First Last Prev Next    This bug is not in your last search results.
Bug 1205302 - VUL-0: java-1_8_0-ibm, java-1_7_1-ibm, java-1_7_0-ibm: IBM Security Update October 2022
VUL-0: java-1_8_0-ibm, java-1_7_1-ibm, java-1_7_0-ibm: IBM Security Update Oc...
Status: NEW
: 1206455 (view as bug list)
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-11-10 17:24 UTC by Pedro Monreal Gonzalez
Modified: 2023-02-10 20:20 UTC (History)
10 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Pedro Monreal Gonzalez 2022-11-10 17:24:23 UTC 
CVEs listed in https://www.ibm.com/support/pages/java-sdk-security-vulnerabilities
   CVE-2022-21628 CVE-2022-21626 CVE-2022-21618
   CVE-2022-39399 CVE-2022-21624 CVE-2022-21619
Comment 1 Pedro Monreal Gonzalez 2022-11-10 17:25:53 UTC 
Adding Mark Cowley in CC.
Comment 2 Pedro Monreal Gonzalez 2022-11-15 14:00:23 UTC 
The java-1_8_0-ibm version 8.0-7.20 has been released and contains the fixes. I'll submit in a moment.

For java-1_7_1-ibm and java-1_7_1-ibm the fix is still in progress and there is no new versions yet for them. I'll update as soon as available.
Comment 3 Pedro Monreal Gonzalez 2022-11-15 14:00:43 UTC 
I'm adding IBM in CC.
Comment 5 Swamp Workflow Management 2022-11-22 14:27:13 UTC 
SUSE-SU-2022:4166-1: An update that solves 10 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1201684,1201685,1201692,1201694,1202427,1204468,1204471,1204472,1204473,1204475,1204480,1205302
CVE References: CVE-2022-21540,CVE-2022-21541,CVE-2022-21549,CVE-2022-21618,CVE-2022-21619,CVE-2022-21624,CVE-2022-21626,CVE-2022-21628,CVE-2022-34169,CVE-2022-39399
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    java-1_8_0-ibm-1.8.0_sr7.20-150000.3.65.1
openSUSE Leap 15.3 (src):    java-1_8_0-ibm-1.8.0_sr7.20-150000.3.65.1
SUSE Manager Server 4.1 (src):    java-1_8_0-ibm-1.8.0_sr7.20-150000.3.65.1
SUSE Manager Retail Branch Server 4.1 (src):    java-1_8_0-ibm-1.8.0_sr7.20-150000.3.65.1
SUSE Manager Proxy 4.1 (src):    java-1_8_0-ibm-1.8.0_sr7.20-150000.3.65.1
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    java-1_8_0-ibm-1.8.0_sr7.20-150000.3.65.1
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    java-1_8_0-ibm-1.8.0_sr7.20-150000.3.65.1
SUSE Linux Enterprise Server for SAP 15 (src):    java-1_8_0-ibm-1.8.0_sr7.20-150000.3.65.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    java-1_8_0-ibm-1.8.0_sr7.20-150000.3.65.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    java-1_8_0-ibm-1.8.0_sr7.20-150000.3.65.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    java-1_8_0-ibm-1.8.0_sr7.20-150000.3.65.1
SUSE Linux Enterprise Server 15-LTSS (src):    java-1_8_0-ibm-1.8.0_sr7.20-150000.3.65.1
SUSE Linux Enterprise Module for Legacy Software 15-SP4 (src):    java-1_8_0-ibm-1.8.0_sr7.20-150000.3.65.1
SUSE Linux Enterprise Module for Legacy Software 15-SP3 (src):    java-1_8_0-ibm-1.8.0_sr7.20-150000.3.65.1
SUSE Enterprise Storage 7 (src):    java-1_8_0-ibm-1.8.0_sr7.20-150000.3.65.1
SUSE Enterprise Storage 6 (src):    java-1_8_0-ibm-1.8.0_sr7.20-150000.3.65.1
SUSE CaaS Platform 4.0 (src):    java-1_8_0-ibm-1.8.0_sr7.20-150000.3.65.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 6 Swamp Workflow Management 2022-11-29 20:39:39 UTC 
SUSE-SU-2022:4290-1: An update that solves 6 vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1204468,1204471,1204472,1204473,1204475,1204480,1205302
CVE References: CVE-2022-21618,CVE-2022-21619,CVE-2022-21624,CVE-2022-21626,CVE-2022-21628,CVE-2022-39399
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    java-1_8_0-ibm-1.8.0_sr7.20-30.99.1
SUSE OpenStack Cloud 9 (src):    java-1_8_0-ibm-1.8.0_sr7.20-30.99.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    java-1_8_0-ibm-1.8.0_sr7.20-30.99.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    java-1_8_0-ibm-1.8.0_sr7.20-30.99.1
SUSE Linux Enterprise Server 12-SP5 (src):    java-1_8_0-ibm-1.8.0_sr7.20-30.99.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    java-1_8_0-ibm-1.8.0_sr7.20-30.99.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    java-1_8_0-ibm-1.8.0_sr7.20-30.99.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    java-1_8_0-ibm-1.8.0_sr7.20-30.99.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 7 Pedro Monreal Gonzalez 2022-11-30 09:00:29 UTC 
The update for java-1_7_1-ibm to version 7.1.5.16 is listed in [0] but not yet available to download. I will update to this version once available. Regarding java-1_7_0-ibm, there seems to be no version update for it, at least not yet.

[0] https://www.ibm.com/support/pages/java-sdk-security-vulnerabilities
Comment 8 Pedro Monreal Gonzalez 2022-12-15 15:53:52 UTC 
(In reply to Pedro Monreal Gonzalez from comment #7)
> The update for java-1_7_1-ibm to version 7.1.5.16 is listed in [0] but not
> yet available to download. I will update to this version once available.
> Regarding java-1_7_0-ibm, there seems to be no version update for it, at
> least not yet.
> 
> [0] https://www.ibm.com/support/pages/java-sdk-security-vulnerabilities

Looking at the lifecycle dates, it looks like java-1_7_1-ibm and java-1_7_0-ibm reached the EOL in September 2022, see:
  * https://www.ibm.com/support/pages/java-sdk-lifecycle-dates
Comment 10 Pedro Monreal Gonzalez 2022-12-19 09:25:15 UTC 
*** Bug 1206455 has been marked as a duplicate of this bug. ***
Comment 12 Swamp Workflow Management 2022-12-20 17:36:38 UTC 
SUSE-SU-2022:4591-1: An update that solves one vulnerability and has one errata is now available.

Category: security (moderate)
Bug References: 1204703,1205302
CVE References: CVE-2022-3676
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    java-1_7_1-ibm-1.7.1_sr5.15-38.77.1
SUSE OpenStack Cloud 9 (src):    java-1_7_1-ibm-1.7.1_sr5.15-38.77.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    java-1_7_1-ibm-1.7.1_sr5.15-38.77.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    java-1_7_1-ibm-1.7.1_sr5.15-38.77.1
SUSE Linux Enterprise Server 12-SP5 (src):    java-1_7_1-ibm-1.7.1_sr5.15-38.77.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    java-1_7_1-ibm-1.7.1_sr5.15-38.77.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    java-1_7_1-ibm-1.7.1_sr5.15-38.77.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 13 Swamp Workflow Management 2022-12-21 17:24:07 UTC 
SUSE-SU-2022:4602-1: An update that solves one vulnerability and has one errata is now available.

Category: security (moderate)
Bug References: 1204703,1205302
CVE References: CVE-2022-3676
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    java-1_8_0-ibm-1.8.0_sr7.20-30.102.1
SUSE OpenStack Cloud 9 (src):    java-1_8_0-ibm-1.8.0_sr7.20-30.102.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    java-1_8_0-ibm-1.8.0_sr7.20-30.102.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    java-1_8_0-ibm-1.8.0_sr7.20-30.102.1
SUSE Linux Enterprise Server 12-SP5 (src):    java-1_8_0-ibm-1.8.0_sr7.20-30.102.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    java-1_8_0-ibm-1.8.0_sr7.20-30.102.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    java-1_8_0-ibm-1.8.0_sr7.20-30.102.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 14 Swamp Workflow Management 2023-02-10 20:20:59 UTC 
SUSE-SU-2023:0375-1: An update that solves one vulnerability and has one errata is now available.

Category: security (moderate)
Bug References: 1204703,1205302
CVE References: CVE-2022-3676
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    java-1_8_0-ibm-1.8.0_sr7.20-150000.3.68.1
SUSE Linux Enterprise Server for SAP 15-SP3 (src):    java-1_8_0-ibm-1.8.0_sr7.20-150000.3.68.1
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    java-1_8_0-ibm-1.8.0_sr7.20-150000.3.68.1
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    java-1_8_0-ibm-1.8.0_sr7.20-150000.3.68.1
SUSE Linux Enterprise Server 15-SP3-LTSS (src):    java-1_8_0-ibm-1.8.0_sr7.20-150000.3.68.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    java-1_8_0-ibm-1.8.0_sr7.20-150000.3.68.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    java-1_8_0-ibm-1.8.0_sr7.20-150000.3.68.1
SUSE Linux Enterprise Module for Legacy Software 15-SP4 (src):    java-1_8_0-ibm-1.8.0_sr7.20-150000.3.68.1
SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (src):    java-1_8_0-ibm-1.8.0_sr7.20-150000.3.68.1
SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (src):    java-1_8_0-ibm-1.8.0_sr7.20-150000.3.68.1
SUSE Enterprise Storage 7.1 (src):    java-1_8_0-ibm-1.8.0_sr7.20-150000.3.68.1
SUSE Enterprise Storage 7 (src):    java-1_8_0-ibm-1.8.0_sr7.20-150000.3.68.1
SUSE Enterprise Storage 6 (src):    java-1_8_0-ibm-1.8.0_sr7.20-150000.3.68.1
SUSE CaaS Platform 4.0 (src):    java-1_8_0-ibm-1.8.0_sr7.20-150000.3.68.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
First Last Prev Next    This bug is not in your last search results.