{"affected":[{"ecosystem_specific":{"binaries":[{"java-1_8_0-ibm":"1.8.0_sr7.0-3.53.1","java-1_8_0-ibm-alsa":"1.8.0_sr7.0-3.53.1","java-1_8_0-ibm-devel":"1.8.0_sr7.0-3.53.1","java-1_8_0-ibm-plugin":"1.8.0_sr7.0-3.53.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Legacy 15 SP3","name":"java-1_8_0-ibm","purl":"pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.8.0_sr7.0-3.53.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-1_8_0-ibm":"1.8.0_sr7.0-3.53.1","java-1_8_0-ibm-alsa":"1.8.0_sr7.0-3.53.1","java-1_8_0-ibm-devel":"1.8.0_sr7.0-3.53.1","java-1_8_0-ibm-plugin":"1.8.0_sr7.0-3.53.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 15-LTSS","name":"java-1_8_0-ibm","purl":"pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.8.0_sr7.0-3.53.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-1_8_0-ibm":"1.8.0_sr7.0-3.53.1","java-1_8_0-ibm-alsa":"1.8.0_sr7.0-3.53.1","java-1_8_0-ibm-devel":"1.8.0_sr7.0-3.53.1","java-1_8_0-ibm-plugin":"1.8.0_sr7.0-3.53.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 15 SP1-BCL","name":"java-1_8_0-ibm","purl":"pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCL"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.8.0_sr7.0-3.53.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-1_8_0-ibm":"1.8.0_sr7.0-3.53.1","java-1_8_0-ibm-alsa":"1.8.0_sr7.0-3.53.1","java-1_8_0-ibm-devel":"1.8.0_sr7.0-3.53.1","java-1_8_0-ibm-plugin":"1.8.0_sr7.0-3.53.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 15 SP1-LTSS","name":"java-1_8_0-ibm","purl":"pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.8.0_sr7.0-3.53.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-1_8_0-ibm":"1.8.0_sr7.0-3.53.1","java-1_8_0-ibm-alsa":"1.8.0_sr7.0-3.53.1","java-1_8_0-ibm-devel":"1.8.0_sr7.0-3.53.1","java-1_8_0-ibm-plugin":"1.8.0_sr7.0-3.53.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 15 SP2-LTSS","name":"java-1_8_0-ibm","purl":"pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.8.0_sr7.0-3.53.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-1_8_0-ibm":"1.8.0_sr7.0-3.53.1","java-1_8_0-ibm-alsa":"1.8.0_sr7.0-3.53.1","java-1_8_0-ibm-devel":"1.8.0_sr7.0-3.53.1","java-1_8_0-ibm-plugin":"1.8.0_sr7.0-3.53.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 15","name":"java-1_8_0-ibm","purl":"pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.8.0_sr7.0-3.53.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-1_8_0-ibm":"1.8.0_sr7.0-3.53.1","java-1_8_0-ibm-alsa":"1.8.0_sr7.0-3.53.1","java-1_8_0-ibm-devel":"1.8.0_sr7.0-3.53.1","java-1_8_0-ibm-plugin":"1.8.0_sr7.0-3.53.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 15 SP1","name":"java-1_8_0-ibm","purl":"pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.8.0_sr7.0-3.53.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-1_8_0-ibm":"1.8.0_sr7.0-3.53.1","java-1_8_0-ibm-alsa":"1.8.0_sr7.0-3.53.1","java-1_8_0-ibm-devel":"1.8.0_sr7.0-3.53.1","java-1_8_0-ibm-plugin":"1.8.0_sr7.0-3.53.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 15 SP2","name":"java-1_8_0-ibm","purl":"pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.8.0_sr7.0-3.53.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-1_8_0-ibm":"1.8.0_sr7.0-3.53.1","java-1_8_0-ibm-alsa":"1.8.0_sr7.0-3.53.1","java-1_8_0-ibm-devel":"1.8.0_sr7.0-3.53.1","java-1_8_0-ibm-plugin":"1.8.0_sr7.0-3.53.1"}]},"package":{"ecosystem":"SUSE:Manager Proxy 4.1","name":"java-1_8_0-ibm","purl":"pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Manager%20Proxy%204.1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.8.0_sr7.0-3.53.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-1_8_0-ibm":"1.8.0_sr7.0-3.53.1","java-1_8_0-ibm-alsa":"1.8.0_sr7.0-3.53.1","java-1_8_0-ibm-devel":"1.8.0_sr7.0-3.53.1","java-1_8_0-ibm-plugin":"1.8.0_sr7.0-3.53.1"}]},"package":{"ecosystem":"SUSE:Manager Retail Branch Server 4.1","name":"java-1_8_0-ibm","purl":"pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.8.0_sr7.0-3.53.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-1_8_0-ibm":"1.8.0_sr7.0-3.53.1","java-1_8_0-ibm-alsa":"1.8.0_sr7.0-3.53.1","java-1_8_0-ibm-devel":"1.8.0_sr7.0-3.53.1","java-1_8_0-ibm-plugin":"1.8.0_sr7.0-3.53.1"}]},"package":{"ecosystem":"SUSE:Manager Server 4.1","name":"java-1_8_0-ibm","purl":"pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Manager%20Server%204.1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.8.0_sr7.0-3.53.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-1_8_0-ibm":"1.8.0_sr7.0-3.53.1","java-1_8_0-ibm-alsa":"1.8.0_sr7.0-3.53.1","java-1_8_0-ibm-devel":"1.8.0_sr7.0-3.53.1","java-1_8_0-ibm-plugin":"1.8.0_sr7.0-3.53.1"}]},"package":{"ecosystem":"SUSE:Enterprise Storage 6","name":"java-1_8_0-ibm","purl":"pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Enterprise%20Storage%206"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.8.0_sr7.0-3.53.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-1_8_0-ibm":"1.8.0_sr7.0-3.53.1","java-1_8_0-ibm-alsa":"1.8.0_sr7.0-3.53.1","java-1_8_0-ibm-devel":"1.8.0_sr7.0-3.53.1","java-1_8_0-ibm-plugin":"1.8.0_sr7.0-3.53.1"}]},"package":{"ecosystem":"SUSE:Enterprise Storage 7","name":"java-1_8_0-ibm","purl":"pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Enterprise%20Storage%207"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.8.0_sr7.0-3.53.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for java-1_8_0-ibm fixes the following issues:\n\n- Update to Java 8.0 Service Refresh 7 Fix Pack 0\n- CVE-2021-41035: before version 0.29.0, the openj9 JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods. (bsc#1194198, bsc#1192052)\n- CVE-2021-35586: Excessive memory allocation in BMPImageReader. (bsc#1191914)\n- CVE-2021-35564: Certificates with end dates too far in the future can corrupt keystore. (bsc#1191913)\n- CVE-2021-35559: Excessive memory allocation in RTFReader. (bsc#1191911)\n- CVE-2021-35556: Excessive memory allocation in RTFParser. (bsc#1191910)\n- CVE-2021-35565: Loop in HttpsServer triggered during TLS session close. (bsc#1191909) \n- CVE-2021-35588: Incomplete validation of inner class references in ClassFileParser. (bsc#1191905)\n- CVE-2021-2341: Fixed a flaw inside the FtpClient. (bsc#1188564)\n- CVE-2021-2369: JAR file handling problem containing multiple MANIFEST.MF files. (bsc#1188565)\n- CVE-2021-2163: Incomplete enforcement of JAR signing disabled algorithms. (bsc#1185055)\n- CVE-2021-35560: Fixed a vulnerability in the component Deployment. (bsc#1191902)\n- CVE-2021-35578: Fixed unexpected exception raised during TLS handshake. (bsc#1191904)\n","id":"SUSE-SU-2022:0108-1","modified":"2022-01-18T10:47:16Z","published":"2022-01-18T10:47:16Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2022/suse-su-20220108-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1185055"},{"type":"REPORT","url":"https://bugzilla.suse.com/1188564"},{"type":"REPORT","url":"https://bugzilla.suse.com/1188565"},{"type":"REPORT","url":"https://bugzilla.suse.com/1191902"},{"type":"REPORT","url":"https://bugzilla.suse.com/1191904"},{"type":"REPORT","url":"https://bugzilla.suse.com/1191905"},{"type":"REPORT","url":"https://bugzilla.suse.com/1191909"},{"type":"REPORT","url":"https://bugzilla.suse.com/1191910"},{"type":"REPORT","url":"https://bugzilla.suse.com/1191911"},{"type":"REPORT","url":"https://bugzilla.suse.com/1191913"},{"type":"REPORT","url":"https://bugzilla.suse.com/1191914"},{"type":"REPORT","url":"https://bugzilla.suse.com/1192052"},{"type":"REPORT","url":"https://bugzilla.suse.com/1194198"},{"type":"REPORT","url":"https://bugzilla.suse.com/1194232"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-2163"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-2341"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-2369"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-35556"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-35559"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-35560"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-35564"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-35565"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-35578"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-35586"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-35588"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-41035"}],"related":["CVE-2021-2163","CVE-2021-2341","CVE-2021-2369","CVE-2021-35556","CVE-2021-35559","CVE-2021-35560","CVE-2021-35564","CVE-2021-35565","CVE-2021-35578","CVE-2021-35586","CVE-2021-35588","CVE-2021-41035"],"summary":"Security update for java-1_8_0-ibm","upstream":["CVE-2021-2163","CVE-2021-2341","CVE-2021-2369","CVE-2021-35556","CVE-2021-35559","CVE-2021-35560","CVE-2021-35564","CVE-2021-35565","CVE-2021-35578","CVE-2021-35586","CVE-2021-35588","CVE-2021-41035"]}