Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 531
Alerts This Week
Warning Icon 1 531

SUSE 15: 2018:3045-1 Important: Java Security Issues Fixed

suse
Calendar Grey October 5, 2018
Scroller Suse Esm H88
SUSE Security Patch resolves significant vulnerabilities in python3, safeguarding system resilience and protection. Discover further details.
An update that solves four vulnerabilities and has one errata is now available

Summary

This update for java-1_8_0-openjdk to the jdk8u181 (icedtea 3.9.0) release fixes the following issues: These security issues were fixed: - CVE-2018-2938: Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE (bsc#1101644). - CVE-2018-2940: Vulnerability in subcomponent: Libraries. Easily exploitable vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded

References

#1101644 #1101645 #1101651 #1101656 #1106812

Cross- CVE-2018-2938 CVE-2018-2940 CVE-2018-2952

CVE-2018-2973

Affected Products:

SUSE Linux Enterprise Module for Legacy Software 15

https://www.suse.com/security/cve/CVE-2018-2938.html

https://www.suse.com/security/cve/CVE-2018-2940.html

https://www.suse.com/security/cve/CVE-2018-2952.html

https://www.suse.com/security/cve/CVE-2018-2973.html

https://bugzilla.suse.com/1101644

https://bugzilla.suse.com/1101645

https://bugzilla.suse.com/1101651

https://bugzilla.suse.com/1101656

https://bugzilla.suse.com/1106812

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2018:3045-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.