SUSE-SU-2021:0670-1

Опубликовано: 01 мар. 2021

Источник: suse-cvrf

Описание

Security update for java-1_8_0-ibm

This update for java-1_8_0-ibm fixes the following issues:

Update to Java 8.0 Service Refresh 6 Fix Pack 25 [bsc#1182186, bsc#1181239, CVE-2020-27221, CVE-2020-14803]
- CVE-2020-27221: Potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding.
- CVE-2020-14803: Unauthenticated attacker with network access via multiple protocols allows to compromise Java SE.

Список пакетов

Image SLES15-SAP-Azure

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

Image SLES15-SAP-Azure-BYOS

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

Image SLES15-SAP-Azure-LI-BYOS-Production

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

Image SLES15-SAP-Azure-VLI-BYOS-Production

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

Image SLES15-SAP-EC2-HVM

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

Image SLES15-SAP-EC2-HVM-BYOS

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

Image SLES15-SAP-GCE

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

Image SLES15-SAP-GCE-BYOS

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

Image SLES15-SAP-OCI-BYOS

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

Image SLES15-SP1-SAP-Azure

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

Image SLES15-SP1-SAP-Azure-BYOS

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

Image SLES15-SP1-SAP-Azure-LI-BYOS-Production

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

Image SLES15-SP1-SAP-EC2-HVM

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

Image SLES15-SP1-SAP-EC2-HVM-BYOS

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

Image SLES15-SP1-SAP-GCE

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

Image SLES15-SP1-SAP-GCE-BYOS

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

Image SLES15-SP1-SAP-OCI-BYOS

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

Image SLES15-SP1-SAPCAL-Azure

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-devel-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-plugin-1.8.0_sr6.25-3.50.1

Image SLES15-SP1-SAPCAL-EC2-HVM

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-devel-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-plugin-1.8.0_sr6.25-3.50.1

Image SLES15-SP1-SAPCAL-GCE

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-devel-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-plugin-1.8.0_sr6.25-3.50.1

Image SLES15-SP2-SAP-Azure

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

Image SLES15-SP2-SAP-Azure-LI-BYOS-Production

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

Image SLES15-SP2-SAP-BYOS-Azure

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

Image SLES15-SP2-SAP-BYOS-EC2-HVM

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

Image SLES15-SP2-SAP-BYOS-GCE

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

Image SLES15-SP2-SAP-EC2-HVM

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

Image SLES15-SP2-SAP-GCE

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

Image SLES15-SP3-EC2-HVM

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-devel-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-plugin-1.8.0_sr6.25-3.50.1

Image SLES15-SP3-SAP-Azure

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-devel-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-plugin-1.8.0_sr6.25-3.50.1

Image SLES15-SP3-SAP-Azure-LI-BYOS-Production

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

Image SLES15-SP3-SAP-EC2-HVM

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-devel-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-plugin-1.8.0_sr6.25-3.50.1

Image SLES15-SP3-SAP-GCE

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-devel-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-plugin-1.8.0_sr6.25-3.50.1

Image SLES15-SP3-SAPCAL-Azure

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-devel-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-plugin-1.8.0_sr6.25-3.50.1

Image SLES15-SP3-SAPCAL-EC2-HVM

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-devel-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-plugin-1.8.0_sr6.25-3.50.1

Image SLES15-SP3-SAPCAL-GCE

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-devel-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-plugin-1.8.0_sr6.25-3.50.1

Image SLES15-SP4-SAP

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-devel-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-plugin-1.8.0_sr6.25-3.50.1

Image SLES15-SP4-SAP-Azure

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-devel-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-plugin-1.8.0_sr6.25-3.50.1

Image SLES15-SP4-SAP-Azure-LI-BYOS

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

Image SLES15-SP4-SAP-Azure-LI-BYOS-Production

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

Image SLES15-SP4-SAP-Azure-VLI-BYOS

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

Image SLES15-SP4-SAP-EC2

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-devel-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-plugin-1.8.0_sr6.25-3.50.1

Image SLES15-SP4-SAP-GCE

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-devel-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-plugin-1.8.0_sr6.25-3.50.1

Image SLES15-SP4-SAPCAL

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-devel-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-plugin-1.8.0_sr6.25-3.50.1

Image SLES15-SP4-SAPCAL-Azure

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-devel-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-plugin-1.8.0_sr6.25-3.50.1

Image SLES15-SP4-SAPCAL-EC2

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-devel-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-plugin-1.8.0_sr6.25-3.50.1

Image SLES15-SP4-SAPCAL-GCE

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-devel-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-plugin-1.8.0_sr6.25-3.50.1

Image SLES15-SP5-SAP-Azure

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-devel-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-plugin-1.8.0_sr6.25-3.50.1

Image SLES15-SP5-SAP-Azure-LI-BYOS

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

Image SLES15-SP5-SAP-Azure-LI-BYOS-Production

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

Image SLES15-SP5-SAP-Azure-VLI-BYOS

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

Image SLES15-SP5-SAP-EC2

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-devel-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-plugin-1.8.0_sr6.25-3.50.1

Image SLES15-SP5-SAP-GCE

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-devel-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-plugin-1.8.0_sr6.25-3.50.1

Image SLES15-SP5-SAPCAL-Azure

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-devel-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-plugin-1.8.0_sr6.25-3.50.1

Image SLES15-SP5-SAPCAL-EC2

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-devel-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-plugin-1.8.0_sr6.25-3.50.1

Image SLES15-SP5-SAPCAL-GCE

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-devel-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-plugin-1.8.0_sr6.25-3.50.1

Image SLES15-SP6-SAP

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-devel-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-plugin-1.8.0_sr6.25-3.50.1

Image SLES15-SP6-SAP-Azure

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-devel-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-plugin-1.8.0_sr6.25-3.50.1

Image SLES15-SP6-SAP-Azure-LI-BYOS

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

Image SLES15-SP6-SAP-Azure-LI-BYOS-Production

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

Image SLES15-SP6-SAP-Azure-VLI-BYOS

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

Image SLES15-SP6-SAP-EC2

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-devel-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-plugin-1.8.0_sr6.25-3.50.1

Image SLES15-SP6-SAP-GCE

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-devel-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-plugin-1.8.0_sr6.25-3.50.1

Image SLES15-SP6-SAPCAL

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-devel-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-plugin-1.8.0_sr6.25-3.50.1

Image SLES15-SP6-SAPCAL-Azure

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-devel-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-plugin-1.8.0_sr6.25-3.50.1

Image SLES15-SP6-SAPCAL-EC2

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-devel-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-plugin-1.8.0_sr6.25-3.50.1

Image SLES15-SP6-SAPCAL-GCE

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-devel-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-plugin-1.8.0_sr6.25-3.50.1

Image SLES15-SP7-SAP-Azure-LI-BYOS-Production

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

Image SLES15-SP7-SAP-Azure-VLI-BYOS-Production

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

Image SLES15-SP7-SAPCAL-Azure

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-devel-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-plugin-1.8.0_sr6.25-3.50.1

Image SLES15-SP7-SAPCAL-EC2

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-devel-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-plugin-1.8.0_sr6.25-3.50.1

Image SLES15-SP7-SAPCAL-GCE

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-devel-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-plugin-1.8.0_sr6.25-3.50.1

SUSE Enterprise Storage 6

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-alsa-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-devel-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-plugin-1.8.0_sr6.25-3.50.1

SUSE Linux Enterprise Module for Legacy 15 SP2

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-alsa-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-devel-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-plugin-1.8.0_sr6.25-3.50.1

SUSE Linux Enterprise Server 15 SP1-BCL

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-alsa-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-devel-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-plugin-1.8.0_sr6.25-3.50.1

SUSE Linux Enterprise Server 15 SP1-LTSS

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-alsa-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-devel-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-plugin-1.8.0_sr6.25-3.50.1

SUSE Linux Enterprise Server 15-LTSS

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-alsa-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-devel-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-plugin-1.8.0_sr6.25-3.50.1

SUSE Linux Enterprise Server for SAP Applications 15

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-alsa-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-devel-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-plugin-1.8.0_sr6.25-3.50.1

SUSE Linux Enterprise Server for SAP Applications 15 SP1

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-alsa-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-devel-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-plugin-1.8.0_sr6.25-3.50.1

SUSE Manager Proxy 4.0

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-alsa-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-devel-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-plugin-1.8.0_sr6.25-3.50.1

SUSE Manager Retail Branch Server 4.0

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-alsa-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-devel-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-plugin-1.8.0_sr6.25-3.50.1

SUSE Manager Server 4.0

java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-alsa-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-devel-1.8.0_sr6.25-3.50.1

java-1_8_0-ibm-plugin-1.8.0_sr6.25-3.50.1

Ссылки

https://www.suse.com/support/update/announcement/2021/suse-su-20210670-1/
Link for SUSE-SU-2021:0670-1
https://lists.suse.com/pipermail/sle-security-updates/2021-March/008406.html
E-Mail link for SUSE-SU-2021:0670-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1181239
SUSE Bug 1181239
https://bugzilla.suse.com/1182186
SUSE Bug 1182186
https://www.suse.com/security/cve/CVE-2020-14803/
SUSE CVE CVE-2020-14803 page
https://www.suse.com/security/cve/CVE-2020-27221/
SUSE CVE CVE-2020-27221 page

Описание

Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

Затронутые продукты

Image SLES15-SAP-Azure-BYOS:java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

Image SLES15-SAP-Azure-LI-BYOS-Production:java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

Image SLES15-SAP-Azure-VLI-BYOS-Production:java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

Image SLES15-SAP-Azure:java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-14803.html
CVE-2020-14803
https://bugzilla.suse.com/1177943
SUSE Bug 1177943
https://bugzilla.suse.com/1181239
SUSE Bug 1181239
https://bugzilla.suse.com/1182186
SUSE Bug 1182186

Описание

In Eclipse OpenJ9 up to and including version 0.23, there is potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding.

Затронутые продукты

Image SLES15-SAP-Azure-BYOS:java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

Image SLES15-SAP-Azure-LI-BYOS-Production:java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

Image SLES15-SAP-Azure-VLI-BYOS-Production:java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

Image SLES15-SAP-Azure:java-1_8_0-ibm-1.8.0_sr6.25-3.50.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-27221.html
CVE-2020-27221
https://bugzilla.suse.com/1182186
SUSE Bug 1182186