Mehrere Probleme in java-1_8_0-openjdk
ID: | SUSE-SU-2021:0533-1 |
Distribution: | SUSE |
Plattformen: | SUSE OpenStack Cloud 7, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE OpenStack Cloud Crowbar 8, SUSE HPE Helion Openstack 8, SUSE OpenStack Cloud 8, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server for SAP 12-SP4, SUSE OpenStack Cloud 9, SUSE OpenStack Cloud Crowbar 9, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP4-LTSS |
Datum: | Sa, 20. Februar 2021, 00:03 |
Referenzen: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14803 |
Applikationen: | OpenJDK |
Originalnachricht |
|
SUSE Security Update: Security update for java-1_8_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0533-1 Rating: moderate References: #1181239 Cross-References: CVE-2020-14803 CVSS scores: CVE-2020-14803 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2020-14803 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for java-1_8_0-openjdk fixes the following issues: - Update to version jdk8u282 (icedtea 3.18.0) * January 2021 CPU (bsc#1181239) * Security fixes + JDK-8247619: Improve Direct Buffering of Characters (CVE-2020-14803) * Import of OpenJDK 8 u282 build 01 + JDK-6962725: Regtest javax/swing/JFileChooser/6738668/ /bug6738668.java fails under Linux + JDK-8025936: Windows .pdb and .map files does not have proper dependencies setup + JDK-8030350: Enable additional compiler warnings for GCC + JDK-8031423: Test java/awt/dnd/DisposeFrameOnDragCrash/ /DisposeFrameOnDragTest.java fails by Timeout on Windows + JDK-8036122: Fix warning 'format not a string literal' + JDK-8051853: new URI("x/").resolve("..").getSchemeSpecificPart() returns null! + JDK-8132664: closed/javax/swing/DataTransfer/DefaultNoDrop/ /DefaultNoDrop.java locks on Windows + JDK-8134632: Mark javax/sound/midi/Devices/ /InitializationHang.java as headful + JDK-8148854: Class names "SomeClass" and "LSomeClass;" treated by JVM as an equivalent + JDK-8148916: Mark bug6400879.java as intermittently failing + JDK-8148983: Fix extra comma in changes for JDK-8148916 + JDK-8160438: javax/swing/plaf/nimbus/8057791/bug8057791.java fails + JDK-8165808: Add release barriers when allocating objects with concurrent collection + JDK-8185003: JMX: Add a version of ThreadMXBean.dumpAllThreads with a maxDepth argument + JDK-8202076: test/jdk/java/io/File/WinSpecialFiles.java on windows with VS2017 + JDK-8207766: [testbug] Adapt tests for Aix. + JDK-8212070: Introduce diagnostic flag to abort VM on failed JIT compilation + JDK-8213448: [TESTBUG] enhance jfr/jvm/TestDumpOnCrash + JDK-8215727: Restore JFR thread sampler loop to old / previous behavior + JDK-8220657: JFR.dump does not work when filename is set + JDK-8221342: [TESTBUG] Generate Dockerfile for docker testing + JDK-8224502: [TESTBUG] JDK docker test TestSystemMetrics.java fails with access issues and OOM + JDK-8231209: [REDO] ThreadMXBean::getThreadAllocatedBytes() can be quicker for self thread + JDK-8231968: getCurrentThreadAllocatedBytes default implementation s/b getThreadAllocatedBytes + JDK-8232114: JVM crashed at imjpapi.dll in native code + JDK-8234270: [REDO] JDK-8204128 NMT might report incorrect numbers for Compiler area + JDK-8234339: replace JLI_StrTok in java_md_solinux.c + JDK-8238448: RSASSA-PSS signature verification fail when using certain odd key sizes + JDK-8242335: Additional Tests for RSASSA-PSS + JDK-8244225: stringop-overflow warning on strncpy call from compile_the_world_in + JDK-8245400: Upgrade to LittleCMS 2.11 + JDK-8248214: Add paddings for TaskQueueSuper to reduce false-sharing cache contention + JDK-8249176: Update GlobalSignR6CA test certificates + JDK-8250665: Wrong translation for the month name of May in ar_JO,LB,SY + JDK-8250928: JFR: Improve hash algorithm for stack traces + JDK-8251469: Better cleanup for test/jdk/javax/imageio/SetOutput.java + JDK-8251840: Java_sun_awt_X11_XToolkit_getDefaultScreenData should not be in make/mapfiles/libawt_xawt/mapfile-vers + JDK-8252384: [TESTBUG] Some tests refer to COMPAT provider rather than JRE + JDK-8252395: [8u] --with-native-debug-symbols=external doesn't include debuginfo files for binaries + JDK-8252497: Incorrect numeric currency code for ROL + JDK-8252754: Hash code calculation of JfrStackTrace is inconsistent + JDK-8252904: VM crashes when JFR is used and JFR event class is transformed + JDK-8252975: [8u] JDK-8252395 breaks the build for --with-native-debug-symbols=internal + JDK-8253284: Zero OrderAccess barrier mappings are incorrect + JDK-8253550: [8u] JDK-8252395 breaks the build for make STRIP_POLICY=no_strip + JDK-8253752: test/sun/management/jmxremote/bootstrap/ /RmiBootstrapTest.java fails randomly + JDK-8254081: java/security/cert/PolicyNode/ /GetPolicyQualifiers.java fails due to an expired certificate + JDK-8254144: Non-x86 Zero builds fail with return-type warning in os_linux_zero.cpp + JDK-8254166: Zero: return-type warning in zeroInterpreter_zero.cpp + JDK-8254683: [TEST_BUG] jdk/test/sun/tools/jconsole/ /WorkerDeadlockTest.java fails + JDK-8255003: Build failures on Solaris Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-533=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-533=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-533=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-533=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2021-533=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-533=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-533=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2021-533=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-533=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-533=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-533=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-533=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2021-533=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-533=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-533=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): java-1_8_0-openjdk-1.8.0.282-27.56.2 java-1_8_0-openjdk-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-debugsource-1.8.0.282-27.56.2 java-1_8_0-openjdk-demo-1.8.0.282-27.56.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-devel-1.8.0.282-27.56.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-headless-1.8.0.282-27.56.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.282-27.56.2 - SUSE OpenStack Cloud Crowbar 8 (x86_64): java-1_8_0-openjdk-1.8.0.282-27.56.2 java-1_8_0-openjdk-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-debugsource-1.8.0.282-27.56.2 java-1_8_0-openjdk-demo-1.8.0.282-27.56.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-devel-1.8.0.282-27.56.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-headless-1.8.0.282-27.56.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.282-27.56.2 - SUSE OpenStack Cloud 9 (x86_64): java-1_8_0-openjdk-1.8.0.282-27.56.2 java-1_8_0-openjdk-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-debugsource-1.8.0.282-27.56.2 java-1_8_0-openjdk-demo-1.8.0.282-27.56.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-devel-1.8.0.282-27.56.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-headless-1.8.0.282-27.56.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.282-27.56.2 - SUSE OpenStack Cloud 8 (x86_64): java-1_8_0-openjdk-1.8.0.282-27.56.2 java-1_8_0-openjdk-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-debugsource-1.8.0.282-27.56.2 java-1_8_0-openjdk-demo-1.8.0.282-27.56.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-devel-1.8.0.282-27.56.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-headless-1.8.0.282-27.56.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.282-27.56.2 - SUSE OpenStack Cloud 7 (s390x x86_64): java-1_8_0-openjdk-1.8.0.282-27.56.2 java-1_8_0-openjdk-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-debugsource-1.8.0.282-27.56.2 java-1_8_0-openjdk-demo-1.8.0.282-27.56.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-devel-1.8.0.282-27.56.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-headless-1.8.0.282-27.56.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.282-27.56.2 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): java-1_8_0-openjdk-1.8.0.282-27.56.2 java-1_8_0-openjdk-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-debugsource-1.8.0.282-27.56.2 java-1_8_0-openjdk-demo-1.8.0.282-27.56.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-devel-1.8.0.282-27.56.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-headless-1.8.0.282-27.56.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.282-27.56.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): java-1_8_0-openjdk-1.8.0.282-27.56.2 java-1_8_0-openjdk-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-debugsource-1.8.0.282-27.56.2 java-1_8_0-openjdk-demo-1.8.0.282-27.56.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-devel-1.8.0.282-27.56.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-headless-1.8.0.282-27.56.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.282-27.56.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): java-1_8_0-openjdk-1.8.0.282-27.56.2 java-1_8_0-openjdk-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-debugsource-1.8.0.282-27.56.2 java-1_8_0-openjdk-demo-1.8.0.282-27.56.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-devel-1.8.0.282-27.56.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-headless-1.8.0.282-27.56.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.282-27.56.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.282-27.56.2 java-1_8_0-openjdk-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-debugsource-1.8.0.282-27.56.2 java-1_8_0-openjdk-demo-1.8.0.282-27.56.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-devel-1.8.0.282-27.56.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-headless-1.8.0.282-27.56.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.282-27.56.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.282-27.56.2 java-1_8_0-openjdk-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-debugsource-1.8.0.282-27.56.2 java-1_8_0-openjdk-demo-1.8.0.282-27.56.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-devel-1.8.0.282-27.56.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-headless-1.8.0.282-27.56.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.282-27.56.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.282-27.56.2 java-1_8_0-openjdk-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-debugsource-1.8.0.282-27.56.2 java-1_8_0-openjdk-demo-1.8.0.282-27.56.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-devel-1.8.0.282-27.56.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-headless-1.8.0.282-27.56.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.282-27.56.2 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): java-1_8_0-openjdk-1.8.0.282-27.56.2 java-1_8_0-openjdk-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-debugsource-1.8.0.282-27.56.2 java-1_8_0-openjdk-demo-1.8.0.282-27.56.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-devel-1.8.0.282-27.56.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-headless-1.8.0.282-27.56.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.282-27.56.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.282-27.56.2 java-1_8_0-openjdk-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-debugsource-1.8.0.282-27.56.2 java-1_8_0-openjdk-demo-1.8.0.282-27.56.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-devel-1.8.0.282-27.56.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-headless-1.8.0.282-27.56.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.282-27.56.2 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): java-1_8_0-openjdk-1.8.0.282-27.56.2 java-1_8_0-openjdk-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-debugsource-1.8.0.282-27.56.2 java-1_8_0-openjdk-demo-1.8.0.282-27.56.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-devel-1.8.0.282-27.56.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-headless-1.8.0.282-27.56.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.282-27.56.2 - HPE Helion Openstack 8 (x86_64): java-1_8_0-openjdk-1.8.0.282-27.56.2 java-1_8_0-openjdk-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-debugsource-1.8.0.282-27.56.2 java-1_8_0-openjdk-demo-1.8.0.282-27.56.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-devel-1.8.0.282-27.56.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.282-27.56.2 java-1_8_0-openjdk-headless-1.8.0.282-27.56.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.282-27.56.2 References: https://www.suse.com/security/cve/CVE-2020-14803.html https://bugzilla.suse.com/1181239 |