Bug 1202427 - VUL-0: java-1_8_0-ibm, java-1_7_1-ibm, java-1_7_0-ibm: IBM Security Update July 2022
VUL-0: java-1_8_0-ibm, java-1_7_1-ibm, java-1_7_0-ibm: IBM Security Update Ju...
Status: NEW
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-08-16 09:54 UTC by Pedro Monreal Gonzalez
Modified: 2022-09-07 16:27 UTC (History)
5 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Pedro Monreal Gonzalez 2022-08-16 09:54:39 UTC
* New IBM Java versions available:
    - ibm-java-sdk-8.0-7.11
    - ibm-java-sdk-7.1-5.15
    - ibm-java-sdk-7.0-11.15

* CVE-2022-34169 CVE-2022-21541 CVE-2022-21549 CVE-2022-21540

* https://www.ibm.com/support/pages/java-sdk-security-vulnerabilities#Oracle_July_19_2022_CPU
Comment 1 Pedro Monreal Gonzalez 2022-08-16 10:26:22 UTC
I'm adding IBM in CC.
Comment 5 Pedro Monreal Gonzalez 2022-08-17 10:59:39 UTC
I'm also adding Mark Cowley in CC here.
Comment 6 Mark Cowley 2022-08-17 15:45:33 UTC
(In reply to Pedro Monreal Gonzalez from comment #5)
> I'm also adding Mark Cowley in CC here.

Thank you for adding me for my awareness.
Comment 7 Swamp Workflow Management 2022-08-25 22:17:09 UTC
SUSE-SU-2022:2899-1: An update that solves four vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1201684,1201685,1201692,1201694,1202427
CVE References: CVE-2022-21540,CVE-2022-21541,CVE-2022-21549,CVE-2022-34169
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    java-1_8_0-ibm-1.8.0_sr7.11-30.93.1
SUSE OpenStack Cloud 9 (src):    java-1_8_0-ibm-1.8.0_sr7.11-30.93.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    java-1_8_0-ibm-1.8.0_sr7.11-30.93.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    java-1_8_0-ibm-1.8.0_sr7.11-30.93.1
SUSE Linux Enterprise Server 12-SP5 (src):    java-1_8_0-ibm-1.8.0_sr7.11-30.93.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    java-1_8_0-ibm-1.8.0_sr7.11-30.93.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    java-1_8_0-ibm-1.8.0_sr7.11-30.93.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    java-1_8_0-ibm-1.8.0_sr7.11-30.93.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 8 Swamp Workflow Management 2022-08-25 22:18:12 UTC
SUSE-SU-2022:2898-1: An update that solves four vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1201684,1201685,1201692,1201694,1202427
CVE References: CVE-2022-21540,CVE-2022-21541,CVE-2022-21549,CVE-2022-34169
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    java-1_7_1-ibm-1.7.1_sr5.15-38.74.1
SUSE OpenStack Cloud 9 (src):    java-1_7_1-ibm-1.7.1_sr5.15-38.74.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    java-1_7_1-ibm-1.7.1_sr5.15-38.74.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    java-1_7_1-ibm-1.7.1_sr5.15-38.74.1
SUSE Linux Enterprise Server 12-SP5 (src):    java-1_7_1-ibm-1.7.1_sr5.15-38.74.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    java-1_7_1-ibm-1.7.1_sr5.15-38.74.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    java-1_7_1-ibm-1.7.1_sr5.15-38.74.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    java-1_7_1-ibm-1.7.1_sr5.15-38.74.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 9 Pedro Monreal Gonzalez 2022-08-29 16:20:58 UTC
Hi, security.

There seems to have be an issue here with the version for java-1_8_0-ibm. The version listed in the vulnerabilities report was ibm-java-sdk-8.0-7.11 and it has now changed to ibm-java-sdk-8.0-7.15. Also, this last version was not available when I prepared the update. I'll submit the new version with the corrected CVEs as soon as possible.

Would it be fine if I reopen this same issue or should I open a new one?

TIA
Comment 11 Pedro Monreal Gonzalez 2022-08-30 16:43:04 UTC
Hi, security! New versions submitted.
Comment 12 Swamp Workflow Management 2022-08-31 13:17:59 UTC
SUSE-SU-2022:2949-1: An update that solves four vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1201684,1201685,1201692,1201694,1202427
CVE References: CVE-2022-21540,CVE-2022-21541,CVE-2022-21549,CVE-2022-34169
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    java-1_8_0-ibm-1.8.0_sr7.11-150000.3.62.1
openSUSE Leap 15.3 (src):    java-1_8_0-ibm-1.8.0_sr7.11-150000.3.62.1
SUSE Manager Server 4.1 (src):    java-1_8_0-ibm-1.8.0_sr7.11-150000.3.62.1
SUSE Manager Retail Branch Server 4.1 (src):    java-1_8_0-ibm-1.8.0_sr7.11-150000.3.62.1
SUSE Manager Proxy 4.1 (src):    java-1_8_0-ibm-1.8.0_sr7.11-150000.3.62.1
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    java-1_8_0-ibm-1.8.0_sr7.11-150000.3.62.1
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    java-1_8_0-ibm-1.8.0_sr7.11-150000.3.62.1
SUSE Linux Enterprise Server for SAP 15 (src):    java-1_8_0-ibm-1.8.0_sr7.11-150000.3.62.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    java-1_8_0-ibm-1.8.0_sr7.11-150000.3.62.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    java-1_8_0-ibm-1.8.0_sr7.11-150000.3.62.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    java-1_8_0-ibm-1.8.0_sr7.11-150000.3.62.1
SUSE Linux Enterprise Server 15-LTSS (src):    java-1_8_0-ibm-1.8.0_sr7.11-150000.3.62.1
SUSE Linux Enterprise Module for Legacy Software 15-SP4 (src):    java-1_8_0-ibm-1.8.0_sr7.11-150000.3.62.1
SUSE Linux Enterprise Module for Legacy Software 15-SP3 (src):    java-1_8_0-ibm-1.8.0_sr7.11-150000.3.62.1
SUSE Enterprise Storage 7 (src):    java-1_8_0-ibm-1.8.0_sr7.11-150000.3.62.1
SUSE Enterprise Storage 6 (src):    java-1_8_0-ibm-1.8.0_sr7.11-150000.3.62.1
SUSE CaaS Platform 4.0 (src):    java-1_8_0-ibm-1.8.0_sr7.11-150000.3.62.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 15 Swamp Workflow Management 2022-09-07 16:27:35 UTC
SUSE-SU-2022:3152-1: An update that solves four vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1201684,1201685,1201692,1201694,1202427
CVE References: CVE-2022-21540,CVE-2022-21541,CVE-2022-21549,CVE-2022-34169
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    java-1_8_0-ibm-1.8.0_sr7.15-30.96.1
SUSE OpenStack Cloud 9 (src):    java-1_8_0-ibm-1.8.0_sr7.15-30.96.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    java-1_8_0-ibm-1.8.0_sr7.15-30.96.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    java-1_8_0-ibm-1.8.0_sr7.15-30.96.1
SUSE Linux Enterprise Server 12-SP5 (src):    java-1_8_0-ibm-1.8.0_sr7.15-30.96.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    java-1_8_0-ibm-1.8.0_sr7.15-30.96.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    java-1_8_0-ibm-1.8.0_sr7.15-30.96.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    java-1_8_0-ibm-1.8.0_sr7.15-30.96.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.