Описание
Security update for java-1_7_1-ibm
This update for java-1_7_1-ibm fixes the following issues:
- Update to Java 7.1 Service Refresh 4 Fix Pack 80
[bsc#1182186, bsc#1181239, CVE-2020-27221, CVE-2020-14803]
- CVE-2020-27221: Potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding.
- CVE-2020-14803: Unauthenticated attacker with network access via multiple protocols allows to compromise Java SE.
Список пакетов
HPE Helion OpenStack 8
java-1_7_1-ibm-1.7.1_sr4.80-38.62.1
java-1_7_1-ibm-alsa-1.7.1_sr4.80-38.62.1
java-1_7_1-ibm-devel-1.7.1_sr4.80-38.62.1
java-1_7_1-ibm-jdbc-1.7.1_sr4.80-38.62.1
java-1_7_1-ibm-plugin-1.7.1_sr4.80-38.62.1
Image SLES12-SP4-SAP-Azure
java-1_7_1-ibm-1.7.1_sr4.80-38.62.1
Image SLES12-SP4-SAP-Azure-BYOS
java-1_7_1-ibm-1.7.1_sr4.80-38.62.1
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production
java-1_7_1-ibm-1.7.1_sr4.80-38.62.1
java-1_7_1-ibm-jdbc-1.7.1_sr4.80-38.62.1
java-1_7_1-ibm-plugin-1.7.1_sr4.80-38.62.1
Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production
java-1_7_1-ibm-1.7.1_sr4.80-38.62.1
java-1_7_1-ibm-jdbc-1.7.1_sr4.80-38.62.1
java-1_7_1-ibm-plugin-1.7.1_sr4.80-38.62.1
Image SLES12-SP4-SAP-EC2-HVM
java-1_7_1-ibm-1.7.1_sr4.80-38.62.1
Image SLES12-SP4-SAP-EC2-HVM-BYOS
java-1_7_1-ibm-1.7.1_sr4.80-38.62.1
Image SLES12-SP4-SAP-GCE
java-1_7_1-ibm-1.7.1_sr4.80-38.62.1
Image SLES12-SP4-SAP-GCE-BYOS
java-1_7_1-ibm-1.7.1_sr4.80-38.62.1
Image SLES12-SP4-SAP-OCI-BYOS
java-1_7_1-ibm-1.7.1_sr4.80-38.62.1
Image SLES12-SP5-Azure-SAP-BYOS
java-1_7_1-ibm-1.7.1_sr4.80-38.62.1
Image SLES12-SP5-Azure-SAP-On-Demand
java-1_7_1-ibm-1.7.1_sr4.80-38.62.1
Image SLES12-SP5-EC2-SAP-BYOS
java-1_7_1-ibm-1.7.1_sr4.80-38.62.1
Image SLES12-SP5-EC2-SAP-On-Demand
java-1_7_1-ibm-1.7.1_sr4.80-38.62.1
Image SLES12-SP5-GCE-SAP-BYOS
java-1_7_1-ibm-1.7.1_sr4.80-38.62.1
Image SLES12-SP5-GCE-SAP-On-Demand
java-1_7_1-ibm-1.7.1_sr4.80-38.62.1
Image SLES12-SP5-OCI-BYOS-SAP-BYOS
java-1_7_1-ibm-1.7.1_sr4.80-38.62.1
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
java-1_7_1-ibm-1.7.1_sr4.80-38.62.1
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
java-1_7_1-ibm-1.7.1_sr4.80-38.62.1
SUSE Linux Enterprise Server 12 SP2-BCL
java-1_7_1-ibm-1.7.1_sr4.80-38.62.1
java-1_7_1-ibm-alsa-1.7.1_sr4.80-38.62.1
java-1_7_1-ibm-devel-1.7.1_sr4.80-38.62.1
java-1_7_1-ibm-jdbc-1.7.1_sr4.80-38.62.1
java-1_7_1-ibm-plugin-1.7.1_sr4.80-38.62.1
SUSE Linux Enterprise Server 12 SP2-LTSS
java-1_7_1-ibm-1.7.1_sr4.80-38.62.1
java-1_7_1-ibm-alsa-1.7.1_sr4.80-38.62.1
java-1_7_1-ibm-devel-1.7.1_sr4.80-38.62.1
java-1_7_1-ibm-jdbc-1.7.1_sr4.80-38.62.1
java-1_7_1-ibm-plugin-1.7.1_sr4.80-38.62.1
SUSE Linux Enterprise Server 12 SP3-BCL
java-1_7_1-ibm-1.7.1_sr4.80-38.62.1
java-1_7_1-ibm-alsa-1.7.1_sr4.80-38.62.1
java-1_7_1-ibm-devel-1.7.1_sr4.80-38.62.1
java-1_7_1-ibm-jdbc-1.7.1_sr4.80-38.62.1
java-1_7_1-ibm-plugin-1.7.1_sr4.80-38.62.1
SUSE Linux Enterprise Server 12 SP3-LTSS
java-1_7_1-ibm-1.7.1_sr4.80-38.62.1
java-1_7_1-ibm-alsa-1.7.1_sr4.80-38.62.1
java-1_7_1-ibm-devel-1.7.1_sr4.80-38.62.1
java-1_7_1-ibm-jdbc-1.7.1_sr4.80-38.62.1
java-1_7_1-ibm-plugin-1.7.1_sr4.80-38.62.1
SUSE Linux Enterprise Server 12 SP4-LTSS
java-1_7_1-ibm-1.7.1_sr4.80-38.62.1
java-1_7_1-ibm-alsa-1.7.1_sr4.80-38.62.1
java-1_7_1-ibm-devel-1.7.1_sr4.80-38.62.1
java-1_7_1-ibm-jdbc-1.7.1_sr4.80-38.62.1
java-1_7_1-ibm-plugin-1.7.1_sr4.80-38.62.1
SUSE Linux Enterprise Server 12 SP5
java-1_7_1-ibm-1.7.1_sr4.80-38.62.1
java-1_7_1-ibm-alsa-1.7.1_sr4.80-38.62.1
java-1_7_1-ibm-devel-1.7.1_sr4.80-38.62.1
java-1_7_1-ibm-jdbc-1.7.1_sr4.80-38.62.1
java-1_7_1-ibm-plugin-1.7.1_sr4.80-38.62.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
java-1_7_1-ibm-1.7.1_sr4.80-38.62.1
java-1_7_1-ibm-alsa-1.7.1_sr4.80-38.62.1
java-1_7_1-ibm-devel-1.7.1_sr4.80-38.62.1
java-1_7_1-ibm-jdbc-1.7.1_sr4.80-38.62.1
java-1_7_1-ibm-plugin-1.7.1_sr4.80-38.62.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
java-1_7_1-ibm-1.7.1_sr4.80-38.62.1
java-1_7_1-ibm-alsa-1.7.1_sr4.80-38.62.1
java-1_7_1-ibm-devel-1.7.1_sr4.80-38.62.1
java-1_7_1-ibm-jdbc-1.7.1_sr4.80-38.62.1
java-1_7_1-ibm-plugin-1.7.1_sr4.80-38.62.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
java-1_7_1-ibm-1.7.1_sr4.80-38.62.1
java-1_7_1-ibm-alsa-1.7.1_sr4.80-38.62.1
java-1_7_1-ibm-devel-1.7.1_sr4.80-38.62.1
java-1_7_1-ibm-jdbc-1.7.1_sr4.80-38.62.1
java-1_7_1-ibm-plugin-1.7.1_sr4.80-38.62.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
java-1_7_1-ibm-1.7.1_sr4.80-38.62.1
java-1_7_1-ibm-alsa-1.7.1_sr4.80-38.62.1
java-1_7_1-ibm-devel-1.7.1_sr4.80-38.62.1
java-1_7_1-ibm-jdbc-1.7.1_sr4.80-38.62.1
java-1_7_1-ibm-plugin-1.7.1_sr4.80-38.62.1
SUSE Linux Enterprise Software Development Kit 12 SP5
java-1_7_1-ibm-devel-1.7.1_sr4.80-38.62.1
SUSE OpenStack Cloud 7
java-1_7_1-ibm-1.7.1_sr4.80-38.62.1
java-1_7_1-ibm-alsa-1.7.1_sr4.80-38.62.1
java-1_7_1-ibm-devel-1.7.1_sr4.80-38.62.1
java-1_7_1-ibm-jdbc-1.7.1_sr4.80-38.62.1
java-1_7_1-ibm-plugin-1.7.1_sr4.80-38.62.1
SUSE OpenStack Cloud 8
java-1_7_1-ibm-1.7.1_sr4.80-38.62.1
java-1_7_1-ibm-alsa-1.7.1_sr4.80-38.62.1
java-1_7_1-ibm-devel-1.7.1_sr4.80-38.62.1
java-1_7_1-ibm-jdbc-1.7.1_sr4.80-38.62.1
java-1_7_1-ibm-plugin-1.7.1_sr4.80-38.62.1
SUSE OpenStack Cloud 9
java-1_7_1-ibm-1.7.1_sr4.80-38.62.1
java-1_7_1-ibm-alsa-1.7.1_sr4.80-38.62.1
java-1_7_1-ibm-devel-1.7.1_sr4.80-38.62.1
java-1_7_1-ibm-jdbc-1.7.1_sr4.80-38.62.1
java-1_7_1-ibm-plugin-1.7.1_sr4.80-38.62.1
SUSE OpenStack Cloud Crowbar 8
java-1_7_1-ibm-1.7.1_sr4.80-38.62.1
java-1_7_1-ibm-alsa-1.7.1_sr4.80-38.62.1
java-1_7_1-ibm-devel-1.7.1_sr4.80-38.62.1
java-1_7_1-ibm-jdbc-1.7.1_sr4.80-38.62.1
java-1_7_1-ibm-plugin-1.7.1_sr4.80-38.62.1
SUSE OpenStack Cloud Crowbar 9
java-1_7_1-ibm-1.7.1_sr4.80-38.62.1
java-1_7_1-ibm-alsa-1.7.1_sr4.80-38.62.1
java-1_7_1-ibm-devel-1.7.1_sr4.80-38.62.1
java-1_7_1-ibm-jdbc-1.7.1_sr4.80-38.62.1
java-1_7_1-ibm-plugin-1.7.1_sr4.80-38.62.1
Ссылки
- Link for SUSE-SU-2021:0512-1
- E-Mail link for SUSE-SU-2021:0512-1
- SUSE Security Ratings
- SUSE Bug 1181239
- SUSE Bug 1182186
- SUSE CVE CVE-2020-14803 page
- SUSE CVE CVE-2020-27221 page
Описание
Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
Затронутые продукты
HPE Helion OpenStack 8:java-1_7_1-ibm-1.7.1_sr4.80-38.62.1
HPE Helion OpenStack 8:java-1_7_1-ibm-alsa-1.7.1_sr4.80-38.62.1
HPE Helion OpenStack 8:java-1_7_1-ibm-devel-1.7.1_sr4.80-38.62.1
HPE Helion OpenStack 8:java-1_7_1-ibm-jdbc-1.7.1_sr4.80-38.62.1
Ссылки
- CVE-2020-14803
- SUSE Bug 1177943
- SUSE Bug 1181239
- SUSE Bug 1182186
Описание
In Eclipse OpenJ9 up to and including version 0.23, there is potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding.
Затронутые продукты
HPE Helion OpenStack 8:java-1_7_1-ibm-1.7.1_sr4.80-38.62.1
HPE Helion OpenStack 8:java-1_7_1-ibm-alsa-1.7.1_sr4.80-38.62.1
HPE Helion OpenStack 8:java-1_7_1-ibm-devel-1.7.1_sr4.80-38.62.1
HPE Helion OpenStack 8:java-1_7_1-ibm-jdbc-1.7.1_sr4.80-38.62.1
Ссылки
- CVE-2020-27221
- SUSE Bug 1182186