Lucene search

K
suse
SuseSUSE-SU-2022:2530-1
HistoryJul 22, 2022 - 12:00 a.m.

Security update for java-1_8_0-openjdk (important)

2022-07-2200:00:00
lists.opensuse.org
24

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

An update that fixes 5 vulnerabilities is now available.

Description:

This update for java-1_8_0-openjdk fixes the following issues:

Update to version jdk8u332 - April 2022 CPU (icedtea-3.23.0)

  • CVE-2022-21426: Better XPath expression handling (bsc#1198672)
  • CVE-2022-21443: Improved Object Identification (bsc#1198675)
  • CVE-2022-21434: Better invocation handler handling (bsc#1198674)
  • CVE-2022-21476: Improve Santuario processing (bsc#1198671)
  • CVE-2022-21496: Improve URL supports (bsc#1198673)

And further Security fixes, Import of OpenJDK 8 u332, Backports and Bug
fixes.

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

  • openSUSE Leap 15.4:

    zypper in -t patch openSUSE-SLE-15.4-2022-2530=1

  • openSUSE Leap 15.3:

    zypper in -t patch openSUSE-SLE-15.3-2022-2530=1

  • SUSE Manager Server 4.1:

    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2530=1

  • SUSE Manager Retail Branch Server 4.1:

    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2530=1

  • SUSE Manager Proxy 4.1:

    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2530=1

  • SUSE Linux Enterprise Server for SAP 15-SP2:

    zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2530=1

  • SUSE Linux Enterprise Server for SAP 15-SP1:

    zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2530=1

  • SUSE Linux Enterprise Server for SAP 15:

    zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2530=1

  • SUSE Linux Enterprise Server 15-SP2-LTSS:

    zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2530=1

  • SUSE Linux Enterprise Server 15-SP1-LTSS:

    zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2530=1

  • SUSE Linux Enterprise Server 15-SP1-BCL:

    zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2530=1

  • SUSE Linux Enterprise Server 15-LTSS:

    zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2530=1

  • SUSE Linux Enterprise Module for Legacy Software 15-SP4:

    zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2022-2530=1

  • SUSE Linux Enterprise Module for Legacy Software 15-SP3:

    zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-2530=1

  • SUSE Enterprise Storage 7:

    zypper in -t patch SUSE-Storage-7-2022-2530=1

  • SUSE Enterprise Storage 6:

    zypper in -t patch SUSE-Storage-6-2022-2530=1

  • SUSE CaaS Platform 4.0:

    To install this update, use the SUSE CaaS Platform ‘skuba’ tool. It
    will inform you if it detects new updates and let you then trigger
    updating of the complete cluster in a controlled way.

Rows per page:
1-10 of 451
How to protect your server from attacks?

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

Related for SUSE-SU-2022:2530-1