{"affected":[{"ecosystem_specific":{"binaries":[{"java-1_7_0-ibm":"1.7.0_sr11.0-65.63.1","java-1_7_0-ibm-alsa":"1.7.0_sr11.0-65.63.1","java-1_7_0-ibm-devel":"1.7.0_sr11.0-65.63.1","java-1_7_0-ibm-jdbc":"1.7.0_sr11.0-65.63.1","java-1_7_0-ibm-plugin":"1.7.0_sr11.0-65.63.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Point of Sale 11 SP3","name":"java-1_7_0-ibm","purl":"pkg:rpm/suse/java-1_7_0-ibm&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.7.0_sr11.0-65.63.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for java-1_7_1-ibm fixes the following issues:\n\n- Update to Java 7.1 Service Refresh 5 Fix Pack 0\n- CVE-2021-41035: before version 0.29.0, the openj9 JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods. (bsc#1194198, bsc#1192052)\n- CVE-2021-35586: Excessive memory allocation in BMPImageReader. (bsc#1191914)\n- CVE-2021-35564: Certificates with end dates too far in the future can corrupt keystore. (bsc#1191913)\n- CVE-2021-35559: Excessive memory allocation in RTFReader. (bsc#1191911)\n- CVE-2021-35556: Excessive memory allocation in RTFParser. (bsc#1191910)\n- CVE-2021-35565: Loop in HttpsServer triggered during TLS session close. (bsc#1191909) \n- CVE-2021-35588: Incomplete validation of inner class references in ClassFileParser. (bsc#1191905)\n- CVE-2021-2341: Fixed a flaw inside the FtpClient. (bsc#1188564)\n- CVE-2021-2369: JAR file handling problem containing multiple MANIFEST.MF files. (bsc#1188565)\n- CVE-2021-2432: Fixed a vulnerability in the omponent JNDI. (bsc#1188568)\n- CVE-2021-2163: Incomplete enforcement of JAR signing disabled algorithms. (bsc#1185055)\n- CVE-2021-2388: Fixed a flaw inside the Hotspot component performed range check elimination. (bsc#1188566)\n","id":"SUSE-SU-2022:14876-1","modified":"2022-01-18T13:28:58Z","published":"2022-01-18T13:28:58Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2022/suse-su-202214876-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1185055"},{"type":"REPORT","url":"https://bugzilla.suse.com/1188564"},{"type":"REPORT","url":"https://bugzilla.suse.com/1188565"},{"type":"REPORT","url":"https://bugzilla.suse.com/1188566"},{"type":"REPORT","url":"https://bugzilla.suse.com/1188568"},{"type":"REPORT","url":"https://bugzilla.suse.com/1191905"},{"type":"REPORT","url":"https://bugzilla.suse.com/1191909"},{"type":"REPORT","url":"https://bugzilla.suse.com/1191910"},{"type":"REPORT","url":"https://bugzilla.suse.com/1191911"},{"type":"REPORT","url":"https://bugzilla.suse.com/1191913"},{"type":"REPORT","url":"https://bugzilla.suse.com/1191914"},{"type":"REPORT","url":"https://bugzilla.suse.com/1192052"},{"type":"REPORT","url":"https://bugzilla.suse.com/1194198"},{"type":"REPORT","url":"https://bugzilla.suse.com/1194232"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-2163"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-2341"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-2369"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-2388"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-2432"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-35556"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-35559"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-35564"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-35565"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-35586"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-35588"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-41035"}],"related":["CVE-2021-2163","CVE-2021-2341","CVE-2021-2369","CVE-2021-2388","CVE-2021-2432","CVE-2021-35556","CVE-2021-35559","CVE-2021-35564","CVE-2021-35565","CVE-2021-35586","CVE-2021-35588","CVE-2021-41035"],"summary":"Security update for java-1_7_1-ibm","upstream":["CVE-2021-2163","CVE-2021-2341","CVE-2021-2369","CVE-2021-2388","CVE-2021-2432","CVE-2021-35556","CVE-2021-35559","CVE-2021-35564","CVE-2021-35565","CVE-2021-35586","CVE-2021-35588","CVE-2021-41035"]}