Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 441
Alerts This Week
Warning Icon 1 441

openSUSE Leap 42.3: 2018:3103-1 Important: Java SE Takeover Risks

opensuse
Calendar Grey October 12, 2018
Dist Opensuse Esm H88
The latest openSUSE update for java-1_8_0-openjdk fixes five critical security vulnerabilities, improving user data safety and system integrity with effective resolutions
An update that fixes 5 vulnerabilities is now available.

Description

This update for java-1_8_0-openjdk to the jdk8u181 (icedtea 3.9.0) release

fixes the following issues:

These security issues were fixed:

- CVE-2018-2938: Difficult to exploit vulnerability allowed

unauthenticated attacker with network access via multiple protocols to

compromise Java SE. Successful attacks of this vulnerability can result

in takeover of Java SE (bsc#1101644).

- CVE-2018-2940: Vulnerability in subcomponent: Libraries. Easily

exploitable vulnerability allowed unauthenticated attacker with network

access via multiple protocols to compromise Java SE, Java SE Embedded.

Successful attacks require human interaction from a person other than

the attacker. Successful attacks of this vulnerability can result in

unauthorized read access to a subset of Java SE, Java SE Embedded

accessible data (bsc#1101645)

- CVE-2018-2952: Vulnerability in subcomponent: Concurrency. Difficult to

exploit vulnerability allowed...

Read the Full Advisory

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-1143=1

Package List

- openSUSE Leap 42.3 (i586 x86_64):

java-1_8_0-openjdk-1.8.0.181-27.1

java-1_8_0-openjdk-accessibility-1.8.0.181-27.1

java-1_8_0-openjdk-debuginfo-1.8.0.181-27.1

java-1_8_0-openjdk-debugsource-1.8.0.181-27.1

java-1_8_0-openjdk-demo-1.8.0.181-27.1

java-1_8_0-openjdk-demo-debuginfo-1.8.0.181-27.1

java-1_8_0-openjdk-devel-1.8.0.181-27.1

java-1_8_0-openjdk-devel-debuginfo-1.8.0.181-27.1

java-1_8_0-openjdk-headless-1.8.0.181-27.1

java-1_8_0-openjdk-headless-debuginfo-1.8.0.181-27.1

java-1_8_0-openjdk-src-1.8.0.181-27.1

- openSUSE Leap 42.3 (noarch):

java-1_8_0-openjdk-javadoc-1.8.0.181-27.1

References

https://www.suse.com/security/cve/CVE-2018-2938.html

https://www.suse.com/security/cve/CVE-2018-2940.html

https://www.suse.com/security/cve/CVE-2018-2952.html

https://www.suse.com/security/cve/CVE-2018-2973.html

https://www.suse.com/security/cve/CVE-2018-3639.html

https://bugzilla.suse.com/1101644

https://bugzilla.suse.com/1101645

https://bugzilla.suse.com/1101651

https://bugzilla.suse.com/1101656

https://bugzilla.suse.com/1106812

--

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2018:3103-1
Rating: important
Affected Products: openSUSE Leap 42.3

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.