What Are You Looking For?

Sign Up

   SUSE Security Update: Security update for java-1_8_0-ibm
______________________________________________________________________________

Announcement ID:    SUSE-SU-2020:2453-1
Rating:             moderate
References:         #1174157 #1175259 
Cross-References:   CVE-2019-17639 CVE-2020-14556 CVE-2020-14577
                    CVE-2020-14578 CVE-2020-14579 CVE-2020-14581
                    CVE-2020-14583 CVE-2020-14593 CVE-2020-14621
                   
Affected Products:
                    SUSE Linux Enterprise Server for SAP 15
                    SUSE Linux Enterprise Server 15-LTSS
                    SUSE Linux Enterprise Module for Legacy Software 15-SP2
                    SUSE Linux Enterprise Module for Legacy Software 15-SP1
______________________________________________________________________________

   An update that fixes 9 vulnerabilities is now available.

Description:

   This update for java-1_8_0-ibm fixes the following issues:

   - Update to Java 8.0 Service Refresh 6 Fix Pack 15 [bsc#1175259,
     bsc#1174157] CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14581
     CVE-2020-14556 CVE-2020-14621 CVE-2020-14593 CVE-2020-14583
     CVE-2019-17639
     * Class Libraries:
       - JAVA.UTIL.ZIP.DEFLATER OPERATIONS THROW JAVA.LANG.INTERNALERROR
       - JAVA 8 DECODER OBJECTS CONSUME A LARGE AMOUNT OF JAVA HEAP
       - TRANSLATION MESSAGES UPDATE FOR JCL
       - UPDATE TIMEZONE INFORMATION TO TZDATA2020A
     * Java Virtual Machine:
       - IBM JAVA REGISTERS A HANDLER BY DEFAULT FOR SIGABRT
       - LARGE MEMORY FOOTPRINT HELD BY TRACECONTEXT OBJECT
     * JIT Compiler:
       - CRASH IN THE INTERPRETER AFTER OSR FROM INLINED SYNCHRONIZED METHOD
         IN DEBUGGING MODE
       - INTERMITTENT ASSERTION FAILURE REPORTED
       - CRASH IN RESOLVECLASSREF() DURING AOT LOAD
       - JIT CRASH DURING CLASS UNLOADING IN J9METHOD_HT::ONCLASSUNLOADING()
       - SEGMENTATION FAULT WHILE COMPILING A METHOD
       - UNEXPECTED CLASSCASTEXCEPTION THROWN IN HIGH LEVEL PARALLEL
         APPLICATION ON IBM Z PLATFORM
     * Security:
       - CERTIFICATEEXCEPTION OCCURS WHEN FILE.ENCODING PROPERTY SET TO NON
         DEFAULT VALUE
       - CHANGES TO IBMJCE AND IBMJCEPLUS PROVIDERS
       - IBMJCEPLUS FAILS, WHEN THE SECURITY MANAGER IS ENABLED, WITH DEFAULT
         PERMISSIONS, SPECIFIED IN JAVA.POLICY FILE
       - IN CERTAIN INSTANCES, IBMJCEPLUS PROVIDER THROWS EXCEPTION FROM
         KEYFACTORY CLASS


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server for SAP 15:

      zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2453=1

   - SUSE Linux Enterprise Server 15-LTSS:

      zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2453=1

   - SUSE Linux Enterprise Module for Legacy Software 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2020-2453=1

   - SUSE Linux Enterprise Module for Legacy Software 15-SP1:

      zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2020-2453=1



Package List:

   - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):

      java-1_8_0-ibm-1.8.0_sr6.15-3.41.1
      java-1_8_0-ibm-devel-1.8.0_sr6.15-3.41.1

   - SUSE Linux Enterprise Server for SAP 15 (x86_64):

      java-1_8_0-ibm-alsa-1.8.0_sr6.15-3.41.1
      java-1_8_0-ibm-plugin-1.8.0_sr6.15-3.41.1

   - SUSE Linux Enterprise Server 15-LTSS (s390x):

      java-1_8_0-ibm-1.8.0_sr6.15-3.41.1
      java-1_8_0-ibm-devel-1.8.0_sr6.15-3.41.1

   - SUSE Linux Enterprise Module for Legacy Software 15-SP2 (ppc64le s390x x86_64):

      java-1_8_0-ibm-1.8.0_sr6.15-3.41.1
      java-1_8_0-ibm-devel-1.8.0_sr6.15-3.41.1

   - SUSE Linux Enterprise Module for Legacy Software 15-SP2 (x86_64):

      java-1_8_0-ibm-alsa-1.8.0_sr6.15-3.41.1
      java-1_8_0-ibm-plugin-1.8.0_sr6.15-3.41.1

   - SUSE Linux Enterprise Module for Legacy Software 15-SP1 (ppc64le s390x x86_64):

      java-1_8_0-ibm-1.8.0_sr6.15-3.41.1
      java-1_8_0-ibm-devel-1.8.0_sr6.15-3.41.1

   - SUSE Linux Enterprise Module for Legacy Software 15-SP1 (x86_64):

      java-1_8_0-ibm-alsa-1.8.0_sr6.15-3.41.1
      java-1_8_0-ibm-plugin-1.8.0_sr6.15-3.41.1


References:

   https://www.suse.com/security/cve/CVE-2019-17639.html
   https://www.suse.com/security/cve/CVE-2020-14556.html
   https://www.suse.com/security/cve/CVE-2020-14577.html
   https://www.suse.com/security/cve/CVE-2020-14578.html
   https://www.suse.com/security/cve/CVE-2020-14579.html
   https://www.suse.com/security/cve/CVE-2020-14581.html
   https://www.suse.com/security/cve/CVE-2020-14583.html
   https://www.suse.com/security/cve/CVE-2020-14593.html
   https://www.suse.com/security/cve/CVE-2020-14621.html
   https://bugzilla.suse.com/1174157
   https://bugzilla.suse.com/1175259

_______________________________________________
sle-security-updates mailing list
sle-security-updates@lists.suse.com
https://lists.suse.com/mailman/listinfo/sle-security-updates

SUSE: 2020:2453-1 moderate: java-1_8_0-ibm

September 2, 2020
An update that fixes 9 vulnerabilities is now available

Summary

This update for java-1_8_0-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 6 Fix Pack 15 [bsc#1175259, bsc#1174157] CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14581 CVE-2020-14556 CVE-2020-14621 CVE-2020-14593 CVE-2020-14583 CVE-2019-17639 * Class Libraries: - JAVA.UTIL.ZIP.DEFLATER OPERATIONS THROW JAVA.LANG.INTERNALERROR - JAVA 8 DECODER OBJECTS CONSUME A LARGE AMOUNT OF JAVA HEAP - TRANSLATION MESSAGES UPDATE FOR JCL - UPDATE TIMEZONE INFORMATION TO TZDATA2020A * Java Virtual Machine: - IBM JAVA REGISTERS A HANDLER BY DEFAULT FOR SIGABRT - LARGE MEMORY FOOTPRINT HELD BY TRACECONTEXT OBJECT * JIT Compiler: - CRASH IN THE INTERPRETER AFTER OSR FROM INLINED SYNCHRONIZED METHOD IN DEBUGGING MODE - INTERMITTENT ASSERTION FAILURE REPORTED - CRASH IN RESOLVECLASSREF() DURING AOT LOAD - JIT CRASH DURING CLASS UNLOADING IN J9METHOD_HT::ONCLASSUNLOADING() - SEGMENTATION FAULT WHILE COMPILING A METHOD - UNEXPECTED CLASSCASTEXCEPTION THROWN IN HIGH LEVEL PARALLEL APPLICATION ON IBM Z PLATFORM * Security: - CERTIFICATEEXCEPTION OCCURS WHEN FILE.ENCODING PROPERTY SET TO NON DEFAULT VALUE - CHANGES TO IBMJCE AND IBMJCEPLUS PROVIDERS - IBMJCEPLUS FAILS, WHEN THE SECURITY MANAGER IS ENABLED, WITH DEFAULT PERMISSIONS, SPECIFIED IN JAVA.POLICY FILE - IN CERTAIN INSTANCES, IBMJCEPLUS PROVIDER THROWS EXCEPTION FROM KEYFACTORY CLASS Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2453=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2453=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP2: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2020-2453=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2020-2453=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): java-1_8_0-ibm-1.8.0_sr6.15-3.41.1 java-1_8_0-ibm-devel-1.8.0_sr6.15-3.41.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr6.15-3.41.1 java-1_8_0-ibm-plugin-1.8.0_sr6.15-3.41.1 - SUSE Linux Enterprise Server 15-LTSS (s390x): java-1_8_0-ibm-1.8.0_sr6.15-3.41.1 java-1_8_0-ibm-devel-1.8.0_sr6.15-3.41.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP2 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr6.15-3.41.1 java-1_8_0-ibm-devel-1.8.0_sr6.15-3.41.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP2 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr6.15-3.41.1 java-1_8_0-ibm-plugin-1.8.0_sr6.15-3.41.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr6.15-3.41.1 java-1_8_0-ibm-devel-1.8.0_sr6.15-3.41.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr6.15-3.41.1 java-1_8_0-ibm-plugin-1.8.0_sr6.15-3.41.1

References

#1174157 #1175259

Cross- CVE-2019-17639 CVE-2020-14556 CVE-2020-14577

CVE-2020-14578 CVE-2020-14579 CVE-2020-14581

CVE-2020-14583 CVE-2020-14593 CVE-2020-14621

Affected Products:

SUSE Linux Enterprise Server for SAP 15

SUSE Linux Enterprise Server 15-LTSS

SUSE Linux Enterprise Module for Legacy Software 15-SP2

SUSE Linux Enterprise Module for Legacy Software 15-SP1

https://www.suse.com/security/cve/CVE-2019-17639.html

https://www.suse.com/security/cve/CVE-2020-14556.html

https://www.suse.com/security/cve/CVE-2020-14577.html

https://www.suse.com/security/cve/CVE-2020-14578.html

https://www.suse.com/security/cve/CVE-2020-14579.html

https://www.suse.com/security/cve/CVE-2020-14581.html

https://www.suse.com/security/cve/CVE-2020-14583.html

https://www.suse.com/security/cve/CVE-2020-14593.html

https://www.suse.com/security/cve/CVE-2020-14621.html

https://bugzilla.suse.com/1174157

https://bugzilla.suse.com/1175259

Severity
Announcement ID: SUSE-SU-2020:2453-1
Rating: moderate

Related News

Security Highlights from KubeCon + CloudNativeCon 2023

Nov 18, 2023

Kubernetes Security on AWS: A Practical Guide

Nov 18, 2023

Nitrux 3.2.0 Linux Distro Released with Enhanced Security and New Features

Nov 28, 2023

Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits

Nov 25, 2023

News

Advisories

HOWTOs

Features

Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024
Cloud Security Basics for Small Businesses
Scanning and Defending Networks with Nmap

About Us

Powered By

Footer Logo