Alerts This Week
Warning Icon 1 637
Alerts This Week
Warning Icon 1 637

openSUSE Leap 15.0: 2018:2206-1 Important: Java 10 Security Issues

opensuse
Calendar Grey August 6, 2018
Dist Opensuse Esm H88
An important update for openSUSE java-10-openjdk fixes multiple issues ensuring enhanced system security amidst threats.
An update that solves four vulnerabilities and has one errata is now available.

Description

This update for OpenJDK 10.0.2 fixes the following security issues:

- CVE-2018-2940: the libraries sub-component contained an easily

exploitable vulnerability that allowed attackers to compromise Java SE

or Java SE Embedded over the network, potentially gaining unauthorized

read access to data that's accessible to the server. [bsc#1101645]

- CVE-2018-2952: the concurrency sub-component contained a difficult to

exploit vulnerability that allowed attackers to compromise Java SE, Java

SE Embedded,

or JRockit over the network. This issue could have been abused to mount

a partial denial-of-service attack on the server. [bsc#1101651]

- CVE-2018-2972: the security sub-component contained a difficult to

exploit vulnerability that allowed attackers to compromise Java SE over

the network, potentially gaining unauthorized access to critical data or

complete access to all Java SE accessible data. [bsc#1101655)

-...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory DoS important network access Java update Java openSUSE

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2018-810=1

Package List

- openSUSE Leap 15.0 (i586 x86_64):

java-10-openjdk-10.0.2.0-lp150.2.3.2

java-10-openjdk-accessibility-10.0.2.0-lp150.2.3.2

java-10-openjdk-accessibility-debuginfo-10.0.2.0-lp150.2.3.2

java-10-openjdk-debuginfo-10.0.2.0-lp150.2.3.2

java-10-openjdk-debugsource-10.0.2.0-lp150.2.3.2

java-10-openjdk-demo-10.0.2.0-lp150.2.3.2

java-10-openjdk-devel-10.0.2.0-lp150.2.3.2

java-10-openjdk-headless-10.0.2.0-lp150.2.3.2

java-10-openjdk-jmods-10.0.2.0-lp150.2.3.2

java-10-openjdk-src-10.0.2.0-lp150.2.3.2

- openSUSE Leap 15.0 (noarch):

java-10-openjdk-javadoc-10.0.2.0-lp150.2.3.2

References

https://www.suse.com/security/cve/CVE-2018-2940.html

https://www.suse.com/security/cve/CVE-2018-2952.html

https://www.suse.com/security/cve/CVE-2018-2972.html

https://www.suse.com/security/cve/CVE-2018-2973.html

https://bugzilla.suse.com/1096420

https://bugzilla.suse.com/1101645

https://bugzilla.suse.com/1101651

https://bugzilla.suse.com/1101655

https://bugzilla.suse.com/1101656

--

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2018:2206-1
Rating: important
Affected Products: openSUSE Leap 15.0 le.

Topics%20covered

Topics Covered

security advisory DoS important network access Java update Java openSUSE

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here