Bugzilla – Bug 1224164
VUL-0: CVE-2023-38264: java-openjdk,java-ibm: IBM JDK: Object Request Broker (ORB) denial of service
Last modified: 2024-05-29 20:30:08 UTC
The IBM SDK, Java Technology Edition's Object Request Broker (ORB) is vulnerable to a denial of service attack in some circumstances due to improper enforcement of the JEP 290 MaxRef and MaxDepth deserialization filters. IBM Security Update May 2024: https://www.ibm.com/support/pages/java-sdk-security-vulnerabilities#IBM_Security_Update_May_2024 https://www.ibm.com/support/pages/apar/IX90196 https://www.ibm.com/support/pages/node/7150727 References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38264 https://bugzilla.redhat.com/show_bug.cgi?id=2279963
A new IBM Java version has been released, this is ibm-java-x86_64-sdk-8.0-8.25, I'll submit the update to this version.
SUSE-SU-2024:1845-1: An update that solves six vulnerabilities and has one security fix can now be installed. Category: security (important) Bug References: 1222979, 1222983, 1222984, 1222986, 1222987, 1223470, 1224164 CVE References: CVE-2023-38264, CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-21085, CVE-2024-21094 Maintenance Incident: [SUSE:Maintenance:33980](https://smelt.suse.de/incident/33980/) Sources used: NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.