openSUSE: 2019:0043-1 Important Patch For openJDK Buffer Overflow
opensuse
January 12, 2019
An update that fixes 9 vulnerabilities is now available.
Description
This update for java-1_8_0-openjdk to version 8u191 fixes the following
issues:
Security issues fixed:
- CVE-2018-3136: Manifest better support (bsc#1112142)
- CVE-2018-3139: Better HTTP Redirection (bsc#1112143)
- CVE-2018-3149: Enhance JNDI lookups (bsc#1112144)
- CVE-2018-3169: Improve field accesses (bsc#1112146)
- CVE-2018-3180: Improve TLS connections stability (bsc#1112147)
- CVE-2018-3214: Better RIFF reading support (bsc#1112152)
- CVE-2018-13785: Upgrade JDK 8u to libpng 1.6.35 (bsc#1112153)
- CVE-2018-3183: Improve script engine support (bsc#1112148)
- CVE-2018-16435: heap-based buffer overflow in SetData function in
cmsIT8LoadFromFile
This update was imported from the SUSE:SLE-15:Update update project.
Patch
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2019-43=1
- openSUSE Leap 15.0:
zypper in -t patch openSUSE-2019-43=1
Package List
- openSUSE Leap 42.3 (i586 x86_64):
java-1_8_0-openjdk-1.8.0.191-30.1
java-1_8_0-openjdk-accessibility-1.8.0.191-30.1
java-1_8_0-openjdk-debuginfo-1.8.0.191-30.1
java-1_8_0-openjdk-debugsource-1.8.0.191-30.1
java-1_8_0-openjdk-demo-1.8.0.191-30.1
java-1_8_0-openjdk-demo-debuginfo-1.8.0.191-30.1
java-1_8_0-openjdk-devel-1.8.0.191-30.1
java-1_8_0-openjdk-devel-debuginfo-1.8.0.191-30.1
java-1_8_0-openjdk-headless-1.8.0.191-30.1
java-1_8_0-openjdk-headless-debuginfo-1.8.0.191-30.1
java-1_8_0-openjdk-src-1.8.0.191-30.1
- openSUSE Leap 42.3 (noarch):
java-1_8_0-openjdk-javadoc-1.8.0.191-30.1
- openSUSE Leap 15.0 (i586 x86_64):
java-1_8_0-openjdk-1.8.0.191-lp150.2.9.2
java-1_8_0-openjdk-accessibility-1.8.0.191-lp150.2.9.2
java-1_8_0-openjdk-debuginfo-1.8.0.191-lp150.2.9.2
java-1_8_0-openjdk-debugsource-1.8.0.191-lp150.2.9.2
java-1_8_0-openjdk-demo-1.8.0.191-lp150.2.9.2
java-1_8_0-openjdk-demo-debuginfo-1.8.0.191-lp150.2.9.2
java-1_8_0-openjdk-devel-1.8.0.191-lp150.2.9.2
java-1_8_0-openjdk-devel-debuginfo-1.8.0.191...
Read the Full AdvisoryReferences
https://www.suse.com/security/cve/CVE-2018-13785.html
https://www.suse.com/security/cve/CVE-2018-16435.html
https://www.suse.com/security/cve/CVE-2018-3136.html
https://www.suse.com/security/cve/CVE-2018-3139.html
https://www.suse.com/security/cve/CVE-2018-3149.html
https://www.suse.com/security/cve/CVE-2018-3169.html
https://www.suse.com/security/cve/CVE-2018-3180.html
https://www.suse.com/security/cve/CVE-2018-3183.html
https://www.suse.com/security/cve/CVE-2018-3214.html
https://bugzilla.suse.com/1112142
https://bugzilla.suse.com/1112143
https://bugzilla.suse.com/1112144
https://bugzilla.suse.com/1112146
https://bugzilla.suse.com/1112147
https://bugzilla.suse.com/1112148
https://bugzilla.suse.com/1112152
https://bugzilla.suse.com/1112153
--
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: openSUSE-SU-2019:0043-1
Rating: important
Affected Products:
openSUSE Leap 42.3
openSUSE Leap 15.0
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!