SUSE: 2019:1052-1 moderate: java-11-openjdk
Summary
This update for java-11-openjdk to version 11.0.3+7 fixes the following issues: Security issues fixed: - CVE-2019-2602: Fixed excessive use of CPU time in the BigDecimal implementation (bsc#1132728). - CVE-2019-2684: Fixed a flaw in the RMI registry implementation which could lead to selection of an incorrect skeleton class (bsc#1132732). Non-security issues fixed: - Multiple bug fixes and improvements. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1052=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): java-11-openjdk-11.0.3.0-3.21.2 java-11-openjdk-accessibility-11.0.3.0-3.21.2 java-11-openjdk-accessibility-debuginfo-11.0.3.0-3.21.2 java-11-openjdk-debuginfo-11.0.3.0-3.21.2 java-11-openjdk-debugsource-11.0.3.0-3.21.2 java-11-openjdk-demo-11.0.3.0-3.21.2 java-11-openjdk-devel-11.0.3.0-3.21.2 java-11-openjdk-headless-11.0.3.0-3.21.2 java-11-openjdk-jmods-11.0.3.0-3.21.2 java-11-openjdk-src-11.0.3.0-3.21.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): java-11-openjdk-javadoc-11.0.3.0-3.21.2
References
#1132728 #1132732
Cross- CVE-2019-2602 CVE-2019-2684
Affected Products:
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15
https://www.suse.com/security/cve/CVE-2019-2602.html
https://www.suse.com/security/cve/CVE-2019-2684.html
https://bugzilla.suse.com/1132728
https://bugzilla.suse.com/1132732