SUSE-SU-2022%3A3152-1
This update for java-1_8_0-ibm fixes the following issues: Note: the issues listed below were NOT fixed with the previous update (8.0-7.11). - Update to Java 8.0 Service Refresh 7 Fix Pack 15 (bsc#1202427): - CVE-2022-34169: Fixed an integer truncation issue in the Xalan Java XSLT library that occurred when processing malicious stylesheets (bsc#1201684). - CVE-2022-21549: Fixed an issue that could lead to computing negative random exponentials (bsc#1201685). - CVE-2022-21541: Fixed a potential bypass of sandbox restrictions in the Hotspot component (bsc#1201692). - CVE-2022-21540: Fixed a potential bypass of sandbox restrictions in the Hotspot component (bsc#1201694)..
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SUSE:Linux Enterprise Server 12 SP2-BCL | java-1_8_0-ibm | 0, 0 |
| SUSE:OpenStack Cloud Crowbar 9 | java-1_8_0-ibm | 0, 0 |
| SUSE:Linux Enterprise Server 12 SP3-BCL | java-1_8_0-ibm | 0, 0 |
| SUSE:Linux Enterprise Server 12 SP5 | java-1_8_0-ibm | 0, 0 |
| SUSE:Linux Enterprise Software Development Kit 12 SP5 | java-1_8_0-ibm | 0, 0 |
| SUSE:Linux Enterprise Server 12 SP4-LTSS | java-1_8_0-ibm | 0, 0 |
| SUSE:Linux Enterprise Server for SAP Applications 12 SP5 | java-1_8_0-ibm | 0, 0 |
| SUSE:Linux Enterprise Server for SAP Applications 12 SP4 | java-1_8_0-ibm | 0, 0 |
| SUSE:OpenStack Cloud 9 | java-1_8_0-ibm | 0, 0 |
Timeline
- Sep 7, 2022 CVE Published
- Feb 4, 2026 CVE Updated
References
- https://www.suse.com/support/update/announcement/2022/suse-su-20223152-1/ advisory
- https://bugzilla.suse.com/1201684 report
- https://bugzilla.suse.com/1201685 report
- https://bugzilla.suse.com/1201692 report
- https://bugzilla.suse.com/1201694 report
- https://bugzilla.suse.com/1202427 report
- https://www.suse.com/security/cve/CVE-2022-21540 url
- https://www.suse.com/security/cve/CVE-2022-21541 url
- https://www.suse.com/security/cve/CVE-2022-21549 url
- https://www.suse.com/security/cve/CVE-2022-34169 url