SUSE-SU-2019:3083-1: important: Security update for java-11-openjdk

sle-security-updates at sle-security-updates at
Wed Nov 27 10:14:33 MST 2019

   SUSE Security Update: Security update for java-11-openjdk

Announcement ID:    SUSE-SU-2019:3083-1
Rating:             important
References:         #1152856 #1154212 
Cross-References:   CVE-2019-2894 CVE-2019-2933 CVE-2019-2945
                    CVE-2019-2949 CVE-2019-2958 CVE-2019-2962
                    CVE-2019-2964 CVE-2019-2973 CVE-2019-2975
                    CVE-2019-2977 CVE-2019-2978 CVE-2019-2981
                    CVE-2019-2983 CVE-2019-2987 CVE-2019-2988
                    CVE-2019-2989 CVE-2019-2992 CVE-2019-2999
Affected Products:
                    SUSE Linux Enterprise Server 12-SP5

   An update that fixes 18 vulnerabilities is now available.


   This update for java-11-openjdk fixes the following issues:

   Security issues fixed (October 2019 CPU  bsc#1154212):

   - CVE-2019-2933: Windows file handling redux
   - CVE-2019-2945: Better socket support
   - CVE-2019-2949: Better Kerberos ccache handling
   - CVE-2019-2958: Build Better Processes
   - CVE-2019-2964: Better support for patterns
   - CVE-2019-2962: Better Glyph Images
   - CVE-2019-2973: Better pattern compilation
   - CVE-2019-2975: Unexpected exception in jjs
   - CVE-2019-2978: Improved handling of jar files
   - CVE-2019-2977: Improve String index handling
   - CVE-2019-2981: Better Path supports
   - CVE-2019-2983: Better serial attributes
   - CVE-2019-2987: Better rendering of native glyphs
   - CVE-2019-2988: Better Graphics2D drawing
   - CVE-2019-2989: Improve TLS connection support
   - CVE-2019-2992: Enhance font glyph mapping
   - CVE-2019-2999: Commentary on Javadoc comments
   - CVE-2019-2894: Enhance ECDSA operations (bsc#1152856).

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 12-SP5:

      zypper in -t patch SUSE-SLE-SERVER-12-SP5-2019-3083=1

Package List:

   - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):



More information about the sle-security-updates mailing list