SUSE-SU-2022:4290-1

This update for java-1_8_0-ibm fixes the following issues:

CVE-2022-21626: An unauthenticated attacker with network access via HTTPS can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204471).
CVE-2022-21618: An unauthenticated attacker with network access via Kerberos can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204468).
CVE-2022-21619: An unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE (bsc#1204473).
CVE-2022-21628: An unauthenticated attacker with network access via HTTP can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204472).
CVE-2022-21624: An unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise (bsc#1204475).
CVE-2022-39399: An unauthenticated attacker with network access via HTTP can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204480).
Update to Java 8.0 Service Refresh 7 Fix Pack 20 [bsc#1205302]
- Security:
  - The IBM ORB Does Not Support Object-Serialisation Data Filtering
  - Large Allocation In CipherSuite
  - Avoid Evaluating Sslalgorithmconstraints Twice
  - Cache The Results Of Constraint Checks
  - An incorrect ShortBufferException is thrown by IBMJCEPlus, IBMJCEPlusFIPS during cipher update operation
  - Disable SHA-1 Signed Jars For Ea
  - JSSE Performance Improvement
  - Oracle Road Map Kerberos Deprecation Of 3DES And RC4 Encryption
- Java 8/Orb:
  - Upgrade ibmcfw.jar To Version o2228.02
- Class Libraries:
  - Crash In Libjsor.So During An Rdma Failover
  - High CPU Consumption Observed In ZosEventPort$EventHandlerTask.run
  - Update Timezone Information To The Latest tzdata2022c
- Jit Compiler:
  - Crash During JIT Compilation
  - Incorrect JIT Optimization Of Java Code
  - Incorrect Return From Class.isArray()
  - Unexpected ClassCastException
  - Performance Regression When Calling VM Helper Code On X86
- X/Os Extentions:
  - Add RSA-OAEP Cipher Function To IBMJCECCA
Update to Java 8.0 Service Refresh 7 Fix Pack 16
- Java Virtual Machine
  - Assertion failure at ClassLoaderRememberedSet.cpp
  - Assertion failure at StandardAccessBarrier.cpp when -Xgc:concurrentScavenge is set.
  - GC can have unflushed ownable synchronizer objects which can eventually lead to heap corruption and failure when -Xgc:concurrentScavenge is set.
- JIT Compiler:
  - Incorrect JIT optimization of Java code
  - JAVA JIT Power: JIT compile time assert on AIX or LINUXPPC
- Reliability and Serviceability:
  - javacore with 'kill -3' SIGQUIT signal freezes Java process

SUSE-SU-2022:4290-1

Details

Affected Packages

References

Upstream

Related

Ecosystems

Timeline