Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 534
Alerts This Week
Warning Icon 1 534

SUSE Linux Enterprise: Update for Java-1_7_0-ibm Important Security Patch

suse
Calendar Grey November 27, 2018
Dist Suse Esm H88
SUSE Security Patch 2020-4562-1 resolves critical vulnerabilities in openjdk-1_8_0 for SUSE Linux systems. Install the patch promptly.
An update that fixes 7 vulnerabilities is now available

Summary

java-1_7_0-ibm is updated to Java 7.0 Service Refresh 10 Fix Pack 35 (bsc#1116574): * Class Libraries - IJ10934 CVE-2018-13785 - IJ10935 CVE-2018-3136 - IJ10895 CVE-2018-3139 - IJ10932 CVE-2018-3149 - IJ10894 CVE-2018-3180 - IJ10933 CVE-2018-3214 - IJ09315 FLOATING POINT EXCEPTION FROM JAVA.TEXT.DECIMALFORMAT. FORMAT - IJ09088 INTRODUCING A NEW PROPERTY FOR TURKEY TIMEZONE FOR PRODUCTS NOT IDENTIFYING TRT - IJ10800 REMOVE EXPIRING ROOT CERTIFICATES IN IBM JDK’S CACERTS * Java Virtual Machine - IJ10931 CVE-2018-3169 * JIT Compiler - IJ08205 CRASH WHILE COMPILING * Security - IJ10492 'EC KEYSIZE < 384' IS NOT HONORED USING THE 'JDK.TLS.DISABLEDALGORIT HMS' SECURITY PROPERTY - IJ10491 AES/GCM CIPHER – AAD NOT RESET TO UN-INIT STATE AFTER DOFINAL( ) AND INIT( )

References

#1116574

Cross- CVE-2018-13785 CVE-2018-3136 CVE-2018-3139

CVE-2018-3149 CVE-2018-3169 CVE-2018-3180

CVE-2018-3214

Affected Products:

SUSE Linux Enterprise Server 11-SP3-LTSS

SUSE Linux Enterprise Point of Sale 11-SP3

https://www.suse.com/security/cve/CVE-2018-13785.html

https://www.suse.com/security/cve/CVE-2018-3136.html

https://www.suse.com/security/cve/CVE-2018-3139.html

https://www.suse.com/security/cve/CVE-2018-3149.html

https://www.suse.com/security/cve/CVE-2018-3169.html

https://www.suse.com/security/cve/CVE-2018-3180.html

https://www.suse.com/security/cve/CVE-2018-3214.html

https://bugzilla.suse.com/1116574

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2018:3920-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.