Sicherheit: Mehrere Probleme in java-11-openjdk
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in java-11-openjdk
ID: openSUSE-SU-2019:0161-1
Distribution: SUSE
Plattformen: SUSE openSUSE Leap 15.0
Datum: Di, 12. Februar 2019, 17:23
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11212
Applikationen: OpenJDK


   openSUSE Security Update: Security update for java-11-openjdk

Announcement ID: openSUSE-SU-2019:0161-1
Rating: important
References: #1120431 #1122293 #1122299
Cross-References: CVE-2018-11212 CVE-2019-2422 CVE-2019-2426

Affected Products:
openSUSE Leap 15.0

An update that fixes three vulnerabilities is now available.


This update for java-11-openjdk to version 11.0.2+7 fixes the following

Security issues fixed:

- CVE-2019-2422: Better FileChannel transfer performance (bsc#1122293)
- CVE-2019-2426: Improve web server connections
- CVE-2018-11212: Improve JPEG processing (bsc#1122299)
- Better route routing
- Better interface enumeration
- Better interface lists
- Improve BigDecimal support
- Improve robot support
- Better icon support
- Choose printer defaults
- Proper allocation handling
- Initial class initialization
- More reliable p11 transactions
- Improve NIO stability
- Better loading of classloader classes
- Strengthen Windows Access Bridge Support
- Improved data set handling
- Improved LSA authentication
- Libsunmscapi improved interactions

Non-security issues fix:

- Do not resolve by default the added JavaEE modules (bsc#1120431)
- ~2.5% regression on compression benchmark starting with 12-b11
- java.net.http.HttpClient hangs on 204 reply without Content-length 0
- Add additional TeliaSonera root certificate
- Add more ld preloading related info to hs_error file on Linux
- Add test to exercise server-side client hello processing
- AES encrypt performance regression in jdk11b11
- AIX: ProcessBuilder: Piping between created processes does not work.
- AIX: Some class library files are missing the Classpath exception
- AppCDS crashes for some uses with JRuby
- Automate vtable/itable stub size calculation
- BarrierSetC1::generate_referent_check() confuses register allocator
- Better HTTP Redirection
- Catastrophic size_t underflow in BitMap::*_large methods
- Clip.isRunning() may return true after Clip.stop() was called
- Compiler thread creation should be bounded by available space in memory
and Code Cache
- com.sun.net.httpserver.HttpServer returns Content-length header for 204
response code
- Default mask register for avx512 instructions
- Delayed starting of debugging via jcmd
- Disable all DES cipher suites
- Disable anon and NULL cipher suites
- Disable unsupported GCs for Zero
- Epsilon alignment adjustments can overflow max TLAB size
- Epsilon elastic TLAB sizing may cause misalignment
- HotSpot update for vm_version.cpp to recognise updated VS2017
- HttpClient does not retrieve files with large sizes over HTTP/1.1
- IIOException "tEXt chunk length is not proper" on opening png file
- Improve TLS connection stability again
- InitialDirContext ctor sometimes throws NPE if the server has sent a
- Inspect stack during error reporting
- Instead of circle rendered in appl window, but ellipse is produced
JEditor Pane
- Introduce diagnostic flag to abort VM on failed JIT compilation
- Invalid assert(HeapBaseMinAddress > 0) in
- jar has issues with UNC-path arguments for the jar -C parameter [windows]
- java.net.http HTTP client should allow specifying Origin and Referer
- java.nio.file.Files.writeString writes garbled UTF-16 instead of UTF-8
- JDK 11.0.1 l10n resource file update
- JDWP Transport Listener: dt_socket thread crash
- JVMTI ResourceExhausted should not be posted in CompilerThread
- LDAPS communication failure with jdk 1.8.0_181
- linux: Poor StrictMath performance due to non-optimized compilation
- Missing synchronization when reading counters for live threads and peak
thread count
- NPE in SupportedGroupsExtension
- OpenDataException thrown when constructing CompositeData for
- Parent class loader may not have a referred ClassLoaderData instance
when obtained in Klass::class_in_module_of_loader
- Populate handlers while holding streamHandlerLock
- ppc64: Enable POWER9 CPU detection
- print_location is not reliable enough (printing register info)
- Reconsider default option for ClassPathURLCheck change done in
- Register to register spill may use AVX 512 move instruction on
unsupported platform.
- s390: Use of shift operators not covered by cpp standard
- serviceability/sa/TestUniverse.java#id0 intermittently fails with
assert(get_instanceKlass()->is_loaded()) failed: must be at least
- SIGBUS in CodeHeapState::print_names()
- SIGSEGV in MethodArityHistogram() with -XX:+CountCompiledCalls
- Soft reference reclamation race in
- Swing apps are slow if displaying from a remote source to many local
- switch jtreg to 4.2b13
- Test library OSInfo.getSolarisVersion cannot determine Solaris version
- TestOptionsWithRanges.java is very slow
- TestOptionsWithRanges.java of '-XX:TLABSize=2147483648' fails
- The Japanese message of FileNotFoundException garbled
- The "supported_groups" extension in ServerHellos
- ThreadInfoCompositeData.toCompositeData fails to map ThreadInfo to
- TimeZone.getDisplayName given Locale.US doesn't always honor the
- TLS 1.2 Support algorithm in SunPKCS11 provider
- TLS 1.3 handshake server name indication is missing on a session resume
- TLS 1.3 server fails if ClientHello doesn't have pre_shared_key and
- TLS 1.3 interop problems with OpenSSL 1.1.1 when used on the client side
with mutual auth
- tz: Upgrade time-zone data to tzdata2018g
- Undefined behaviour in ADLC
- Update avx512 implementation
- URLStreamHandler initialization race
- UseCompressedOops requirement check fails fails on 32-bit system
- windows: Update OS detection code to recognize Windows Server 2019
- x86: assert on unbound assembler Labels used as branch targets
- x86: jck tests for ldc2_w bytecode fail
- x86: sharedRuntimeTrig/sharedRuntimeTrans compiled without optimization
- "-XX:OnOutOfMemoryError" uses fork instead of vfork

This update was imported from the SUSE:SLE-15:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended
installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-161=1

Package List:

- openSUSE Leap 15.0 (x86_64):


- openSUSE Leap 15.0 (noarch):




To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org
Pro-Linux @Facebook
Neue Nachrichten