SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-2019-1211

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-2019-1211

Security update for java-1_8_0-openjdk

Type: security

Severity: important

Issued: 2019-05-10

Description:

This update for java-1_8_0-openjdk to version 8u212 fixes the following issues:

Security issues fixed:

- CVE-2019-2602: Better String parsing (bsc#1132728).
- CVE-2019-2684: More dynamic RMI interactions (bsc#1132732).
- CVE-2019-2698: Fuzzing TrueType fonts - setCurrGlyphID() (bsc#1132729).
- CVE-2018-3639: fix revision to prefer PR_SPEC_DISABLE_NOEXEC to PR_SPEC_DISABLE

Non-Security issue fixed:

- Disable LTO (bsc#1133135).
- Added Japanese new era name.

References

CVE: CVE-2019-2698
CVE: CVE-2019-2684
CVE: CVE-2019-2602
CVE: CVE-2018-3639
Bugzilla: 1133135 LTO: java-1_8_0-openjdk build fails
Bugzilla: 1132732 VUL-0: CVE-2019-2684: java-1_7_0-openjdk,java-1_8_0-openjdk,java-11-openjdk: flaw was found in the RMI registry implementation
Bugzilla: 1132729 VUL-0: CVE-2019-2698: java-1_7_0-openjdk,java-1_8_0-openjdk: out of bounds access flaw in the 2D component
Bugzilla: 1132728 VUL-0: CVE-2019-2602: java-1_7_0-openjdk,java-1_8_0-openjdk,java-11-openjdk: flaw inside BigDecimal implementation (Component: Libraries)

Packages

java-1_8_0-openjdk-1.8.0.212-3.19.1