Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 573
Alerts This Week
Warning Icon 1 573

SUSE: 2021:0665-1 Moderate: OpenJDK Buffer Overflow Security Advisory

suse
Calendar Grey March 1, 2021
Dist Suse Esm H88
Important security patch for java-1_8_0-openjdk on SUSE. Addresses CVE-2020-14803, includes detailed installation guidance.
An update that fixes one vulnerability is now available

Summary

This update for java-1_8_0-openjdk fixes the following issues: - Update to version jdk8u282 (icedtea 3.18.0) * January 2021 CPU (bsc#1181239) * Security fixes + JDK-8247619: Improve Direct Buffering of Characters (CVE-2020-14803) * Import of OpenJDK 8 u282 build 01 + JDK-6962725: Regtest javax/swing/JFileChooser/6738668/ /bug6738668.java fails under Linux + JDK-8025936: Windows .pdb and .map files does not have proper dependencies setup + JDK-8030350: Enable additional compiler warnings for GCC + JDK-8031423: Test java/awt/dnd/DisposeFrameOnDragCrash/ /DisposeFrameOnDragTest.java fails by Timeout on Windows + JDK-8036122: Fix warning 'format not a string literal' + JDK-8051853: new URI("x/").resolve("..").getSchemeSpecificPart() returns null!

References

#1181239

Cross- CVE-2020-14803

CVSS scores:

CVE-2020-14803 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVE-2020-14803 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected Products:

SUSE Manager Server 4.0

SUSE Manager Retail Branch Server 4.0

SUSE Manager Proxy 4.0

SUSE Linux Enterprise Server for SAP 15-SP1

SUSE Linux Enterprise Server for SAP 15

SUSE Linux Enterprise Server 15-SP1-LTSS

SUSE Linux Enterprise Server 15-SP1-BCL

SUSE Linux Enterprise Server 15-LTSS

SUSE Linux Enterprise Module for Legacy Software 15-SP3

SUSE Linux Enterprise Module for Legacy Software 15-SP2

SUSE Enterprise Storage 6

SUSE CaaS Platform 4.0

https://www.suse.com/security/cve/CVE-2020-14803.html

https://b...

Read the Full Advisory

Announcement ID: SUSE-SU-2021:0665-1
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.