.8.0_sr7.10-30.90.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    java-1_8_0-ibm-1.8.0_sr7.10-30.90.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    java-1_8_0-ibm-1.8.0_sr7.10-30.90.1
SUSE Linux Enterprise Server 12-SP5 (src):    java-1_8_0-ibm-1.8.0_sr7.10-30.90.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    java-1_8_0-ibm-1.8.0_sr7.10-30.90.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    java-1_8_0-ibm-1.8.0_sr7.10-30.90.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    java-1_8_0-ibm-1.8.0_sr7.10-30.90.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 8 Swamp Workflow Management 2022-08-03 16:24:22 UTC

SUSE-SU-2022:2650-1: An update that solves 8 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1191912,1194931,1198670,1198671,1198672,1198673,1198674,1198675,1201643
CVE References: CVE-2021-35561,CVE-2022-21299,CVE-2022-21426,CVE-2022-21434,CVE-2022-21443,CVE-2022-21449,CVE-2022-21476,CVE-2022-21496
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    java-1_8_0-ibm-1.8.0_sr7.10-150000.3.59.1
openSUSE Leap 15.3 (src):    java-1_8_0-ibm-1.8.0_sr7.10-150000.3.59.1
SUSE Manager Server 4.1 (src):    java-1_8_0-ibm-1.8.0_sr7.10-150000.3.59.1
SUSE Manager Retail Branch Server 4.1 (src):    java-1_8_0-ibm-1.8.0_sr7.10-150000.3.59.1
SUSE Manager Proxy 4.1 (src):    java-1_8_0-ibm-1.8.0_sr7.10-150000.3.59.1
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    java-1_8_0-ibm-1.8.0_sr7.10-150000.3.59.1
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    java-1_8_0-ibm-1.8.0_sr7.10-150000.3.59.1
SUSE Linux Enterprise Server for SAP 15 (src):    java-1_8_0-ibm-1.8.0_sr7.10-150000.3.59.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    java-1_8_0-ibm-1.8.0_sr7.10-150000.3.59.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    java-1_8_0-ibm-1.8.0_sr7.10-150000.3.59.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    java-1_8_0-ibm-1.8.0_sr7.10-150000.3.59.1
SUSE Linux Enterprise Server 15-LTSS (src):    java-1_8_0-ibm-1.8.0_sr7.10-150000.3.59.1
SUSE Linux Enterprise Module for Legacy Software 15-SP4 (src):    java-1_8_0-ibm-1.8.0_sr7.10-150000.3.59.1
SUSE Linux Enterprise Module for Legacy Software 15-SP3 (src):    java-1_8_0-ibm-1.8.0_sr7.10-150000.3.59.1
SUSE Enterprise Storage 7 (src):    java-1_8_0-ibm-1.8.0_sr7.10-150000.3.59.1
SUSE Enterprise Storage 6 (src):    java-1_8_0-ibm-1.8.0_sr7.10-150000.3.59.1
SUSE CaaS Platform 4.0 (src):    java-1_8_0-ibm-1.8.0_sr7.10-150000.3.59.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.