openSUSE 15: java-1_8_0-openj9 / java-1_8_0-openj9-accessibility / etc (SUSE-SU-2022:3092-1)

high Nessus Plugin ID 170232

Language:

Synopsis

The remote openSUSE host is missing one or more security updates.

Description

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3092-1 advisory.

- Updated to OpenJDK 8u345 build 01 with OpenJ9 0.33.0 virtual machine:
- CVE-2022-34169: Fixed an integer truncation issue in the Xalan Java XSLT library that occurred when processing malicious stylesheets (bsc#1201684).
- CVE-2022-21541: Fixed a potential bypass of sandbox restrictions in the Hotspot component (bsc#1201692).
- CVE-2022-21540: Fixed a potential bypass of sandbox restrictions in the Hotspot component (bsc#1201694).

- Updated to OpenJDK 8u332 build 09 with OpenJ9 0.32.0 virtual machine:
- CVE-2021-41041: Failed an issue that could allow unverified methods to be invoked using MethodHandles (bsc#1198935).
- CVE-2022-21426: Fixed a remote partial denial of service issue (component: JAXP) (bsc#1198672).
- CVE-2022-21434: Fixed an issue that could allow a remote attacker to update, insert or delete data (component: Libraries) (bsc#1198674).
- CVE-2022-21443: Fixed a remote partial denial of service issue (component: Libraries) (bsc#1198675).
- CVE-2022-21476: Fixed an issue that could allow unauthorized access to confidential data (component: Libraries) (bsc#1198671).
- CVE-2022-21496: Fixed an issue that could allow a remote attacker to update, insert or delete data (component: JNDI) (bsc#1198673).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1198671

https://bugzilla.suse.com/1198672

https://bugzilla.suse.com/1198673

https://bugzilla.suse.com/1198674

https://bugzilla.suse.com/1198675

https://bugzilla.suse.com/1198935

https://bugzilla.suse.com/1201684

https://bugzilla.suse.com/1201692

https://bugzilla.suse.com/1201694

https://www.suse.com/security/cve/CVE-2021-41041

https://www.suse.com/security/cve/CVE-2022-21426

https://www.suse.com/security/cve/CVE-2022-21434

https://www.suse.com/security/cve/CVE-2022-21443

https://www.suse.com/security/cve/CVE-2022-21476

https://www.suse.com/security/cve/CVE-2022-21496

https://www.suse.com/security/cve/CVE-2022-21540

https://www.suse.com/security/cve/CVE-2022-21541

https://www.suse.com/security/cve/CVE-2022-34169

http://www.nessus.org/u?9db4288c

Plugin Details

Severity: High

ID: 170232

File Name: suse_SU-2022-3092-1.nasl

Version: 1.3

Type: Local

Agent: unix

Published: 1/20/2023

Updated: 6/25/2026

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Tenable Cloud Security, Tenable Self-Hosted Container Security, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3

Percentile: 23.18

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS Score Source: CVE-2022-21496

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2022-34169

Vulnerability Information

CPE: cpe:/o:novell:suse_linux:15

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/6/2022

Vulnerability Publication Date: 4/17/2022

Reference Information

CVE: CVE-2021-41041, CVE-2022-21426, CVE-2022-21434, CVE-2022-21443, CVE-2022-21476, CVE-2022-21496, CVE-2022-21540, CVE-2022-21541, CVE-2022-34169

SuSE: SUSE-SU-2022:3092-1