SUSE-SU-2021:1989-1

Опубликовано: 17 июн. 2021

Источник: suse-cvrf

Описание

Security update for java-1_8_0-openjdk

This update for java-1_8_0-openjdk fixes the following issues:

Update to version jdk8u292 (icedtea 3.19.0).
CVE-2021-2161: Fixed incomplete enforcement of JAR signing disabled algorithms (bsc#1185055).

Список пакетов

Container containers/apache-tomcat:9-openjdk8

java-1_8_0-openjdk-1.8.0.292-3.52.1

java-1_8_0-openjdk-headless-1.8.0.292-3.52.1

Image tomcat_15_6

java-1_8_0-openjdk-1.8.0.292-3.52.1

java-1_8_0-openjdk-headless-1.8.0.292-3.52.1

SUSE Enterprise Storage 6

java-1_8_0-openjdk-1.8.0.292-3.52.1

java-1_8_0-openjdk-demo-1.8.0.292-3.52.1

java-1_8_0-openjdk-devel-1.8.0.292-3.52.1

java-1_8_0-openjdk-headless-1.8.0.292-3.52.1

SUSE Linux Enterprise Module for Legacy 15 SP2

java-1_8_0-openjdk-1.8.0.292-3.52.1

java-1_8_0-openjdk-demo-1.8.0.292-3.52.1

java-1_8_0-openjdk-devel-1.8.0.292-3.52.1

java-1_8_0-openjdk-headless-1.8.0.292-3.52.1

SUSE Linux Enterprise Module for Legacy 15 SP3

java-1_8_0-openjdk-1.8.0.292-3.52.1

java-1_8_0-openjdk-demo-1.8.0.292-3.52.1

java-1_8_0-openjdk-devel-1.8.0.292-3.52.1

java-1_8_0-openjdk-headless-1.8.0.292-3.52.1

SUSE Linux Enterprise Server 15 SP1-BCL

java-1_8_0-openjdk-1.8.0.292-3.52.1

java-1_8_0-openjdk-demo-1.8.0.292-3.52.1

java-1_8_0-openjdk-devel-1.8.0.292-3.52.1

java-1_8_0-openjdk-headless-1.8.0.292-3.52.1

SUSE Linux Enterprise Server 15 SP1-LTSS

java-1_8_0-openjdk-1.8.0.292-3.52.1

java-1_8_0-openjdk-demo-1.8.0.292-3.52.1

java-1_8_0-openjdk-devel-1.8.0.292-3.52.1

java-1_8_0-openjdk-headless-1.8.0.292-3.52.1

SUSE Linux Enterprise Server 15-LTSS

java-1_8_0-openjdk-1.8.0.292-3.52.1

java-1_8_0-openjdk-demo-1.8.0.292-3.52.1

java-1_8_0-openjdk-devel-1.8.0.292-3.52.1

java-1_8_0-openjdk-headless-1.8.0.292-3.52.1

SUSE Linux Enterprise Server for SAP Applications 15

java-1_8_0-openjdk-1.8.0.292-3.52.1

java-1_8_0-openjdk-demo-1.8.0.292-3.52.1

java-1_8_0-openjdk-devel-1.8.0.292-3.52.1

java-1_8_0-openjdk-headless-1.8.0.292-3.52.1

SUSE Linux Enterprise Server for SAP Applications 15 SP1

java-1_8_0-openjdk-1.8.0.292-3.52.1

java-1_8_0-openjdk-demo-1.8.0.292-3.52.1

java-1_8_0-openjdk-devel-1.8.0.292-3.52.1

java-1_8_0-openjdk-headless-1.8.0.292-3.52.1

SUSE Manager Proxy 4.0

java-1_8_0-openjdk-1.8.0.292-3.52.1

java-1_8_0-openjdk-demo-1.8.0.292-3.52.1

java-1_8_0-openjdk-devel-1.8.0.292-3.52.1

java-1_8_0-openjdk-headless-1.8.0.292-3.52.1

SUSE Manager Retail Branch Server 4.0

java-1_8_0-openjdk-1.8.0.292-3.52.1

java-1_8_0-openjdk-demo-1.8.0.292-3.52.1

java-1_8_0-openjdk-devel-1.8.0.292-3.52.1

java-1_8_0-openjdk-headless-1.8.0.292-3.52.1

SUSE Manager Server 4.0

java-1_8_0-openjdk-1.8.0.292-3.52.1

java-1_8_0-openjdk-demo-1.8.0.292-3.52.1

java-1_8_0-openjdk-devel-1.8.0.292-3.52.1

java-1_8_0-openjdk-headless-1.8.0.292-3.52.1

Ссылки

https://www.suse.com/support/update/announcement/2021/suse-su-20211989-1/
Link for SUSE-SU-2021:1989-1
https://lists.suse.com/pipermail/sle-security-updates/2021-June/009025.html
E-Mail link for SUSE-SU-2021:1989-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1185055
SUSE Bug 1185055
https://www.suse.com/security/cve/CVE-2021-2163/
SUSE CVE CVE-2021-2163 page

Описание

Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N).

Затронутые продукты

Container containers/apache-tomcat:9-openjdk8:java-1_8_0-openjdk-1.8.0.292-3.52.1

Container containers/apache-tomcat:9-openjdk8:java-1_8_0-openjdk-headless-1.8.0.292-3.52.1

Image tomcat_15_6:java-1_8_0-openjdk-1.8.0.292-3.52.1

Image tomcat_15_6:java-1_8_0-openjdk-headless-1.8.0.292-3.52.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-2163.html
CVE-2021-2163
https://bugzilla.suse.com/1185055
SUSE Bug 1185055

SUSE-SU-2021:1989-1

Описание

Список пакетов

Container containers/apache-tomcat:9-openjdk8

Image tomcat_15_6

SUSE Enterprise Storage 6

SUSE Linux Enterprise Module for Legacy 15 SP2

SUSE Linux Enterprise Module for Legacy 15 SP3

SUSE Linux Enterprise Server 15 SP1-BCL

SUSE Linux Enterprise Server 15 SP1-LTSS

SUSE Linux Enterprise Server 15-LTSS

SUSE Linux Enterprise Server for SAP Applications 15

SUSE Linux Enterprise Server for SAP Applications 15 SP1

SUSE Manager Proxy 4.0

SUSE Manager Retail Branch Server 4.0

SUSE Manager Server 4.0

Ссылки

Уязвимость: CVE-2021-2163

Описание

Затронутые продукты

Ссылки