You are here
Home > Preporuke > Sigurnosni nedostaci programskih paketa java-1_7_0-openjdk i java-1_8_0-openjdk

Sigurnosni nedostaci programskih paketa java-1_7_0-openjdk i java-1_8_0-openjdk

by Marina Dimic Vugec - 0

openSUSE Security Update: Security update for java-1_7_0-openjdk
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:0042-1
Rating: important
References: #1101644 #1101645 #1101651 #1101656 #1112142
#1112143 #1112144 #1112146 #1112147 #1112152
#1112153
Cross-References: CVE-2018-13785 CVE-2018-16435 CVE-2018-2938
CVE-2018-2940 CVE-2018-2952 CVE-2018-2973
CVE-2018-3136 CVE-2018-3139 CVE-2018-3149
CVE-2018-3169 CVE-2018-3180 CVE-2018-3214
CVE-2018-3639
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that fixes 13 vulnerabilities is now available.

Description:

This update for java-1_7_0-openjdk to version 7u201 fixes the following
issues:

Security issues fixed:

– CVE-2018-3136: Manifest better support (bsc#1112142)
– CVE-2018-3139: Better HTTP Redirection (bsc#1112143)
– CVE-2018-3149: Enhance JNDI lookups (bsc#1112144)
– CVE-2018-3169: Improve field accesses (bsc#1112146)
– CVE-2018-3180: Improve TLS connections stability (bsc#1112147)
– CVE-2018-3214: Better RIFF reading support (bsc#1112152)
– CVE-2018-13785: Upgrade JDK 8u to libpng 1.6.35 (bsc#1112153)
– CVE-2018-16435: heap-based buffer overflow in SetData function in
cmsIT8LoadFromFile
– CVE-2018-2938: Support Derby connections (bsc#1101644)
– CVE-2018-2940: Better stack walking (bsc#1101645)
– CVE-2018-2952: Exception to Pattern Syntax (bsc#1101651)
– CVE-2018-2973: Improve LDAP support (bsc#1101656)
– CVE-2018-3639 cpu speculative store bypass mitigation

This update was imported from the SUSE:SLE-12:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

– openSUSE Leap 42.3:

zypper in -t patch openSUSE-2019-42=1

Package List:

– openSUSE Leap 42.3 (i586 x86_64):

java-1_7_0-openjdk-1.7.0.201-54.1
java-1_7_0-openjdk-accessibility-1.7.0.201-54.1
java-1_7_0-openjdk-bootstrap-1.7.0.201-54.1
java-1_7_0-openjdk-bootstrap-debuginfo-1.7.0.201-54.1
java-1_7_0-openjdk-bootstrap-debugsource-1.7.0.201-54.1
java-1_7_0-openjdk-bootstrap-devel-1.7.0.201-54.1
java-1_7_0-openjdk-bootstrap-devel-debuginfo-1.7.0.201-54.1
java-1_7_0-openjdk-bootstrap-headless-1.7.0.201-54.1
java-1_7_0-openjdk-bootstrap-headless-debuginfo-1.7.0.201-54.1
java-1_7_0-openjdk-debuginfo-1.7.0.201-54.1
java-1_7_0-openjdk-debugsource-1.7.0.201-54.1
java-1_7_0-openjdk-demo-1.7.0.201-54.1
java-1_7_0-openjdk-demo-debuginfo-1.7.0.201-54.1
java-1_7_0-openjdk-devel-1.7.0.201-54.1
java-1_7_0-openjdk-devel-debuginfo-1.7.0.201-54.1
java-1_7_0-openjdk-headless-1.7.0.201-54.1
java-1_7_0-openjdk-headless-debuginfo-1.7.0.201-54.1
java-1_7_0-openjdk-src-1.7.0.201-54.1

– openSUSE Leap 42.3 (noarch):

java-1_7_0-openjdk-javadoc-1.7.0.201-54.1

References:

https://www.suse.com/security/cve/CVE-2018-13785.html
https://www.suse.com/security/cve/CVE-2018-16435.html
https://www.suse.com/security/cve/CVE-2018-2938.html
https://www.suse.com/security/cve/CVE-2018-2940.html
https://www.suse.com/security/cve/CVE-2018-2952.html
https://www.suse.com/security/cve/CVE-2018-2973.html
https://www.suse.com/security/cve/CVE-2018-3136.html
https://www.suse.com/security/cve/CVE-2018-3139.html
https://www.suse.com/security/cve/CVE-2018-3149.html
https://www.suse.com/security/cve/CVE-2018-3169.html
https://www.suse.com/security/cve/CVE-2018-3180.html
https://www.suse.com/security/cve/CVE-2018-3214.html
https://www.suse.com/security/cve/CVE-2018-3639.html
https://bugzilla.suse.com/1101644
https://bugzilla.suse.com/1101645
https://bugzilla.suse.com/1101651
https://bugzilla.suse.com/1101656
https://bugzilla.suse.com/1112142
https://bugzilla.suse.com/1112143
https://bugzilla.suse.com/1112144
https://bugzilla.suse.com/1112146
https://bugzilla.suse.com/1112147
https://bugzilla.suse.com/1112152
https://bugzilla.suse.com/1112153


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

openSUSE Security Update: Security update for java-1_8_0-openjdk
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:0043-1
Rating: important
References: #1112142 #1112143 #1112144 #1112146 #1112147
#1112148 #1112152 #1112153
Cross-References: CVE-2018-13785 CVE-2018-16435 CVE-2018-3136
CVE-2018-3139 CVE-2018-3149 CVE-2018-3169
CVE-2018-3180 CVE-2018-3183 CVE-2018-3214

Affected Products:
openSUSE Leap 42.3
openSUSE Leap 15.0
______________________________________________________________________________

An update that fixes 9 vulnerabilities is now available.

Description:

This update for java-1_8_0-openjdk to version 8u191 fixes the following
issues:

Security issues fixed:

– CVE-2018-3136: Manifest better support (bsc#1112142)
– CVE-2018-3139: Better HTTP Redirection (bsc#1112143)
– CVE-2018-3149: Enhance JNDI lookups (bsc#1112144)
– CVE-2018-3169: Improve field accesses (bsc#1112146)
– CVE-2018-3180: Improve TLS connections stability (bsc#1112147)
– CVE-2018-3214: Better RIFF reading support (bsc#1112152)
– CVE-2018-13785: Upgrade JDK 8u to libpng 1.6.35 (bsc#1112153)
– CVE-2018-3183: Improve script engine support (bsc#1112148)
– CVE-2018-16435: heap-based buffer overflow in SetData function in
cmsIT8LoadFromFile

This update was imported from the SUSE:SLE-15:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

– openSUSE Leap 42.3:

zypper in -t patch openSUSE-2019-43=1

– openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-43=1

Package List:

– openSUSE Leap 42.3 (i586 x86_64):

java-1_8_0-openjdk-1.8.0.191-30.1
java-1_8_0-openjdk-accessibility-1.8.0.191-30.1
java-1_8_0-openjdk-debuginfo-1.8.0.191-30.1
java-1_8_0-openjdk-debugsource-1.8.0.191-30.1
java-1_8_0-openjdk-demo-1.8.0.191-30.1
java-1_8_0-openjdk-demo-debuginfo-1.8.0.191-30.1
java-1_8_0-openjdk-devel-1.8.0.191-30.1
java-1_8_0-openjdk-devel-debuginfo-1.8.0.191-30.1
java-1_8_0-openjdk-headless-1.8.0.191-30.1
java-1_8_0-openjdk-headless-debuginfo-1.8.0.191-30.1
java-1_8_0-openjdk-src-1.8.0.191-30.1

– openSUSE Leap 42.3 (noarch):

java-1_8_0-openjdk-javadoc-1.8.0.191-30.1

– openSUSE Leap 15.0 (i586 x86_64):

java-1_8_0-openjdk-1.8.0.191-lp150.2.9.2
java-1_8_0-openjdk-accessibility-1.8.0.191-lp150.2.9.2
java-1_8_0-openjdk-debuginfo-1.8.0.191-lp150.2.9.2
java-1_8_0-openjdk-debugsource-1.8.0.191-lp150.2.9.2
java-1_8_0-openjdk-demo-1.8.0.191-lp150.2.9.2
java-1_8_0-openjdk-demo-debuginfo-1.8.0.191-lp150.2.9.2
java-1_8_0-openjdk-devel-1.8.0.191-lp150.2.9.2
java-1_8_0-openjdk-devel-debuginfo-1.8.0.191-lp150.2.9.2
java-1_8_0-openjdk-headless-1.8.0.191-lp150.2.9.2
java-1_8_0-openjdk-headless-debuginfo-1.8.0.191-lp150.2.9.2
java-1_8_0-openjdk-src-1.8.0.191-lp150.2.9.2

– openSUSE Leap 15.0 (noarch):

java-1_8_0-openjdk-javadoc-1.8.0.191-lp150.2.9.2

References:

https://www.suse.com/security/cve/CVE-2018-13785.html
https://www.suse.com/security/cve/CVE-2018-16435.html
https://www.suse.com/security/cve/CVE-2018-3136.html
https://www.suse.com/security/cve/CVE-2018-3139.html
https://www.suse.com/security/cve/CVE-2018-3149.html
https://www.suse.com/security/cve/CVE-2018-3169.html
https://www.suse.com/security/cve/CVE-2018-3180.html
https://www.suse.com/security/cve/CVE-2018-3183.html
https://www.suse.com/security/cve/CVE-2018-3214.html
https://bugzilla.suse.com/1112142
https://bugzilla.suse.com/1112143
https://bugzilla.suse.com/1112144
https://bugzilla.suse.com/1112146
https://bugzilla.suse.com/1112147
https://bugzilla.suse.com/1112148
https://bugzilla.suse.com/1112152
https://bugzilla.suse.com/1112153


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

Marina Dimic Vugec
Top
More in Preporuke
Sigurnosni nedostaci programske biblioteke LibVNCServer

Otkriveni su sigurnosni nedostaci programske biblioteke LibVNCServer za operacijski sustav openSUSE. Otkriveni nedostaci potencijalnim napadačima omogućuju izazivanje DoS stanja, izvršavanje...

Close