What Are You Looking For?

Sign Up
   SUSE Security Update: Security update for java-1_7_1-ibm
______________________________________________________________________________

Announcement ID:    SUSE-SU-2018:2583-1
Rating:             important
References:         #1104668 
Cross-References:   CVE-2018-12539 CVE-2018-1517 CVE-2018-1656
                    CVE-2018-2940 CVE-2018-2952 CVE-2018-2973
                   
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 11-SP4
                    SUSE Linux Enterprise Server 11-SP4
______________________________________________________________________________

   An update that fixes 6 vulnerabilities is now available.

Description:

   This update for java-1_7_1-ibm to version 7.1.4.30 fixes the following
   issues:

   Security issues fixed:

   - CVE-2018-1517: Fixed a flaw in the java.math component in IBM SDK, which
     may allow an attacker to inflict a denial-of-service attack with
     specially crafted String data.
   - CVE-2018-1656: Protect against path traversal attacks when extracting
     compressed dump files.
   - CVE-2018-2940: Fixed an easily exploitable vulnerability in the
     libraries subcomponent, which allowed unauthenticated attackers with
     network access via multiple protocols to compromise the Java SE, leading
     to unauthorized read access.
   - CVE-2018-2952: Fixed an easily exploitable vulnerability in the
     concurrency subcomponent, which allowed unauthenticated attackers with
     network access via multiple protocols to compromise the Java SE, leading
     to denial of service.
   - CVE-2018-2973: Fixed a difficult to exploit vulnerability in the JSSE
     subcomponent, which allowed unauthenticated attackers with network
     access via SSL/TLS to compromise the Java SE, leading to unauthorized
     creation, deletion or modification access to critical data.
   - CVE-2018-12539: Fixed a vulnerability in which users other than the
     process
     owner may be able to use Java Attach API to connect to the IBM JVM on
      the same machine and use Attach API operations, including the ability
      to execute untrusted arbitrary code.

   Other changes made:

   - Various JIT/JVM crash fixes
   - Version update to 7.1.4.30 (bsc#1104668)

   You can find detailed information about this update
   [here](https://developer.ibm.com/javasdk/support/security-vulnerabilities/#
   IBM_Security_Update_August_2018).


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 11-SP4:

      zypper in -t patch sdksp4-java-1_7_1-ibm-13766=1

   - SUSE Linux Enterprise Server 11-SP4:

      zypper in -t patch slessp4-java-1_7_1-ibm-13766=1



Package List:

   - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ppc64 s390x x86_64):

      java-1_7_1-ibm-devel-1.7.1_sr4.30-26.29.1

   - SUSE Linux Enterprise Server 11-SP4 (i586 ppc64 s390x x86_64):

      java-1_7_1-ibm-1.7.1_sr4.30-26.29.1
      java-1_7_1-ibm-jdbc-1.7.1_sr4.30-26.29.1

   - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64):

      java-1_7_1-ibm-alsa-1.7.1_sr4.30-26.29.1
      java-1_7_1-ibm-plugin-1.7.1_sr4.30-26.29.1


References:

   https://www.suse.com/security/cve/CVE-2018-12539.html
   https://www.suse.com/security/cve/CVE-2018-1517.html
   https://www.suse.com/security/cve/CVE-2018-1656.html
   https://www.suse.com/security/cve/CVE-2018-2940.html
   https://www.suse.com/security/cve/CVE-2018-2952.html
   https://www.suse.com/security/cve/CVE-2018-2973.html
   https://bugzilla.suse.com/1104668

SUSE: 2018:2583-1 important: java-1_7_1-ibm

August 31, 2018
An update that fixes 6 vulnerabilities is now available

Summary

This update for java-1_7_1-ibm to version 7.1.4.30 fixes the following issues: Security issues fixed: - CVE-2018-1517: Fixed a flaw in the java.math component in IBM SDK, which may allow an attacker to inflict a denial-of-service attack with specially crafted String data. - CVE-2018-1656: Protect against path traversal attacks when extracting compressed dump files. - CVE-2018-2940: Fixed an easily exploitable vulnerability in the libraries subcomponent, which allowed unauthenticated attackers with network access via multiple protocols to compromise the Java SE, leading to unauthorized read access. - CVE-2018-2952: Fixed an easily exploitable vulnerability in the concurrency subcomponent, which allowed unauthenticated attackers with network access via multiple protocols to compromise the Java SE, leading to denial of service. - CVE-2018-2973: Fixed a difficult to exploit vulnerability in the JSSE subcomponent, which allowed unauthenticated attackers with network access via SSL/TLS to compromise the Java SE, leading to unauthorized creation, deletion or modification access to critical data. - CVE-2018-12539: Fixed a vulnerability in which users other than the process owner may be able to use Java Attach API to connect to the IBM JVM on the same machine and use Attach API operations, including the ability to execute untrusted arbitrary code. Other changes made: - Various JIT/JVM crash fixes - Version update to 7.1.4.30 (bsc#1104668) You can find detailed information about this update [here](https://developer.ibm.com/javasdk/support/security-vulnerabilities/# IBM_Security_Update_August_2018). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-java-1_7_1-ibm-13766=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-java-1_7_1-ibm-13766=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ppc64 s390x x86_64): java-1_7_1-ibm-devel-1.7.1_sr4.30-26.29.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ppc64 s390x x86_64): java-1_7_1-ibm-1.7.1_sr4.30-26.29.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.30-26.29.1 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.30-26.29.1 java-1_7_1-ibm-plugin-1.7.1_sr4.30-26.29.1

References

#1104668

Cross- CVE-2018-12539 CVE-2018-1517 CVE-2018-1656

CVE-2018-2940 CVE-2018-2952 CVE-2018-2973

Affected Products:

SUSE Linux Enterprise Software Development Kit 11-SP4

SUSE Linux Enterprise Server 11-SP4

https://www.suse.com/security/cve/CVE-2018-12539.html

https://www.suse.com/security/cve/CVE-2018-1517.html

https://www.suse.com/security/cve/CVE-2018-1656.html

https://www.suse.com/security/cve/CVE-2018-2940.html

https://www.suse.com/security/cve/CVE-2018-2952.html

https://www.suse.com/security/cve/CVE-2018-2973.html

https://bugzilla.suse.com/1104668

Severity
Announcement ID: SUSE-SU-2018:2583-1
Rating: important

Related News

Krasue RAT Malware Hides on Linux Servers Using Embedded Rootkits

Dec 7, 2023

Kali vs. ParrotOS: 2 Versatile Linux Distros for Security Pros

Dec 9, 2023

Kali Linux 2023.4 Released With New Hacking Tools

Dec 6, 2023

Severe Firefox, Thunderbird Bugs Could Lead to System Takeover

Dec 2, 2023

News

Advisories

HOWTOs

Features

Password Guessing as an Attack Vector
Using Open Source to Ensure Compliance & Data Integrity through Data Governance
Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management

About Us

Powered By

Footer Logo