Security update for java-11-openjdk

Announcement ID:	SUSE-SU-2019:2002-1
Rating:	important
References:	bsc#1115375 bsc#1140461 bsc#1141780 bsc#1141781 bsc#1141782 bsc#1141783 bsc#1141784 bsc#1141785 bsc#1141787 bsc#1141788 bsc#1141789
Cross-References:	CVE-2019-2745 CVE-2019-2762 CVE-2019-2766 CVE-2019-2769 CVE-2019-2786 CVE-2019-2816 CVE-2019-2818 CVE-2019-2821 CVE-2019-7317
CVSS scores:	CVE-2019-2745 ( SUSE ): 5.1 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2019-2745 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2019-2745 ( NVD ): 5.1 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2019-2762 ( SUSE ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-2762 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-2762 ( NVD ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-2766 ( SUSE ): 3.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2019-2766 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2019-2766 ( NVD ): 3.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2019-2769 ( SUSE ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-2769 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-2769 ( NVD ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-2786 ( SUSE ): 3.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2019-2786 ( NVD ): 3.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N CVE-2019-2786 ( NVD ): 3.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N CVE-2019-2816 ( SUSE ): 4.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2019-2816 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2019-2816 ( NVD ): 4.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2019-2818 ( SUSE ): 3.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2019-2818 ( NVD ): 3.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2019-2821 ( SUSE ): 5.3 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2019-2821 ( NVD ): 5.3 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2019-7317 ( SUSE ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-7317 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-7317 ( NVD ): 5.3 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products:	Basesystem Module 15-SP1 Basesystem Module 15 SUSE Linux Enterprise Desktop 15 SUSE Linux Enterprise Desktop 15 SP1 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15 SP1 SUSE Linux Enterprise Real Time 15 SP1 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15 SP1 SUSE Linux Enterprise Server 15 SP1 Business Critical Linux 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15 SP1 SUSE Manager Proxy 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Server 4.0

An update that solves nine vulnerabilities and has two security fixes can now be installed.

Description:

This update for java-11-openjdk to version jdk-11.0.4+11 fixes the following issues:

Security issues fixed:

• CVE-2019-2745: Improved ECC Implementation (bsc#1141784).
• CVE-2019-2762: Exceptional throw cases (bsc#1141782).
• CVE-2019-2766: Improve file protocol handling (bsc#1141789).
• CVE-2019-2769: Better copies of CopiesList (bsc#1141783).
• CVE-2019-2786: More limited privilege usage (bsc#1141787).
• CVE-2019-7317: Improve PNG support options (bsc#1141780).
• CVE-2019-2818: Better Poly1305 support (bsc#1141788).
• CVE-2019-2816: Normalize normalization (bsc#1141785).
• CVE-2019-2821: Improve TLS negotiation (bsc#1141781).
• Certificate validation improvements

Non-security issues fixed:

• Do not fail installation when the manpages are not present (bsc#1115375)
• Backport upstream fix for JDK-8208602: Cannot read PEM X.509 cert if there is whitespace after the header or footer (bsc#1140461)

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• Basesystem Module 15
  zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2002=1
• Basesystem Module 15-SP1
  zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2002=1

Package List:

• Basesystem Module 15 (aarch64 ppc64le s390x x86_64)
  • java-11-openjdk-demo-11.0.4.0-3.33.1
  • java-11-openjdk-debuginfo-11.0.4.0-3.33.1
  • java-11-openjdk-debugsource-11.0.4.0-3.33.1
  • java-11-openjdk-headless-11.0.4.0-3.33.1
  • java-11-openjdk-11.0.4.0-3.33.1
  • java-11-openjdk-devel-11.0.4.0-3.33.1
• Basesystem Module 15-SP1 (aarch64 ppc64le s390x x86_64)
  • java-11-openjdk-demo-11.0.4.0-3.33.1
  • java-11-openjdk-debuginfo-11.0.4.0-3.33.1
  • java-11-openjdk-debugsource-11.0.4.0-3.33.1
  • java-11-openjdk-headless-11.0.4.0-3.33.1
  • java-11-openjdk-11.0.4.0-3.33.1
  • java-11-openjdk-devel-11.0.4.0-3.33.1

References:

• https://www.suse.com/security/cve/CVE-2019-2745.html
• https://www.suse.com/security/cve/CVE-2019-2762.html
• https://www.suse.com/security/cve/CVE-2019-2766.html
• https://www.suse.com/security/cve/CVE-2019-2769.html
• https://www.suse.com/security/cve/CVE-2019-2786.html
• https://www.suse.com/security/cve/CVE-2019-2816.html
• https://www.suse.com/security/cve/CVE-2019-2818.html
• https://www.suse.com/security/cve/CVE-2019-2821.html
• https://www.suse.com/security/cve/CVE-2019-7317.html
• https://bugzilla.suse.com/show_bug.cgi?id=1115375
• https://bugzilla.suse.com/show_bug.cgi?id=1140461
• https://bugzilla.suse.com/show_bug.cgi?id=1141780
• https://bugzilla.suse.com/show_bug.cgi?id=1141781
• https://bugzilla.suse.com/show_bug.cgi?id=1141782
• https://bugzilla.suse.com/show_bug.cgi?id=1141783
• https://bugzilla.suse.com/show_bug.cgi?id=1141784
• https://bugzilla.suse.com/show_bug.cgi?id=1141785
• https://bugzilla.suse.com/show_bug.cgi?id=1141787
• https://bugzilla.suse.com/show_bug.cgi?id=1141788
• https://bugzilla.suse.com/show_bug.cgi?id=1141789