{"affected":[{"ecosystem_specific":{"binaries":[{"java-1_8_0-ibm":"1.8.0_sr8.35-30.129.1","java-1_8_0-ibm-alsa":"1.8.0_sr8.35-30.129.1","java-1_8_0-ibm-devel":"1.8.0_sr8.35-30.129.1","java-1_8_0-ibm-plugin":"1.8.0_sr8.35-30.129.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP5-LTSS","name":"java-1_8_0-ibm","purl":"pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.8.0_sr8.35-30.129.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-1_8_0-ibm":"1.8.0_sr8.35-30.129.1","java-1_8_0-ibm-alsa":"1.8.0_sr8.35-30.129.1","java-1_8_0-ibm-devel":"1.8.0_sr8.35-30.129.1","java-1_8_0-ibm-plugin":"1.8.0_sr8.35-30.129.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server LTSS Extended Security 12 SP5","name":"java-1_8_0-ibm","purl":"pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.8.0_sr8.35-30.129.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for java-1_8_0-ibm fixes the following issues:\n\nUpdated to Java 8.0 Service Refresh 8 Fix Pack 35 with Oracle October 15 2024 CPU (bsc#1232064):\n- CVE-2024-21208: Fixed partial DoS in component Networking (bsc#1231702,JDK-8328286)\n- CVE-2024-21210: Fixed unauthorized update, insert or delete access to some of Oracle Java SE accessible data in component Hotspot (bsc#1231711,JDK-8328544)\n- CVE-2024-21217: Fixed partial DoS in component Serialization (bsc#1231716,JDK-8331446)\n- CVE-2024-21235: Fixed unauthorized read/write access to data in component Hotspot (bsc#1231719,JDK-8332644)\n\nOther issues fixed in past releases:\n- CVE-2024-3933: Fixed evaluate constant byteLenNode of arrayCopyChild (bsc#1225470)","id":"SUSE-SU-2024:4252-1","modified":"2024-12-06T15:40:23Z","published":"2024-12-06T15:40:23Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2024/suse-su-20244252-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1225470"},{"type":"REPORT","url":"https://bugzilla.suse.com/1231702"},{"type":"REPORT","url":"https://bugzilla.suse.com/1231711"},{"type":"REPORT","url":"https://bugzilla.suse.com/1231716"},{"type":"REPORT","url":"https://bugzilla.suse.com/1231719"},{"type":"REPORT","url":"https://bugzilla.suse.com/1232064"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-21208"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-21210"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-21217"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-21235"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-3933"}],"related":["CVE-2024-21208","CVE-2024-21210","CVE-2024-21217","CVE-2024-21235","CVE-2024-3933"],"summary":"Security update for java-1_8_0-ibm","upstream":["CVE-2024-21208","CVE-2024-21210","CVE-2024-21217","CVE-2024-21235","CVE-2024-3933"]}