Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in java-1_8_0-ibm
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in java-1_8_0-ibm
ID: SUSE-SU-2020:2453-1
Distribution: SUSE
Plattformen: SUSE Linux Enterprise Module for Legacy Software 15-SP1, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Module for Legacy Software 15-SP2
Datum: Mi, 2. September 2020, 19:17
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14556
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14581
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17639
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14577
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14583
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14621
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14579
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14593
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14578
Applikationen: IBM JDK for Linux

Originalnachricht


SUSE Security Update: Security update for java-1_8_0-ibm
______________________________________________________________________________

Announcement ID: SUSE-SU-2020:2453-1
Rating: moderate
References: #1174157 #1175259
Cross-References: CVE-2019-17639 CVE-2020-14556 CVE-2020-14577
CVE-2020-14578 CVE-2020-14579 CVE-2020-14581
CVE-2020-14583 CVE-2020-14593 CVE-2020-14621

Affected Products:
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Module for Legacy Software 15-SP2
SUSE Linux Enterprise Module for Legacy Software 15-SP1
______________________________________________________________________________

An update that fixes 9 vulnerabilities is now available.

Description:

This update for java-1_8_0-ibm fixes the following issues:

- Update to Java 8.0 Service Refresh 6 Fix Pack 15 [bsc#1175259,
bsc#1174157] CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14581
CVE-2020-14556 CVE-2020-14621 CVE-2020-14593 CVE-2020-14583
CVE-2019-17639
* Class Libraries:
- JAVA.UTIL.ZIP.DEFLATER OPERATIONS THROW JAVA.LANG.INTERNALERROR
- JAVA 8 DECODER OBJECTS CONSUME A LARGE AMOUNT OF JAVA HEAP
- TRANSLATION MESSAGES UPDATE FOR JCL
- UPDATE TIMEZONE INFORMATION TO TZDATA2020A
* Java Virtual Machine:
- IBM JAVA REGISTERS A HANDLER BY DEFAULT FOR SIGABRT
- LARGE MEMORY FOOTPRINT HELD BY TRACECONTEXT OBJECT
* JIT Compiler:
- CRASH IN THE INTERPRETER AFTER OSR FROM INLINED SYNCHRONIZED METHOD
IN DEBUGGING MODE
- INTERMITTENT ASSERTION FAILURE REPORTED
- CRASH IN RESOLVECLASSREF() DURING AOT LOAD
- JIT CRASH DURING CLASS UNLOADING IN J9METHOD_HT::ONCLASSUNLOADING()
- SEGMENTATION FAULT WHILE COMPILING A METHOD
- UNEXPECTED CLASSCASTEXCEPTION THROWN IN HIGH LEVEL PARALLEL
APPLICATION ON IBM Z PLATFORM
* Security:
- CERTIFICATEEXCEPTION OCCURS WHEN FILE.ENCODING PROPERTY SET TO NON
DEFAULT VALUE
- CHANGES TO IBMJCE AND IBMJCEPLUS PROVIDERS
- IBMJCEPLUS FAILS, WHEN THE SECURITY MANAGER IS ENABLED, WITH DEFAULT
PERMISSIONS, SPECIFIED IN JAVA.POLICY FILE
- IN CERTAIN INSTANCES, IBMJCEPLUS PROVIDER THROWS EXCEPTION FROM
KEYFACTORY CLASS


Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- SUSE Linux Enterprise Server for SAP 15:

zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2453=1

- SUSE Linux Enterprise Server 15-LTSS:

zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2453=1

- SUSE Linux Enterprise Module for Legacy Software 15-SP2:

zypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2020-2453=1

- SUSE Linux Enterprise Module for Legacy Software 15-SP1:

zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2020-2453=1



Package List:

- SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):

java-1_8_0-ibm-1.8.0_sr6.15-3.41.1
java-1_8_0-ibm-devel-1.8.0_sr6.15-3.41.1

- SUSE Linux Enterprise Server for SAP 15 (x86_64):

java-1_8_0-ibm-alsa-1.8.0_sr6.15-3.41.1
java-1_8_0-ibm-plugin-1.8.0_sr6.15-3.41.1

- SUSE Linux Enterprise Server 15-LTSS (s390x):

java-1_8_0-ibm-1.8.0_sr6.15-3.41.1
java-1_8_0-ibm-devel-1.8.0_sr6.15-3.41.1

- SUSE Linux Enterprise Module for Legacy Software 15-SP2 (ppc64le s390x
x86_64):

java-1_8_0-ibm-1.8.0_sr6.15-3.41.1
java-1_8_0-ibm-devel-1.8.0_sr6.15-3.41.1

- SUSE Linux Enterprise Module for Legacy Software 15-SP2 (x86_64):

java-1_8_0-ibm-alsa-1.8.0_sr6.15-3.41.1
java-1_8_0-ibm-plugin-1.8.0_sr6.15-3.41.1

- SUSE Linux Enterprise Module for Legacy Software 15-SP1 (ppc64le s390x
x86_64):

java-1_8_0-ibm-1.8.0_sr6.15-3.41.1
java-1_8_0-ibm-devel-1.8.0_sr6.15-3.41.1

- SUSE Linux Enterprise Module for Legacy Software 15-SP1 (x86_64):

java-1_8_0-ibm-alsa-1.8.0_sr6.15-3.41.1
java-1_8_0-ibm-plugin-1.8.0_sr6.15-3.41.1


References:

https://www.suse.com/security/cve/CVE-2019-17639.html
https://www.suse.com/security/cve/CVE-2020-14556.html
https://www.suse.com/security/cve/CVE-2020-14577.html
https://www.suse.com/security/cve/CVE-2020-14578.html
https://www.suse.com/security/cve/CVE-2020-14579.html
https://www.suse.com/security/cve/CVE-2020-14581.html
https://www.suse.com/security/cve/CVE-2020-14583.html
https://www.suse.com/security/cve/CVE-2020-14593.html
https://www.suse.com/security/cve/CVE-2020-14621.html
https://bugzilla.suse.com/1174157
https://bugzilla.suse.com/1175259

_______________________________________________
sle-security-updates mailing list
sle-security-updates@lists.suse.com
http://lists.suse.com/mailman/listinfo/sle-security-updates
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung