Security update for java-1_8_0-ibm

Announcement ID:	SUSE-SU-2019:2291-1
Rating:	important
References:	bsc#1122292 bsc#1122299 bsc#1141780 bsc#1141782 bsc#1141783 bsc#1141785 bsc#1141787 bsc#1141789 bsc#1147021
Cross-References:	CVE-2018-11212 CVE-2019-11771 CVE-2019-11772 CVE-2019-11775 CVE-2019-2449 CVE-2019-2762 CVE-2019-2766 CVE-2019-2769 CVE-2019-2786 CVE-2019-2816 CVE-2019-4473 CVE-2019-7317
CVSS scores:	CVE-2018-11212 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2018-11212 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-11771 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2019-11771 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2019-11772 ( SUSE ): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2019-11772 ( NVD ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-11775 ( SUSE ): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2019-11775 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2019-11775 ( NVD ): 7.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2019-2449 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2019-2449 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2019-2449 ( NVD ): 3.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2019-2762 ( SUSE ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-2762 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-2762 ( NVD ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-2766 ( SUSE ): 3.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2019-2766 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2019-2766 ( NVD ): 3.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2019-2769 ( SUSE ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-2769 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-2769 ( NVD ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-2786 ( SUSE ): 3.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2019-2786 ( NVD ): 3.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N CVE-2019-2786 ( NVD ): 3.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N CVE-2019-2816 ( SUSE ): 4.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2019-2816 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2019-2816 ( NVD ): 4.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2019-4473 ( SUSE ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2019-4473 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2019-4473 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2019-7317 ( SUSE ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-7317 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-7317 ( NVD ): 5.3 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products:	Legacy Module 15-SP1 Legacy Module 15 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15 SP1 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15 SP1 SUSE Manager Proxy 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Server 4.0

An update that solves 12 vulnerabilities can now be installed.

Description:

This update for java-1_8_0-ibm fixes the following issues:

Update to Java 8.0 Service Refresh 5 Fix Pack 40.

Security issues fixed:

CVE-2019-11771: IBM Security Update July 2019 (bsc#1147021)
CVE-2019-11772: IBM Security Update July 2019 (bsc#1147021)
CVE-2019-11775: IBM Security Update July 2019 (bsc#1147021)
CVE-2019-4473: IBM Security Update July 2019 (bsc#1147021)
CVE-2019-7317: Fixed issue inside Component AWT (libpng)(bsc#1141780).
CVE-2019-2769: Fixed issue inside Component Utilities (bsc#1141783).
CVE-2019-2762: Fixed issue inside Component Utilities (bsc#1141782).
CVE-2019-2816: Fixed issue inside Component Networking (bsc#1141785).
CVE-2019-2766: Fixed issue inside Component Networking (bsc#1141789).
CVE-2019-2786: Fixed issue inside Component Security (bsc#1141787).

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

Legacy Module 15
zypper in -t patch SUSE-SLE-Module-Legacy-15-2019-2291=1
Legacy Module 15-SP1
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2019-2291=1

Package List:

Legacy Module 15 (nosrc ppc64le s390x x86_64)
- java-1_8_0-ibm-1.8.0_sr5.40-3.24.1
Legacy Module 15 (ppc64le s390x x86_64)
- java-1_8_0-ibm-devel-1.8.0_sr5.40-3.24.1
Legacy Module 15 (x86_64)
- java-1_8_0-ibm-alsa-1.8.0_sr5.40-3.24.1
- java-1_8_0-ibm-plugin-1.8.0_sr5.40-3.24.1
Legacy Module 15-SP1 (nosrc ppc64le s390x x86_64)
- java-1_8_0-ibm-1.8.0_sr5.40-3.24.1
Legacy Module 15-SP1 (ppc64le s390x x86_64)
- java-1_8_0-ibm-devel-1.8.0_sr5.40-3.24.1
Legacy Module 15-SP1 (x86_64)
- java-1_8_0-ibm-alsa-1.8.0_sr5.40-3.24.1
- java-1_8_0-ibm-plugin-1.8.0_sr5.40-3.24.1

Security update for java-1_8_0-ibm

Description:

Patch Instructions:

Package List:

References: