SUSE: 2019:0049-2 important: java-1_7_0-openjdk

    Date12 Apr 2019
    CategorySuSE
    752
    Posted ByLinuxSecurity Advisories
    An update that fixes 13 vulnerabilities is now available.
    
       SUSE Security Update: Security update for java-1_7_0-openjdk
    ______________________________________________________________________________
    
    Announcement ID:    SUSE-SU-2019:0049-2
    Rating:             important
    References:         #1101644 #1101645 #1101651 #1101656 #1112142 
                        #1112143 #1112144 #1112146 #1112147 #1112152 
                        #1112153 
    Cross-References:   CVE-2018-13785 CVE-2018-16435 CVE-2018-2938
                        CVE-2018-2940 CVE-2018-2952 CVE-2018-2973
                        CVE-2018-3136 CVE-2018-3139 CVE-2018-3149
                        CVE-2018-3169 CVE-2018-3180 CVE-2018-3214
                        CVE-2018-3639
    Affected Products:
                        SUSE Linux Enterprise Server for SAP 12-SP1
    ______________________________________________________________________________
    
       An update that fixes 13 vulnerabilities is now available.
    
    Description:
    
       This update for java-1_7_0-openjdk to version 7u201 fixes the following
       issues:
    
       Security issues fixed:
    
       - CVE-2018-3136: Manifest better support (bsc#1112142)
       - CVE-2018-3139: Better HTTP Redirection (bsc#1112143)
       - CVE-2018-3149: Enhance JNDI lookups (bsc#1112144)
       - CVE-2018-3169: Improve field accesses (bsc#1112146)
       - CVE-2018-3180: Improve TLS connections stability (bsc#1112147)
       - CVE-2018-3214: Better RIFF reading support (bsc#1112152)
       - CVE-2018-13785: Upgrade JDK 8u to libpng 1.6.35 (bsc#1112153)
       - CVE-2018-16435: heap-based buffer overflow in SetData function in
         cmsIT8LoadFromFile
       - CVE-2018-2938: Support Derby connections (bsc#1101644)
       - CVE-2018-2940: Better stack walking (bsc#1101645)
       - CVE-2018-2952: Exception to Pattern Syntax (bsc#1101651)
       - CVE-2018-2973: Improve LDAP support (bsc#1101656)
       - CVE-2018-3639 cpu speculative store bypass mitigation
    
    
    Patch Instructions:
    
       To install this SUSE Security Update use the SUSE recommended installation methods
       like YaST online_update or "zypper patch".
    
       Alternatively you can run the command listed for your product:
    
       - SUSE Linux Enterprise Server for SAP 12-SP1:
    
          zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-49=1
    
    
    
    Package List:
    
       - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64):
    
          java-1_7_0-openjdk-1.7.0.201-43.18.1
          java-1_7_0-openjdk-debuginfo-1.7.0.201-43.18.1
          java-1_7_0-openjdk-debugsource-1.7.0.201-43.18.1
          java-1_7_0-openjdk-demo-1.7.0.201-43.18.1
          java-1_7_0-openjdk-demo-debuginfo-1.7.0.201-43.18.1
          java-1_7_0-openjdk-devel-1.7.0.201-43.18.1
          java-1_7_0-openjdk-devel-debuginfo-1.7.0.201-43.18.1
          java-1_7_0-openjdk-headless-1.7.0.201-43.18.1
          java-1_7_0-openjdk-headless-debuginfo-1.7.0.201-43.18.1
    
    
    References:
    
       https://www.suse.com/security/cve/CVE-2018-13785.html
       https://www.suse.com/security/cve/CVE-2018-16435.html
       https://www.suse.com/security/cve/CVE-2018-2938.html
       https://www.suse.com/security/cve/CVE-2018-2940.html
       https://www.suse.com/security/cve/CVE-2018-2952.html
       https://www.suse.com/security/cve/CVE-2018-2973.html
       https://www.suse.com/security/cve/CVE-2018-3136.html
       https://www.suse.com/security/cve/CVE-2018-3139.html
       https://www.suse.com/security/cve/CVE-2018-3149.html
       https://www.suse.com/security/cve/CVE-2018-3169.html
       https://www.suse.com/security/cve/CVE-2018-3180.html
       https://www.suse.com/security/cve/CVE-2018-3214.html
       https://www.suse.com/security/cve/CVE-2018-3639.html
       https://bugzilla.suse.com/1101644
       https://bugzilla.suse.com/1101645
       https://bugzilla.suse.com/1101651
       https://bugzilla.suse.com/1101656
       https://bugzilla.suse.com/1112142
       https://bugzilla.suse.com/1112143
       https://bugzilla.suse.com/1112144
       https://bugzilla.suse.com/1112146
       https://bugzilla.suse.com/1112147
       https://bugzilla.suse.com/1112152
       https://bugzilla.suse.com/1112153
    
    _______________________________________________
    sle-security-updates mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://lists.suse.com/mailman/listinfo/sle-security-updates
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    Have you used our RSS feeds?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 4 answer(s).
    /component/communitypolls/?task=poll.vote&format=json
    21
    radio
    [{"id":"77","title":"Yes, for articles","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"78","title":"Yes, for advisories","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"79","title":"Hybrid that contains both","votes":"0","type":"x","order":"3","pct":0,"resources":[]},{"id":"80","title":"No","votes":"0","type":"x","order":"4","pct":0,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.