Security update for java-1_8_0-ibm

Announcement ID:	SUSE-SU-2020:0001-1
Rating:	moderate
References:	bsc#1154212 bsc#1158442
Cross-References:	CVE-2019-17631 CVE-2019-2933 CVE-2019-2945 CVE-2019-2958 CVE-2019-2962 CVE-2019-2964 CVE-2019-2973 CVE-2019-2975 CVE-2019-2978 CVE-2019-2981 CVE-2019-2983 CVE-2019-2988 CVE-2019-2989 CVE-2019-2992 CVE-2019-2996 CVE-2019-2999
CVSS scores:	CVE-2019-17631 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVE-2019-2933 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2019-2933 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2019-2945 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2019-2945 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2019-2958 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2019-2958 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2019-2962 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-2962 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-2964 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-2964 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-2973 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-2973 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-2975 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L CVE-2019-2975 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L CVE-2019-2978 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-2978 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-2981 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-2981 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-2983 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-2983 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-2988 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-2988 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-2989 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N CVE-2019-2989 ( NVD ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N CVE-2019-2992 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-2992 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-2996 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N CVE-2019-2996 ( NVD ): 4.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N CVE-2019-2999 ( SUSE ): 4.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2019-2999 ( NVD ): 4.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products:	Legacy Module 15-SP1 Legacy Module 15 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15 SP1 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15 SP1 SUSE Manager Proxy 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Server 4.0

An update that solves 16 vulnerabilities can now be installed.

Description:

This update for java-1_8_0-ibm fixes the following issues:

• Update to Java 8.0 Service Refresh 6 [bsc#1158442, bsc#1154212]
• Security fixes: CVE-2019-2933 CVE-2019-2945 CVE-2019-2958 CVE-2019-2962 CVE-2019-2964 CVE-2019-2975 CVE-2019-2978 CVE-2019-2983 CVE-2019-2988 CVE-2019-2989 CVE-2019-2992 CVE-2019-2996 CVE-2019-2999 CVE-2019-2973 CVE-2019-2981 CVE-2019-17631

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• Legacy Module 15
  zypper in -t patch SUSE-SLE-Module-Legacy-15-2020-1=1
• Legacy Module 15-SP1
  zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2020-1=1

Package List:

• Legacy Module 15 (nosrc ppc64le s390x x86_64)
  • java-1_8_0-ibm-1.8.0_sr6.0-3.30.1
• Legacy Module 15 (ppc64le s390x x86_64)
  • java-1_8_0-ibm-devel-1.8.0_sr6.0-3.30.1
• Legacy Module 15 (x86_64)
  • java-1_8_0-ibm-plugin-1.8.0_sr6.0-3.30.1
  • java-1_8_0-ibm-alsa-1.8.0_sr6.0-3.30.1
• Legacy Module 15-SP1 (nosrc ppc64le s390x x86_64)
  • java-1_8_0-ibm-1.8.0_sr6.0-3.30.1
• Legacy Module 15-SP1 (ppc64le s390x x86_64)
  • java-1_8_0-ibm-devel-1.8.0_sr6.0-3.30.1
• Legacy Module 15-SP1 (x86_64)
  • java-1_8_0-ibm-plugin-1.8.0_sr6.0-3.30.1
  • java-1_8_0-ibm-alsa-1.8.0_sr6.0-3.30.1

References:

• https://www.suse.com/security/cve/CVE-2019-17631.html
• https://www.suse.com/security/cve/CVE-2019-2933.html
• https://www.suse.com/security/cve/CVE-2019-2945.html
• https://www.suse.com/security/cve/CVE-2019-2958.html
• https://www.suse.com/security/cve/CVE-2019-2962.html
• https://www.suse.com/security/cve/CVE-2019-2964.html
• https://www.suse.com/security/cve/CVE-2019-2973.html
• https://www.suse.com/security/cve/CVE-2019-2975.html
• https://www.suse.com/security/cve/CVE-2019-2978.html
• https://www.suse.com/security/cve/CVE-2019-2981.html
• https://www.suse.com/security/cve/CVE-2019-2983.html
• https://www.suse.com/security/cve/CVE-2019-2988.html
• https://www.suse.com/security/cve/CVE-2019-2989.html
• https://www.suse.com/security/cve/CVE-2019-2992.html
• https://www.suse.com/security/cve/CVE-2019-2996.html
• https://www.suse.com/security/cve/CVE-2019-2999.html
• https://bugzilla.suse.com/show_bug.cgi?id=1154212
• https://bugzilla.suse.com/show_bug.cgi?id=1158442