Security update for java-1_7_1-ibm
Announcement ID: | SUSE-SU-2022:14876-1 |
---|---|
Rating: | moderate |
References: | |
Cross-References: | |
CVSS scores: |
|
Affected Products: |
|
An update that solves 12 vulnerabilities and has two security fixes can now be installed.
Description:
This update for java-1_7_1-ibm fixes the following issues:
- Update to Java 7.1 Service Refresh 5 Fix Pack 0
- CVE-2021-41035: before version 0.29.0, the openj9 JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods. (bsc#1194198, bsc#1192052)
- CVE-2021-35586: Excessive memory allocation in BMPImageReader. (bsc#1191914)
- CVE-2021-35564: Certificates with end dates too far in the future can corrupt keystore. (bsc#1191913)
- CVE-2021-35559: Excessive memory allocation in RTFReader. (bsc#1191911)
- CVE-2021-35556: Excessive memory allocation in RTFParser. (bsc#1191910)
- CVE-2021-35565: Loop in HttpsServer triggered during TLS session close. (bsc#1191909)
- CVE-2021-35588: Incomplete validation of inner class references in ClassFileParser. (bsc#1191905)
- CVE-2021-2341: Fixed a flaw inside the FtpClient. (bsc#1188564)
- CVE-2021-2369: JAR file handling problem containing multiple MANIFEST.MF files. (bsc#1188565)
- CVE-2021-2432: Fixed a vulnerability in the omponent JNDI. (bsc#1188568)
- CVE-2021-2163: Incomplete enforcement of JAR signing disabled algorithms. (bsc#1185055)
- CVE-2021-2388: Fixed a flaw inside the Hotspot component performed range check elimination. (bsc#1188566)
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
SUSE Linux Enterprise Point of Service 11 SP3
zypper in -t patch sleposp3-java-1_7_1-ibm-14876=1
Package List:
-
SUSE Linux Enterprise Point of Service 11 SP3 (i586)
- java-1_7_0-ibm-alsa-1.7.0_sr11.0-65.63.1
- java-1_7_0-ibm-jdbc-1.7.0_sr11.0-65.63.1
- java-1_7_0-ibm-devel-1.7.0_sr11.0-65.63.1
- java-1_7_0-ibm-plugin-1.7.0_sr11.0-65.63.1
-
SUSE Linux Enterprise Point of Service 11 SP3 (nosrc i586)
- java-1_7_0-ibm-1.7.0_sr11.0-65.63.1
References:
- https://www.suse.com/security/cve/CVE-2021-2163.html
- https://www.suse.com/security/cve/CVE-2021-2341.html
- https://www.suse.com/security/cve/CVE-2021-2369.html
- https://www.suse.com/security/cve/CVE-2021-2388.html
- https://www.suse.com/security/cve/CVE-2021-2432.html
- https://www.suse.com/security/cve/CVE-2021-35556.html
- https://www.suse.com/security/cve/CVE-2021-35559.html
- https://www.suse.com/security/cve/CVE-2021-35564.html
- https://www.suse.com/security/cve/CVE-2021-35565.html
- https://www.suse.com/security/cve/CVE-2021-35586.html
- https://www.suse.com/security/cve/CVE-2021-35588.html
- https://www.suse.com/security/cve/CVE-2021-41035.html
- https://bugzilla.suse.com/show_bug.cgi?id=1185055
- https://bugzilla.suse.com/show_bug.cgi?id=1188564
- https://bugzilla.suse.com/show_bug.cgi?id=1188565
- https://bugzilla.suse.com/show_bug.cgi?id=1188566
- https://bugzilla.suse.com/show_bug.cgi?id=1188568
- https://bugzilla.suse.com/show_bug.cgi?id=1191905
- https://bugzilla.suse.com/show_bug.cgi?id=1191909
- https://bugzilla.suse.com/show_bug.cgi?id=1191910
- https://bugzilla.suse.com/show_bug.cgi?id=1191911
- https://bugzilla.suse.com/show_bug.cgi?id=1191913
- https://bugzilla.suse.com/show_bug.cgi?id=1191914
- https://bugzilla.suse.com/show_bug.cgi?id=1192052
- https://bugzilla.suse.com/show_bug.cgi?id=1194198
- https://bugzilla.suse.com/show_bug.cgi?id=1194232