Security update for java-1_7_1-ibm

Announcement ID:	SUSE-SU-2022:0166-1
Rating:	moderate
References:	bsc#1185055 bsc#1188564 bsc#1188565 bsc#1188568 bsc#1191905 bsc#1191909 bsc#1191910 bsc#1191911 bsc#1191913 bsc#1191914 bsc#1192052 bsc#1194198 bsc#1194232
Cross-References:	CVE-2021-2163 CVE-2021-2341 CVE-2021-2369 CVE-2021-2432 CVE-2021-35556 CVE-2021-35559 CVE-2021-35564 CVE-2021-35565 CVE-2021-35586 CVE-2021-35588 CVE-2021-41035
CVSS scores:	CVE-2021-2163 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2021-2163 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2021-2341 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2021-2341 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2021-2369 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2021-2369 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2021-2432 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-2432 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-35556 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-35556 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-35559 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-35559 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-35564 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2021-35564 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2021-35565 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-35565 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-35586 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-35586 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-35588 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-35588 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-41035 ( SUSE ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-41035 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:	HPE Helion OpenStack 8 SUSE Linux Enterprise High Performance Computing 12 SP2 SUSE Linux Enterprise High Performance Computing 12 SP3 SUSE Linux Enterprise High Performance Computing 12 SP4 SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3 BCL 12-SP3 SUSE Linux Enterprise Server 12 SP3 ESPOS 12-SP3 SUSE Linux Enterprise Server 12 SP3 LTSS 12-SP3 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Software Development Kit 12 SP5 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9

An update that solves 11 vulnerabilities and has two security fixes can now be installed.

Description:

This update for java-1_7_1-ibm fixes the following issues:

• Update to Java 7.1 Service Refresh 5 Fix Pack 0
• CVE-2021-41035: before version 0.29.0, the openj9 JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods. (bsc#1194198, bsc#1192052)
• CVE-2021-35586: Excessive memory allocation in BMPImageReader. (bsc#1191914)
• CVE-2021-35564: Certificates with end dates too far in the future can corrupt keystore. (bsc#1191913)
• CVE-2021-35559: Excessive memory allocation in RTFReader. (bsc#1191911)
• CVE-2021-35556: Excessive memory allocation in RTFParser. (bsc#1191910)
• CVE-2021-35565: Loop in HttpsServer triggered during TLS session close. (bsc#1191909)
• CVE-2021-35588: Incomplete validation of inner class references in ClassFileParser. (bsc#1191905)
• CVE-2021-2341: Fixed a flaw inside the FtpClient. (bsc#1188564)
• CVE-2021-2369: JAR file handling problem containing multiple MANIFEST.MF files. (bsc#1188565)
• CVE-2021-2432: Fixed a vulnerability in the omponent JNDI. (bsc#1188568)
• CVE-2021-2163: Incomplete enforcement of JAR signing disabled algorithms. (bsc#1185055)

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• HPE Helion OpenStack 8
  zypper in -t patch HPE-Helion-OpenStack-8-2022-166=1
• SUSE OpenStack Cloud 8
  zypper in -t patch SUSE-OpenStack-Cloud-8-2022-166=1
• SUSE OpenStack Cloud 9
  zypper in -t patch SUSE-OpenStack-Cloud-9-2022-166=1
• SUSE OpenStack Cloud Crowbar 8
  zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-166=1
• SUSE OpenStack Cloud Crowbar 9
  zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-166=1
• SUSE Linux Enterprise Server for SAP Applications 12 SP3
  zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-166=1
• SUSE Linux Enterprise Server for SAP Applications 12 SP4
  zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-166=1
• SUSE Linux Enterprise Software Development Kit 12 SP5
  zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-166=1
• SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2
  zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-166=1
• SUSE Linux Enterprise Server 12 SP3 BCL 12-SP3
  zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-166=1
• SUSE Linux Enterprise Server 12 SP3 ESPOS 12-SP3
  zypper in -t patch SUSE-SLE-SERVER-12-SP3-ESPOS-2022-166=1
• SUSE Linux Enterprise Server 12 SP3 LTSS 12-SP3
  zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-166=1
• SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4
  zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2022-166=1
• SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4
  zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-166=1
• SUSE Linux Enterprise Server for SAP Applications 12 SP5
  zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-166=1
• SUSE Linux Enterprise Server 12 SP5
  zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-166=1
• SUSE Linux Enterprise High Performance Computing 12 SP5
  zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-166=1

Package List:

• HPE Helion OpenStack 8 (nosrc x86_64)
  • java-1_7_1-ibm-1.7.1_sr5.0-38.65.1
• HPE Helion OpenStack 8 (x86_64)
  • java-1_7_1-ibm-alsa-1.7.1_sr5.0-38.65.1
  • java-1_7_1-ibm-devel-1.7.1_sr5.0-38.65.1
  • java-1_7_1-ibm-jdbc-1.7.1_sr5.0-38.65.1
  • java-1_7_1-ibm-plugin-1.7.1_sr5.0-38.65.1
• SUSE OpenStack Cloud 8 (nosrc x86_64)
  • java-1_7_1-ibm-1.7.1_sr5.0-38.65.1
• SUSE OpenStack Cloud 8 (x86_64)
  • java-1_7_1-ibm-alsa-1.7.1_sr5.0-38.65.1
  • java-1_7_1-ibm-devel-1.7.1_sr5.0-38.65.1
  • java-1_7_1-ibm-jdbc-1.7.1_sr5.0-38.65.1
  • java-1_7_1-ibm-plugin-1.7.1_sr5.0-38.65.1
• SUSE OpenStack Cloud 9 (nosrc x86_64)
  • java-1_7_1-ibm-1.7.1_sr5.0-38.65.1
• SUSE OpenStack Cloud 9 (x86_64)
  • java-1_7_1-ibm-alsa-1.7.1_sr5.0-38.65.1
  • java-1_7_1-ibm-devel-1.7.1_sr5.0-38.65.1
  • java-1_7_1-ibm-jdbc-1.7.1_sr5.0-38.65.1
  • java-1_7_1-ibm-plugin-1.7.1_sr5.0-38.65.1
• SUSE OpenStack Cloud Crowbar 8 (nosrc x86_64)
  • java-1_7_1-ibm-1.7.1_sr5.0-38.65.1
• SUSE OpenStack Cloud Crowbar 8 (x86_64)
  • java-1_7_1-ibm-alsa-1.7.1_sr5.0-38.65.1
  • java-1_7_1-ibm-devel-1.7.1_sr5.0-38.65.1
  • java-1_7_1-ibm-jdbc-1.7.1_sr5.0-38.65.1
  • java-1_7_1-ibm-plugin-1.7.1_sr5.0-38.65.1
• SUSE OpenStack Cloud Crowbar 9 (nosrc x86_64)
  • java-1_7_1-ibm-1.7.1_sr5.0-38.65.1
• SUSE OpenStack Cloud Crowbar 9 (x86_64)
  • java-1_7_1-ibm-alsa-1.7.1_sr5.0-38.65.1
  • java-1_7_1-ibm-devel-1.7.1_sr5.0-38.65.1
  • java-1_7_1-ibm-jdbc-1.7.1_sr5.0-38.65.1
  • java-1_7_1-ibm-plugin-1.7.1_sr5.0-38.65.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP3 (nosrc ppc64le x86_64)
  • java-1_7_1-ibm-1.7.1_sr5.0-38.65.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP3 (ppc64le x86_64)
  • java-1_7_1-ibm-devel-1.7.1_sr5.0-38.65.1
  • java-1_7_1-ibm-jdbc-1.7.1_sr5.0-38.65.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP3 (x86_64)
  • java-1_7_1-ibm-alsa-1.7.1_sr5.0-38.65.1
  • java-1_7_1-ibm-plugin-1.7.1_sr5.0-38.65.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP4 (nosrc ppc64le x86_64)
  • java-1_7_1-ibm-1.7.1_sr5.0-38.65.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64)
  • java-1_7_1-ibm-devel-1.7.1_sr5.0-38.65.1
  • java-1_7_1-ibm-jdbc-1.7.1_sr5.0-38.65.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP4 (x86_64)
  • java-1_7_1-ibm-alsa-1.7.1_sr5.0-38.65.1
  • java-1_7_1-ibm-plugin-1.7.1_sr5.0-38.65.1
• SUSE Linux Enterprise Software Development Kit 12 SP5 (nosrc)
  • java-1_7_1-ibm-1.7.1_sr5.0-38.65.1
• SUSE Linux Enterprise Software Development Kit 12 SP5 (ppc64le s390x x86_64)
  • java-1_7_1-ibm-devel-1.7.1_sr5.0-38.65.1
• SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (nosrc x86_64)
  • java-1_7_1-ibm-1.7.1_sr5.0-38.65.1
• SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64)
  • java-1_7_1-ibm-alsa-1.7.1_sr5.0-38.65.1
  • java-1_7_1-ibm-devel-1.7.1_sr5.0-38.65.1
  • java-1_7_1-ibm-jdbc-1.7.1_sr5.0-38.65.1
  • java-1_7_1-ibm-plugin-1.7.1_sr5.0-38.65.1
• SUSE Linux Enterprise Server 12 SP3 BCL 12-SP3 (nosrc x86_64)
  • java-1_7_1-ibm-1.7.1_sr5.0-38.65.1
• SUSE Linux Enterprise Server 12 SP3 BCL 12-SP3 (x86_64)
  • java-1_7_1-ibm-alsa-1.7.1_sr5.0-38.65.1
  • java-1_7_1-ibm-devel-1.7.1_sr5.0-38.65.1
  • java-1_7_1-ibm-jdbc-1.7.1_sr5.0-38.65.1
  • java-1_7_1-ibm-plugin-1.7.1_sr5.0-38.65.1
• SUSE Linux Enterprise Server 12 SP3 ESPOS 12-SP3 (nosrc x86_64)
  • java-1_7_1-ibm-1.7.1_sr5.0-38.65.1
• SUSE Linux Enterprise Server 12 SP3 ESPOS 12-SP3 (x86_64)
  • java-1_7_1-ibm-alsa-1.7.1_sr5.0-38.65.1
  • java-1_7_1-ibm-devel-1.7.1_sr5.0-38.65.1
  • java-1_7_1-ibm-jdbc-1.7.1_sr5.0-38.65.1
  • java-1_7_1-ibm-plugin-1.7.1_sr5.0-38.65.1
• SUSE Linux Enterprise Server 12 SP3 LTSS 12-SP3 (nosrc ppc64le s390x x86_64)
  • java-1_7_1-ibm-1.7.1_sr5.0-38.65.1
• SUSE Linux Enterprise Server 12 SP3 LTSS 12-SP3 (ppc64le s390x x86_64)
  • java-1_7_1-ibm-devel-1.7.1_sr5.0-38.65.1
  • java-1_7_1-ibm-jdbc-1.7.1_sr5.0-38.65.1
• SUSE Linux Enterprise Server 12 SP3 LTSS 12-SP3 (x86_64)
  • java-1_7_1-ibm-alsa-1.7.1_sr5.0-38.65.1
  • java-1_7_1-ibm-plugin-1.7.1_sr5.0-38.65.1
• SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (nosrc x86_64)
  • java-1_7_1-ibm-1.7.1_sr5.0-38.65.1
• SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (x86_64)
  • java-1_7_1-ibm-alsa-1.7.1_sr5.0-38.65.1
  • java-1_7_1-ibm-devel-1.7.1_sr5.0-38.65.1
  • java-1_7_1-ibm-jdbc-1.7.1_sr5.0-38.65.1
  • java-1_7_1-ibm-plugin-1.7.1_sr5.0-38.65.1
• SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (nosrc ppc64le s390x x86_64)
  • java-1_7_1-ibm-1.7.1_sr5.0-38.65.1
• SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (ppc64le s390x x86_64)
  • java-1_7_1-ibm-devel-1.7.1_sr5.0-38.65.1
  • java-1_7_1-ibm-jdbc-1.7.1_sr5.0-38.65.1
• SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (x86_64)
  • java-1_7_1-ibm-alsa-1.7.1_sr5.0-38.65.1
  • java-1_7_1-ibm-plugin-1.7.1_sr5.0-38.65.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP5 (nosrc ppc64le x86_64)
  • java-1_7_1-ibm-1.7.1_sr5.0-38.65.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64)
  • java-1_7_1-ibm-devel-1.7.1_sr5.0-38.65.1
  • java-1_7_1-ibm-jdbc-1.7.1_sr5.0-38.65.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64)
  • java-1_7_1-ibm-alsa-1.7.1_sr5.0-38.65.1
  • java-1_7_1-ibm-plugin-1.7.1_sr5.0-38.65.1
• SUSE Linux Enterprise Server 12 SP5 (nosrc ppc64le s390x x86_64)
  • java-1_7_1-ibm-1.7.1_sr5.0-38.65.1
• SUSE Linux Enterprise Server 12 SP5 (ppc64le s390x x86_64)
  • java-1_7_1-ibm-devel-1.7.1_sr5.0-38.65.1
  • java-1_7_1-ibm-jdbc-1.7.1_sr5.0-38.65.1
• SUSE Linux Enterprise Server 12 SP5 (x86_64)
  • java-1_7_1-ibm-alsa-1.7.1_sr5.0-38.65.1
  • java-1_7_1-ibm-plugin-1.7.1_sr5.0-38.65.1
• SUSE Linux Enterprise High Performance Computing 12 SP5 (nosrc x86_64)
  • java-1_7_1-ibm-1.7.1_sr5.0-38.65.1
• SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64)
  • java-1_7_1-ibm-alsa-1.7.1_sr5.0-38.65.1
  • java-1_7_1-ibm-devel-1.7.1_sr5.0-38.65.1
  • java-1_7_1-ibm-jdbc-1.7.1_sr5.0-38.65.1
  • java-1_7_1-ibm-plugin-1.7.1_sr5.0-38.65.1

References:

• https://www.suse.com/security/cve/CVE-2021-2163.html
• https://www.suse.com/security/cve/CVE-2021-2341.html
• https://www.suse.com/security/cve/CVE-2021-2369.html
• https://www.suse.com/security/cve/CVE-2021-2432.html
• https://www.suse.com/security/cve/CVE-2021-35556.html
• https://www.suse.com/security/cve/CVE-2021-35559.html
• https://www.suse.com/security/cve/CVE-2021-35564.html
• https://www.suse.com/security/cve/CVE-2021-35565.html
• https://www.suse.com/security/cve/CVE-2021-35586.html
• https://www.suse.com/security/cve/CVE-2021-35588.html
• https://www.suse.com/security/cve/CVE-2021-41035.html
• https://bugzilla.suse.com/show_bug.cgi?id=1185055
• https://bugzilla.suse.com/show_bug.cgi?id=1188564
• https://bugzilla.suse.com/show_bug.cgi?id=1188565
• https://bugzilla.suse.com/show_bug.cgi?id=1188568
• https://bugzilla.suse.com/show_bug.cgi?id=1191905
• https://bugzilla.suse.com/show_bug.cgi?id=1191909
• https://bugzilla.suse.com/show_bug.cgi?id=1191910
• https://bugzilla.suse.com/show_bug.cgi?id=1191911
• https://bugzilla.suse.com/show_bug.cgi?id=1191913
• https://bugzilla.suse.com/show_bug.cgi?id=1191914
• https://bugzilla.suse.com/show_bug.cgi?id=1192052
• https://bugzilla.suse.com/show_bug.cgi?id=1194198
• https://bugzilla.suse.com/show_bug.cgi?id=1194232