Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 455
Alerts This Week
Warning Icon 1 455

SUSE: 2018:2839-2 Moderate: Java-1_8_0-ibm Denial of Service Risk

suse
Calendar Grey October 18, 2018
Dist Suse Esm H88
Debian Security Bulletin: Addresses significant vulnerabilities in python3-requests, preventing potential data exposure risks.
An update that fixes 10 vulnerabilities is now available

Summary

This update for java-1_8_0-ibm to 8.0.5.20 fixes the following security issues: - CVE-2018-2952: Vulnerability in subcomponent: Concurrency. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit (bsc#1104668) - CVE-2018-2940: Vulnerability in subcomponent: Libraries. Easily exploitable vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than

References

#1104668

Cross- CVE-2016-0705 CVE-2017-3732 CVE-2017-3736

CVE-2018-12539 CVE-2018-1517 CVE-2018-1656

CVE-2018-2940 CVE-2018-2952 CVE-2018-2964

CVE-2018-2973

Affected Products:

SUSE Linux Enterprise Server 12-SP2-BCL

https://www.suse.com/security/cve/CVE-2016-0705.html

https://www.suse.com/security/cve/CVE-2017-3732.html

https://www.suse.com/security/cve/CVE-2017-3736.html

https://www.suse.com/security/cve/CVE-2018-12539.html

https://www.suse.com/security/cve/CVE-2018-1517.html

https://www.suse.com/security/cve/CVE-2018-1656.html

https://www.suse.com/security/cve/CVE-2018-2940.html

https://www.suse.com/security/cve/CVE-2018-2952.html

https://www.suse.com/security/cve/CVE-2018-2964.html

Announcement ID: SUSE-SU-2018:2839-2
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.