Security update for java-11-openjdk

Announcement ID:	SUSE-SU-2019:2998-1
Rating:	important
References:	bsc#1152856 bsc#1154212
Cross-References:	CVE-2019-2894 CVE-2019-2933 CVE-2019-2945 CVE-2019-2949 CVE-2019-2958 CVE-2019-2962 CVE-2019-2964 CVE-2019-2973 CVE-2019-2975 CVE-2019-2977 CVE-2019-2978 CVE-2019-2981 CVE-2019-2983 CVE-2019-2987 CVE-2019-2988 CVE-2019-2989 CVE-2019-2992 CVE-2019-2999
CVSS scores:	CVE-2019-2894 ( SUSE ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2019-2894 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2019-2933 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2019-2933 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2019-2945 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2019-2945 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2019-2949 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N CVE-2019-2949 ( NVD ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N CVE-2019-2958 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2019-2958 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2019-2962 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-2962 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-2964 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-2964 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-2973 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-2973 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-2975 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L CVE-2019-2975 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L CVE-2019-2977 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-2977 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2019-2978 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-2978 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-2981 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-2981 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-2983 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-2983 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-2987 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-2987 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-2988 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-2988 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-2989 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N CVE-2019-2989 ( NVD ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N CVE-2019-2992 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-2992 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-2999 ( SUSE ): 4.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2019-2999 ( NVD ): 4.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products:	Basesystem Module 15-SP1 Basesystem Module 15 SUSE Linux Enterprise Desktop 15 SUSE Linux Enterprise Desktop 15 SP1 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15 SP1 SUSE Linux Enterprise Real Time 15 SP1 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15 SP1 SUSE Linux Enterprise Server 15 SP1 Business Critical Linux 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15 SP1 SUSE Manager Proxy 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Server 4.0

An update that solves 18 vulnerabilities can now be installed.

Description:

This update for java-11-openjdk to version jdk-11.0.5-10 fixes the following issues:

Security issues fixed (October 2019 CPU bsc#1154212):

CVE-2019-2933: Windows file handling redux
CVE-2019-2945: Better socket support
CVE-2019-2949: Better Kerberos ccache handling
CVE-2019-2958: Build Better Processes
CVE-2019-2964: Better support for patterns
CVE-2019-2962: Better Glyph Images
CVE-2019-2973: Better pattern compilation
CVE-2019-2975: Unexpected exception in jjs
CVE-2019-2978: Improved handling of jar files
CVE-2019-2977: Improve String index handling
CVE-2019-2981: Better Path supports
CVE-2019-2983: Better serial attributes
CVE-2019-2987: Better rendering of native glyphs
CVE-2019-2988: Better Graphics2D drawing
CVE-2019-2989: Improve TLS connection support
CVE-2019-2992: Enhance font glyph mapping
CVE-2019-2999: Commentary on Javadoc comments
CVE-2019-2894: Enhance ECDSA operations (bsc#1152856).

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

Basesystem Module 15
zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2998=1
Basesystem Module 15-SP1
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2998=1

Package List:

Basesystem Module 15 (aarch64 ppc64le s390x x86_64)
- java-11-openjdk-11.0.5.0-3.36.1
- java-11-openjdk-debuginfo-11.0.5.0-3.36.1
- java-11-openjdk-debugsource-11.0.5.0-3.36.1
- java-11-openjdk-demo-11.0.5.0-3.36.1
- java-11-openjdk-headless-11.0.5.0-3.36.1
- java-11-openjdk-devel-11.0.5.0-3.36.1
Basesystem Module 15-SP1 (aarch64 ppc64le s390x x86_64)
- java-11-openjdk-11.0.5.0-3.36.1
- java-11-openjdk-debuginfo-11.0.5.0-3.36.1
- java-11-openjdk-debugsource-11.0.5.0-3.36.1
- java-11-openjdk-demo-11.0.5.0-3.36.1
- java-11-openjdk-headless-11.0.5.0-3.36.1
- java-11-openjdk-devel-11.0.5.0-3.36.1

Security update for java-11-openjdk

Description:

Patch Instructions:

Package List:

References: