SUSE Linux Enterprise Module for Legacy Software 15-SP1, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Module for Legacy Software 15-SP2
SUSE Security Update: Security update for java-1_8_0-ibm ______________________________________________________________________________
Announcement ID: SUSE-SU-2020:1684-1 Rating: important References: #1160968 #1169511 #1171352 #1172277 Cross-References: CVE-2019-2949 CVE-2020-2654 CVE-2020-2754 CVE-2020-2755 CVE-2020-2756 CVE-2020-2757 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 CVE-2020-2830 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Legacy Software 15-SP2 SUSE Linux Enterprise Module for Legacy Software 15-SP1 ______________________________________________________________________________
An update that fixes 11 vulnerabilities is now available.
Description:
This update for java-1_8_0-ibm fixes the following issues:
java-1_8_0-ibm was updated to Java 8.0 Service Refresh 6 Fix Pack 10 (bsc#1172277,bsc#1169511,bsc#1160968)
- CVE-2020-2654: Fixed an issue which could have resulted in unauthorized ability to cause a partial denial of service - CVE-2020-2754: Forwarded references to Nashorn - CVE-2020-2755: Improved Nashorn matching - CVE-2020-2756: Improved mapping of serial ENUMs - CVE-2020-2757: Less Blocking Array Queues - CVE-2020-2781: Improved TLS session handling - CVE-2020-2800: Improved Headings for HTTP Servers - CVE-2020-2803: Enhanced buffering of byte buffers - CVE-2020-2805: Enhanced typing of methods - CVE-2020-2830: Improved Scanner conversions - CVE-2019-2949: Fixed an issue which could have resulted in unauthorized access to critical data - Added RSA PSS SUPPORT TO IBMPKCS11IMPL - The pack200 and unpack200 alternatives should be slaves of java (bsc#1171352).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server for SAP 15:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-1684=1
- SUSE Linux Enterprise Server 15-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-2020-1684=1
- SUSE Linux Enterprise Module for Legacy Software 15-SP2:
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2020-1684=1
- SUSE Linux Enterprise Module for Legacy Software 15-SP1:
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2020-1684=1
Package List:
- SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):