Security update for java-1_8_0-openjdk

Announcement ID:	SUSE-SU-2019:3238-1
Rating:	important
References:	bsc#1138529 bsc#1152856 bsc#1154212
Cross-References:	CVE-2019-2894 CVE-2019-2933 CVE-2019-2945 CVE-2019-2949 CVE-2019-2958 CVE-2019-2962 CVE-2019-2964 CVE-2019-2973 CVE-2019-2975 CVE-2019-2978 CVE-2019-2981 CVE-2019-2983 CVE-2019-2987 CVE-2019-2988 CVE-2019-2989 CVE-2019-2992 CVE-2019-2999
CVSS scores:	CVE-2019-2894 ( SUSE ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2019-2894 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2019-2933 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2019-2933 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2019-2945 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2019-2945 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2019-2949 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N CVE-2019-2949 ( NVD ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N CVE-2019-2958 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2019-2958 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2019-2962 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-2962 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-2964 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-2964 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-2973 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-2973 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-2975 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L CVE-2019-2975 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L CVE-2019-2978 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-2978 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-2981 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-2981 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-2983 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-2983 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-2987 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-2987 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-2988 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-2988 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-2989 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N CVE-2019-2989 ( NVD ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N CVE-2019-2992 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-2992 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-2999 ( SUSE ): 4.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2019-2999 ( NVD ): 4.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products:	Legacy Module 15-SP1 Legacy Module 15 SUSE Linux Enterprise Desktop 15 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15 SP1 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15 SP1 SUSE Manager Proxy 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Server 4.0 SUSE Package Hub 15

An update that solves 17 vulnerabilities can now be installed.

Description:

This update for java-1_8_0-openjdk (jdk8u232/icedtea 3.14.0) fixes the following issues:

Security issues fixed (bsc#1154212):

CVE-2019-2933: Windows file handling redux
CVE-2019-2945: Better socket support
CVE-2019-2949: Better Kerberos ccache handling
CVE-2019-2958: Build Better Processes
CVE-2019-2964: Better support for patterns
CVE-2019-2962: Better Glyph Images
CVE-2019-2973: Better pattern compilation
CVE-2019-2975: Unexpected exception in jjs
CVE-2019-2978: Improved handling of jar files
CVE-2019-2981: Better Path supports
CVE-2019-2983: Better serial attributes
CVE-2019-2987: Better rendering of native glyphs
CVE-2019-2988: Better Graphics2D drawing
CVE-2019-2989: Improve TLS connection support
CVE-2019-2992: Enhance font glyph mapping
CVE-2019-2999: Commentary on Javadoc comments
CVE-2019-2894: Enhance ECDSA operations (bsc#1152856)

Bug fixes:

Fixed build failuers on ARM (bsc#1138529).

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

Legacy Module 15
zypper in -t patch SUSE-SLE-Module-Legacy-15-2019-3238=1
Legacy Module 15-SP1
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2019-3238=1
SUSE Package Hub 15
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-2019-3238=1

Package List:

Legacy Module 15 (aarch64 ppc64le s390x x86_64)
- java-1_8_0-openjdk-debugsource-1.8.0.232-3.27.1
- java-1_8_0-openjdk-demo-1.8.0.232-3.27.1
- java-1_8_0-openjdk-debuginfo-1.8.0.232-3.27.1
- java-1_8_0-openjdk-demo-debuginfo-1.8.0.232-3.27.1
- java-1_8_0-openjdk-headless-1.8.0.232-3.27.1
- java-1_8_0-openjdk-headless-debuginfo-1.8.0.232-3.27.1
- java-1_8_0-openjdk-devel-debuginfo-1.8.0.232-3.27.1
- java-1_8_0-openjdk-1.8.0.232-3.27.1
- java-1_8_0-openjdk-devel-1.8.0.232-3.27.1
Legacy Module 15-SP1 (aarch64 ppc64le s390x x86_64)
- java-1_8_0-openjdk-debugsource-1.8.0.232-3.27.1
- java-1_8_0-openjdk-demo-1.8.0.232-3.27.1
- java-1_8_0-openjdk-debuginfo-1.8.0.232-3.27.1
- java-1_8_0-openjdk-demo-debuginfo-1.8.0.232-3.27.1
- java-1_8_0-openjdk-headless-1.8.0.232-3.27.1
- java-1_8_0-openjdk-headless-debuginfo-1.8.0.232-3.27.1
- java-1_8_0-openjdk-devel-debuginfo-1.8.0.232-3.27.1
- java-1_8_0-openjdk-1.8.0.232-3.27.1
- java-1_8_0-openjdk-devel-1.8.0.232-3.27.1
SUSE Package Hub 15 (noarch)
- java-1_8_0-openjdk-javadoc-1.8.0.232-3.27.1

Security update for java-1_8_0-openjdk

Description:

Patch Instructions:

Package List:

References: