Security update for java-1_8_0-openjdk

Announcement ID:	SUSE-SU-2020:0231-1
Rating:	important
References:	bsc#1160968
Cross-References:	CVE-2020-2583 CVE-2020-2590 CVE-2020-2593 CVE-2020-2601 CVE-2020-2604 CVE-2020-2654 CVE-2020-2659
CVSS scores:	CVE-2020-2583 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2020-2590 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2020-2593 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2020-2593 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2020-2601 ( NVD ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N CVE-2020-2604 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-2604 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-2654 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2020-2659 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2020-2659 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected Products:	Legacy Module 15-SP1 Legacy Module 15 SUSE Linux Enterprise Desktop 15 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15 LTSS 15 SUSE Linux Enterprise Server 15 SP1 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15 SP1 SUSE Manager Proxy 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Server 4.0 SUSE Package Hub 15

An update that solves seven vulnerabilities can now be installed.

Description:

This update for java-1_8_0-openjdk fixes the following issues:

Update java-1_8_0-openjdk to version jdk8u242 (icedtea 3.15.0) (January 2020 CPU, bsc#1160968):

• CVE-2020-2583: Unlink Set of LinkedHashSets
• CVE-2020-2590: Improve Kerberos interop capabilities
• CVE-2020-2593: Normalize normalization for all
• CVE-2020-2601: Better Ticket Granting Services
• CVE-2020-2604: Better serial filter handling
• CVE-2020-2659: Enhance datagram socket support
• CVE-2020-2654: Improve Object Identifier Processing

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• Legacy Module 15
  zypper in -t patch SUSE-SLE-Module-Legacy-15-2020-231=1
• Legacy Module 15-SP1
  zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2020-231=1
• SUSE Package Hub 15
  zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-2020-231=1
• SUSE Linux Enterprise Server 15 LTSS 15
  zypper in -t patch SUSE-SLE-Product-SLES-15-2020-231=1
• SUSE Linux Enterprise Server for SAP Applications 15
  zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-231=1

Package List:

• Legacy Module 15 (aarch64 ppc64le s390x x86_64)
  • java-1_8_0-openjdk-devel-debuginfo-1.8.0.242-3.30.2
  • java-1_8_0-openjdk-devel-1.8.0.242-3.30.2
  • java-1_8_0-openjdk-demo-debuginfo-1.8.0.242-3.30.2
  • java-1_8_0-openjdk-headless-1.8.0.242-3.30.2
  • java-1_8_0-openjdk-debuginfo-1.8.0.242-3.30.2
  • java-1_8_0-openjdk-demo-1.8.0.242-3.30.2
  • java-1_8_0-openjdk-headless-debuginfo-1.8.0.242-3.30.2
  • java-1_8_0-openjdk-1.8.0.242-3.30.2
  • java-1_8_0-openjdk-debugsource-1.8.0.242-3.30.2
• Legacy Module 15-SP1 (aarch64 ppc64le s390x x86_64)
  • java-1_8_0-openjdk-devel-debuginfo-1.8.0.242-3.30.2
  • java-1_8_0-openjdk-devel-1.8.0.242-3.30.2
  • java-1_8_0-openjdk-demo-debuginfo-1.8.0.242-3.30.2
  • java-1_8_0-openjdk-headless-1.8.0.242-3.30.2
  • java-1_8_0-openjdk-debuginfo-1.8.0.242-3.30.2
  • java-1_8_0-openjdk-demo-1.8.0.242-3.30.2
  • java-1_8_0-openjdk-headless-debuginfo-1.8.0.242-3.30.2
  • java-1_8_0-openjdk-1.8.0.242-3.30.2
  • java-1_8_0-openjdk-debugsource-1.8.0.242-3.30.2
• SUSE Package Hub 15 (noarch)
  • java-1_8_0-openjdk-javadoc-1.8.0.242-3.30.2
• SUSE Linux Enterprise Server 15 LTSS 15 (aarch64 ppc64le s390x x86_64)
  • java-1_8_0-openjdk-devel-debuginfo-1.8.0.242-3.30.2
  • java-1_8_0-openjdk-devel-1.8.0.242-3.30.2
  • java-1_8_0-openjdk-demo-debuginfo-1.8.0.242-3.30.2
  • java-1_8_0-openjdk-headless-1.8.0.242-3.30.2
  • java-1_8_0-openjdk-debuginfo-1.8.0.242-3.30.2
  • java-1_8_0-openjdk-demo-1.8.0.242-3.30.2
  • java-1_8_0-openjdk-headless-debuginfo-1.8.0.242-3.30.2
  • java-1_8_0-openjdk-1.8.0.242-3.30.2
  • java-1_8_0-openjdk-debugsource-1.8.0.242-3.30.2
• SUSE Linux Enterprise Server for SAP Applications 15 (ppc64le x86_64)
  • java-1_8_0-openjdk-devel-debuginfo-1.8.0.242-3.30.2
  • java-1_8_0-openjdk-devel-1.8.0.242-3.30.2
  • java-1_8_0-openjdk-demo-debuginfo-1.8.0.242-3.30.2
  • java-1_8_0-openjdk-headless-1.8.0.242-3.30.2
  • java-1_8_0-openjdk-debuginfo-1.8.0.242-3.30.2
  • java-1_8_0-openjdk-demo-1.8.0.242-3.30.2
  • java-1_8_0-openjdk-headless-debuginfo-1.8.0.242-3.30.2
  • java-1_8_0-openjdk-1.8.0.242-3.30.2
  • java-1_8_0-openjdk-debugsource-1.8.0.242-3.30.2

References:

• https://www.suse.com/security/cve/CVE-2020-2583.html
• https://www.suse.com/security/cve/CVE-2020-2590.html
• https://www.suse.com/security/cve/CVE-2020-2593.html
• https://www.suse.com/security/cve/CVE-2020-2601.html
• https://www.suse.com/security/cve/CVE-2020-2604.html
• https://www.suse.com/security/cve/CVE-2020-2654.html
• https://www.suse.com/security/cve/CVE-2020-2659.html
• https://bugzilla.suse.com/show_bug.cgi?id=1160968