SUSE-SU-2020:2143-1: important: Security update for java-11-openjdk

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Thu Aug 6 07:14:01 MDT 2020


   SUSE Security Update: Security update for java-11-openjdk
______________________________________________________________________________

Announcement ID:    SUSE-SU-2020:2143-1
Rating:             important
References:         #1174157 
Cross-References:   CVE-2020-14556 CVE-2020-14562 CVE-2020-14573
                    CVE-2020-14577 CVE-2020-14581 CVE-2020-14583
                    CVE-2020-14593 CVE-2020-14621
Affected Products:
                    SUSE Linux Enterprise Server for SAP 15
                    SUSE Linux Enterprise Server 15-LTSS
                    SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2
                    SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1
                    SUSE Linux Enterprise Module for Basesystem 15-SP2
                    SUSE Linux Enterprise Module for Basesystem 15-SP1
                    SUSE Linux Enterprise High Performance Computing 15-LTSS
                    SUSE Linux Enterprise High Performance Computing 15-ESPOS
______________________________________________________________________________

   An update that fixes 8 vulnerabilities is now available.

Description:

   This update for java-11-openjdk fixes the following issues:

   - Update to upstream tag jdk-11.0.8+10 (July 2020 CPU, bsc#1174157)
     * Security fixes:
       + JDK-8230613: Better ASCII conversions
       + JDK-8231800: Better listing of arrays
       + JDK-8232014: Expand DTD support
       + JDK-8233234: Better Zip Naming
       + JDK-8233239, CVE-2020-14562: Enhance TIFF support
       + JDK-8233255: Better Swing Buttons
       + JDK-8234032: Improve basic calendar services
       + JDK-8234042: Better factory production of certificates
       + JDK-8234418: Better parsing with CertificateFactory
       + JDK-8234836: Improve serialization handling
       + JDK-8236191: Enhance OID processing
       + JDK-8236867, CVE-2020-14573: Enhance Graal interface handling
       + JDK-8237117, CVE-2020-14556: Better ForkJoinPool behavior
       + JDK-8237592, CVE-2020-14577: Enhance certificate verification
       + JDK-8238002, CVE-2020-14581: Better matrix operations
       + JDK-8238013: Enhance String writing
       + JDK-8238804: Enhance key handling process
       + JDK-8238842: AIOOBE in GIFImageReader.initializeStringTable
       + JDK-8238843: Enhanced font handing
       + JDK-8238920, CVE-2020-14583: Better Buffer support
       + JDK-8238925: Enhance WAV file playback
       + JDK-8240119, CVE-2020-14593: Less Affine Transformations
       + JDK-8240482: Improved WAV file playback
       + JDK-8241379: Update JCEKS support
       + JDK-8241522: Manifest improved jar headers redux
       + JDK-8242136, CVE-2020-14621: Better XML namespace handling
     * Other changes:
       + JDK-6933331: (d3d/ogl) java.lang.IllegalStateException: Buffers have
         not been created
       + JDK-7124307: JSpinner and changing value by mouse
       + JDK-8022574: remove HaltNode code after uncommon trap calls
       + JDK-8039082: [TEST_BUG] Test
         java/awt/dnd/BadSerializationTest/BadSerializationTest.java fails
       + JDK-8040630: Popup menus and tooltips flicker with previous popup
         contents when first shown
       + JDK-8044365: (dc) MulticastSendReceiveTests.java failing with ENOMEM
         when joining group (OS X 10.9)
       + JDK-8048215: [TESTBUG]
         java/lang/management/ManagementFactory/ThreadMXBeanProxy.java
         Expected non-null LockInfo
       + JDK-8051349: nsk/jvmti/scenarios/sampling/SP06/sp06t003 fails in
         nightly
       + JDK-8080353: JShell: Better error message on attempting to add
         default method
       + JDK-8139876: Exclude hanging nsk/stress/stack from execution with
         deoptimization enabled
       + JDK-8146090: java/lang/ref/ReachabilityFenceTest.java fails with
         -XX:+DeoptimizeALot
       + JDK-8153430: jdk regression test MletParserLocaleTest,
         ParserInfiniteLoopTest reduce default timeout
       + JDK-8156207: Resource allocated BitMaps are often cleared
         unnecessarily
       + JDK-8159740: JShell: corralled declarations do not have correct
         source to wrapper mapping
       + JDK-8175984: ICC_Profile has un-needed, not-empty finalize method
       + JDK-8176359: Frame#setMaximizedbounds not working properly in multi
         screen environments
       + JDK-8183369: RFC unconformity of HttpURLConnection with proxy
       + JDK-8187078: -XX:+VerifyOops finds numerous problems when running
         JPRT
       + JDK-8189861: Refactor CacheFind
       + JDK-8191169: java/net/Authenticator/B4769350.java failed
         intermittently
       + JDK-8191930: [Graal] emits unparseable XML into compile log
       + JDK-8193879: Java debugger hangs on method invocation
       + JDK-8196019: java/awt/Window/Grab/GrabTest.java fails on Windows
       + JDK-8196181: sun/java2d/GdiRendering/InsetClipping.java fails
       + JDK-8198000:
         java/awt/List/EmptyListEventTest/EmptyListEventTest.java debug
         assert on Windows
       + JDK-8198001: java/awt/Menu/WrongParentAfterRemoveMenu/
         /WrongParentAfterRemoveMenu.java debug assert on Windows
       + JDK-8198339: Test javax/swing/border/Test6981576.java is unstable
       + JDK-8200701: jdk/jshell/ExceptionsTest.java fails on Windows, after
         JDK-8198801
       + JDK-8203264: JNI exception pending in PlainDatagramSocketImpl.c:740
       + JDK-8203672: JNI exception pending in PlainSocketImpl.c
       + JDK-8203673: JNI exception pending in
         DualStackPlainDatagramSocketImpl.c:398
       + JDK-8204834: Fix confusing "allocate" naming in OopStorage
       + JDK-8205399: Set node color on pinned HashMap.TreeNode deletion
       + JDK-8205653: test/jdk/sun/management/jmxremote/bootstrap/
         /RmiRegistrySslTest.java and RmiSslBootstrapTest.sh fail with
         handshake_failure
       + JDK-8206179: com/sun/management/OperatingSystemMXBean/
         /GetCommittedVirtualMemorySize.java fails with Committed virtual
         memory size illegal value
       + JDK-8207334: VM times out in VM_HandshakeAllThreads::doit() with
         RunThese30M
       + JDK-8208277: Code cache heap (-XX:ReservedCodeCacheSize) doesn't
         work with 1GB LargePages


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server for SAP 15:

      zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2143=1

   - SUSE Linux Enterprise Server 15-LTSS:

      zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2143=1

   - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-2143=1

   - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1:

      zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-2143=1

   - SUSE Linux Enterprise Module for Basesystem 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2143=1

   - SUSE Linux Enterprise Module for Basesystem 15-SP1:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2143=1

   - SUSE Linux Enterprise High Performance Computing 15-LTSS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2143=1

   - SUSE Linux Enterprise High Performance Computing 15-ESPOS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2143=1



Package List:

   - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):

      java-11-openjdk-11.0.8.0-3.45.1
      java-11-openjdk-debuginfo-11.0.8.0-3.45.1
      java-11-openjdk-debugsource-11.0.8.0-3.45.1
      java-11-openjdk-demo-11.0.8.0-3.45.1
      java-11-openjdk-devel-11.0.8.0-3.45.1
      java-11-openjdk-headless-11.0.8.0-3.45.1

   - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):

      java-11-openjdk-11.0.8.0-3.45.1
      java-11-openjdk-debuginfo-11.0.8.0-3.45.1
      java-11-openjdk-debugsource-11.0.8.0-3.45.1
      java-11-openjdk-demo-11.0.8.0-3.45.1
      java-11-openjdk-devel-11.0.8.0-3.45.1
      java-11-openjdk-headless-11.0.8.0-3.45.1

   - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (noarch):

      java-11-openjdk-javadoc-11.0.8.0-3.45.1

   - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (noarch):

      java-11-openjdk-javadoc-11.0.8.0-3.45.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64):

      java-11-openjdk-11.0.8.0-3.45.1
      java-11-openjdk-debuginfo-11.0.8.0-3.45.1
      java-11-openjdk-debugsource-11.0.8.0-3.45.1
      java-11-openjdk-demo-11.0.8.0-3.45.1
      java-11-openjdk-devel-11.0.8.0-3.45.1
      java-11-openjdk-headless-11.0.8.0-3.45.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64):

      java-11-openjdk-11.0.8.0-3.45.1
      java-11-openjdk-debuginfo-11.0.8.0-3.45.1
      java-11-openjdk-debugsource-11.0.8.0-3.45.1
      java-11-openjdk-demo-11.0.8.0-3.45.1
      java-11-openjdk-devel-11.0.8.0-3.45.1
      java-11-openjdk-headless-11.0.8.0-3.45.1

   - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):

      java-11-openjdk-11.0.8.0-3.45.1
      java-11-openjdk-debuginfo-11.0.8.0-3.45.1
      java-11-openjdk-debugsource-11.0.8.0-3.45.1
      java-11-openjdk-demo-11.0.8.0-3.45.1
      java-11-openjdk-devel-11.0.8.0-3.45.1
      java-11-openjdk-headless-11.0.8.0-3.45.1

   - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):

      java-11-openjdk-11.0.8.0-3.45.1
      java-11-openjdk-debuginfo-11.0.8.0-3.45.1
      java-11-openjdk-debugsource-11.0.8.0-3.45.1
      java-11-openjdk-demo-11.0.8.0-3.45.1
      java-11-openjdk-devel-11.0.8.0-3.45.1
      java-11-openjdk-headless-11.0.8.0-3.45.1


References:

   https://www.suse.com/security/cve/CVE-2020-14556.html
   https://www.suse.com/security/cve/CVE-2020-14562.html
   https://www.suse.com/security/cve/CVE-2020-14573.html
   https://www.suse.com/security/cve/CVE-2020-14577.html
   https://www.suse.com/security/cve/CVE-2020-14581.html
   https://www.suse.com/security/cve/CVE-2020-14583.html
   https://www.suse.com/security/cve/CVE-2020-14593.html
   https://www.suse.com/security/cve/CVE-2020-14621.html
   https://bugzilla.suse.com/1174157



More information about the sle-security-updates mailing list