Alerts This Week
Warning Icon 1 560
Alerts This Week
Warning Icon 1 560

openSUSE Leap 15.0: Important Java SE Security Fix 2018:3057-1

opensuse
Calendar Grey October 6, 2018
Dist Opensuse Esm H88
This critical update for Java SE in openSUSE tackles several vulnerabilities designed to mitigate risks associated with unauthorized system entry and potential exploitation.
An update that solves four vulnerabilities and has one errata is now available.

Description

This update for java-1_8_0-openjdk to the jdk8u181 (icedtea 3.9.0) release

fixes the following issues:

These security issues were fixed:

- CVE-2018-2938: Difficult to exploit vulnerability allowed

unauthenticated attacker with network access via multiple protocols to

compromise Java SE. Successful attacks of this vulnerability can result

in takeover of Java SE (bsc#1101644).

- CVE-2018-2940: Vulnerability in subcomponent: Libraries. Easily

exploitable vulnerability allowed unauthenticated attacker with network

access via multiple protocols to compromise Java SE, Java SE Embedded.

Successful attacks require human interaction from a person other than

the attacker. Successful attacks of this vulnerability can result in

unauthorized read access to a subset of Java SE, Java SE Embedded

accessible data (bsc#1101645)

- CVE-2018-2952: Vulnerability in subcomponent: Concurrency. Difficult to

exploit vulnerability allowed...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory security fix network threat important update openSUSE Java SE Java vulnerabilities

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2018-1138=1

Package List

- openSUSE Leap 15.0 (i586 x86_64):

java-1_8_0-openjdk-1.8.0.181-lp150.2.6.1

java-1_8_0-openjdk-accessibility-1.8.0.181-lp150.2.6.1

java-1_8_0-openjdk-debuginfo-1.8.0.181-lp150.2.6.1

java-1_8_0-openjdk-debugsource-1.8.0.181-lp150.2.6.1

java-1_8_0-openjdk-demo-1.8.0.181-lp150.2.6.1

java-1_8_0-openjdk-demo-debuginfo-1.8.0.181-lp150.2.6.1

java-1_8_0-openjdk-devel-1.8.0.181-lp150.2.6.1

java-1_8_0-openjdk-devel-debuginfo-1.8.0.181-lp150.2.6.1

java-1_8_0-openjdk-headless-1.8.0.181-lp150.2.6.1

java-1_8_0-openjdk-headless-debuginfo-1.8.0.181-lp150.2.6.1

java-1_8_0-openjdk-src-1.8.0.181-lp150.2.6.1

- openSUSE Leap 15.0 (noarch):

java-1_8_0-openjdk-javadoc-1.8.0.181-lp150.2.6.1

References

https://www.suse.com/security/cve/CVE-2018-2938.html

https://www.suse.com/security/cve/CVE-2018-2940.html

https://www.suse.com/security/cve/CVE-2018-2952.html

https://www.suse.com/security/cve/CVE-2018-2973.html

https://bugzilla.suse.com/1101644

https://bugzilla.suse.com/1101645

https://bugzilla.suse.com/1101651

https://bugzilla.suse.com/1101656

https://bugzilla.suse.com/1106812

--

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2018:3057-1
Rating: important
Affected Products: openSUSE Leap 15.0 le.

Topics%20covered

Topics Covered

security advisory security fix network threat important update openSUSE Java SE Java vulnerabilities

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here