Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2021:14634-1

Опубликовано: 19 фев. 2021
Источник: suse-cvrf

Описание

Security update for java-1_7_1-ibm

This update for java-1_7_1-ibm fixes the following issues:

  • Update to Java 7.1 Service Refresh 4 Fix Pack 80 [bsc#1182186, bsc#1181239, CVE-2020-27221, CVE-2020-14803]
    • CVE-2020-27221: Potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding.
    • CVE-2020-14803: Unauthenticated attacker with network access via multiple protocols allows to compromise Java SE.

Список пакетов

SUSE Linux Enterprise Server 11 SP4-LTSS
java-1_7_1-ibm-1.7.1_sr4.80-26.65.1
java-1_7_1-ibm-alsa-1.7.1_sr4.80-26.65.1
java-1_7_1-ibm-devel-1.7.1_sr4.80-26.65.1
java-1_7_1-ibm-jdbc-1.7.1_sr4.80-26.65.1
java-1_7_1-ibm-plugin-1.7.1_sr4.80-26.65.1

Ссылки

Описание

Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4-LTSS:java-1_7_1-ibm-1.7.1_sr4.80-26.65.1
SUSE Linux Enterprise Server 11 SP4-LTSS:java-1_7_1-ibm-alsa-1.7.1_sr4.80-26.65.1
SUSE Linux Enterprise Server 11 SP4-LTSS:java-1_7_1-ibm-devel-1.7.1_sr4.80-26.65.1
SUSE Linux Enterprise Server 11 SP4-LTSS:java-1_7_1-ibm-jdbc-1.7.1_sr4.80-26.65.1
Ссылки

Описание

In Eclipse OpenJ9 up to and including version 0.23, there is potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4-LTSS:java-1_7_1-ibm-1.7.1_sr4.80-26.65.1
SUSE Linux Enterprise Server 11 SP4-LTSS:java-1_7_1-ibm-alsa-1.7.1_sr4.80-26.65.1
SUSE Linux Enterprise Server 11 SP4-LTSS:java-1_7_1-ibm-devel-1.7.1_sr4.80-26.65.1
SUSE Linux Enterprise Server 11 SP4-LTSS:java-1_7_1-ibm-jdbc-1.7.1_sr4.80-26.65.1
Ссылки