Bugzilla – Bug 1217214
VUL-0: CVE-2023-5676: java-1_8_0-openj9: receiving a signal before initialization may lead to an infinite loop or unexpected crash
Last modified: 2024-03-05 13:17:09 UTC
In Eclipse OpenJ9 before version 0.41.0, the JVM can be forced into an infinite busy hang on a spinlock or a segmentation fault if a shutdown signal (SIGTERM, SIGINT or SIGHUP) is received before the JVM has finished initializing. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5676
We ship the following versions: - SUSE:SLE-15-SP2:Update/java-1_8_0-openj9: openj9-0.40.0 - openSUSE:Factory/java-1_8_0-openj9: openj9-0.40.0 - openSUSE:Backports:SLE-15-SP4/java-11-openj9: openj9-0.23.0 - openSUSE:Backports:SLE-15-SP5/java-11-openj9: openj9-0.23.0 - openSUSE:Backports:SLE-15-SP6/java-11-openj9: openj9-0.23.0 - openSUSE:Factory/java-11-openj9: openj9-0.40.0 - openSUSE:Backports:SLE-15-SP5/java-17-openj9: openj9-0.33.0 - openSUSE:Backports:SLE-15-SP6/java-17-openj9: openj9-0.33.0
https://github.com/eclipse-openj9/openj9/pull/18085
SUSE-SU-2023:4572-1: An update that solves four vulnerabilities and has two security fixes can now be installed. Category: security (important) Bug References: 1204264, 1216339, 1216374, 1216379, 1216640, 1217214 CVE References: CVE-2023-22025, CVE-2023-22067, CVE-2023-22081, CVE-2023-5676 Sources used: NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:4614-1: An update that solves four vulnerabilities and has two security fixes can now be installed. Category: security (important) Bug References: 1204264, 1216339, 1216374, 1216379, 1216640, 1217214 CVE References: CVE-2023-22025, CVE-2023-22067, CVE-2023-22081, CVE-2023-5676 Sources used: NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:4612-1: An update that solves three vulnerabilities can now be installed. Category: security (moderate) Bug References: 1216374, 1216379, 1217214 CVE References: CVE-2023-22067, CVE-2023-22081, CVE-2023-5676 Sources used: openSUSE Leap 15.4 (src): java-1_8_0-openj9-1.8.0.392-150200.3.39.1 openSUSE Leap 15.5 (src): java-1_8_0-openj9-1.8.0.392-150200.3.39.1 SUSE Package Hub 15 15-SP5 (src): java-1_8_0-openj9-1.8.0.392-150200.3.39.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:0479-1: An update that solves seven vulnerabilities can now be installed. Category: security (important) Bug References: 1217214, 1218903, 1218905, 1218906, 1218907, 1218909, 1218911 CVE References: CVE-2023-5676, CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20926, CVE-2024-20945, CVE-2024-20952 Sources used: SUSE Package Hub 15 15-SP5 (src): java-1_8_0-openj9-1.8.0.402-150200.3.42.1 openSUSE Leap 15.5 (src): java-1_8_0-openj9-1.8.0.402-150200.3.42.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Fixed, please close.
Done, closing.