Oval Definition:oval:org.opensuse.security:def:52558
Revision Date:2020-12-01Version:1
Title:Security update for java-1_8_0-ibm (Moderate)
Description:

This update for java-1_8_0-ibm to 8.0.5.20 fixes the following issues:

- CVE-2018-2952: Vulnerability in subcomponent: Concurrency. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit (bsc#1104668). - CVE-2018-2940: Vulnerability in subcomponent: Libraries. Easily exploitable vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data (bsc#1104668). - CVE-2018-2973: Vulnerability in subcomponent: JSSE. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data (bsc#1104668). - CVE-2018-2964: Vulnerability in subcomponent: Deployment. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE. (bsc#1104668). - CVE-2016-0705: Prevent double free in the dsa_priv_decode function that allowed remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key (bsc#1104668). - CVE-2017-3732: Prevent carry propagating bug in the x86_64 Montgomery squaring procedure (bsc#1104668). - CVE-2017-3736: Prevent carry propagating bug in the x86_64 Montgomery squaring procedure (bsc#1104668). - CVE-2018-12539: Users other than the process owner might have been able to use Java Attach API to connect to an IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted native code (bsc#1104668) - CVE-2018-1517: Unspecified vulnerability (bsc#1104668). - CVE-2018-1656: Unspecified vulnerability (bsc#1104668)
Family:unixClass:patch
Status:Reference(s):1055186
1065600
1065729
1094244
1104668
1112178
1113956
1154366
1167527
1168468
1169972
1171675
1171688
1171742
1173115
1174899
1175228
1175686
1175749
1175882
1176011
1176022
1176038
1176235
1176242
1176278
1176316
1176317
1176318
1176319
1176320
1176321
1176381
1176395
1176410
1176423
1176482
1176507
1176536
1176544
1176545
1176546
1176548
1176659
1176698
1176699
1176700
1176721
1176722
1176725
1176732
1176788
1176789
1176869
1176877
1176935
1176950
1176962
1176966
1176990
1177027
1177030
1177041
1177042
1177043
1177044
1177121
1177206
1177258
1177291
1177293
1177294
1177295
1177296
902408
902409
902410
903204
903216
903638
905260
CVE-2006-4484
CVE-2009-0799
CVE-2009-0800
CVE-2009-1179
CVE-2009-1180
CVE-2009-1181
CVE-2009-1182
CVE-2009-1183
CVE-2009-1187
CVE-2009-1188
CVE-2009-2666
CVE-2009-3607
CVE-2009-3608
CVE-2010-1167
CVE-2010-1205
CVE-2010-2074
CVE-2010-4352
CVE-2011-0460
CVE-2011-1521
CVE-2011-1946
CVE-2011-1947
CVE-2011-2501
CVE-2011-2690
CVE-2011-2691
CVE-2011-2692
CVE-2011-3026
CVE-2011-3048
CVE-2011-3328
CVE-2011-3389
CVE-2011-3464
CVE-2011-4944
CVE-2012-0845
CVE-2012-1150
CVE-2012-2812
CVE-2012-2813
CVE-2012-2814
CVE-2012-2836
CVE-2012-2837
CVE-2012-2840
CVE-2012-2841
CVE-2012-3386
CVE-2012-3386
CVE-2012-3482
CVE-2012-3524
CVE-2012-4929
CVE-2013-1752
CVE-2013-1753
CVE-2013-1788
CVE-2013-1789
CVE-2013-1790
CVE-2013-2168
CVE-2013-4238
CVE-2013-4473
CVE-2013-4474
CVE-2014-1912
CVE-2014-3477
CVE-2014-3532
CVE-2014-3533
CVE-2014-3635
CVE-2014-3636
CVE-2014-3637
CVE-2014-3638
CVE-2014-3639
CVE-2014-3695
CVE-2014-3696
CVE-2014-3698
CVE-2014-4650
CVE-2014-7185
CVE-2014-7824
CVE-2014-8148
CVE-2014-8354
CVE-2014-8355
CVE-2014-8562
CVE-2014-8716
CVE-2015-0245
CVE-2015-8126
CVE-2016-0705
CVE-2016-9434
CVE-2016-9435
CVE-2016-9436
CVE-2016-9437
CVE-2016-9438
CVE-2016-9439
CVE-2016-9440
CVE-2016-9441
CVE-2016-9442
CVE-2016-9443
CVE-2016-9621
CVE-2016-9622
CVE-2016-9623
CVE-2016-9624
CVE-2016-9625
CVE-2016-9626
CVE-2016-9627
CVE-2016-9628
CVE-2016-9629
CVE-2016-9630
CVE-2016-9631
CVE-2016-9632
CVE-2016-9633
CVE-2017-1000456
CVE-2017-14517
CVE-2017-14518
CVE-2017-14520
CVE-2017-14617
CVE-2017-14928
CVE-2017-14975
CVE-2017-14976
CVE-2017-14977
CVE-2017-15565
CVE-2017-3732
CVE-2017-3736
CVE-2017-7511
CVE-2017-7515
CVE-2017-9406
CVE-2017-9408
CVE-2017-9775
CVE-2017-9776
CVE-2017-9865
CVE-2018-12539
CVE-2018-1517
CVE-2018-1656
CVE-2018-2940
CVE-2018-2952
CVE-2018-2964
CVE-2018-2973
CVE-2020-0404
CVE-2020-0427
CVE-2020-0431
CVE-2020-0432
CVE-2020-14381
CVE-2020-14390
CVE-2020-15663
CVE-2020-15664
CVE-2020-15669
CVE-2020-25212
CVE-2020-25284
CVE-2020-25641
CVE-2020-25643
CVE-2020-26088
SUSE-SU-2018:3082-1
SUSE-SU-2020:2552-1
SUSE-SU-2020:2905-1
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.1
SUSE Linux Enterprise Desktop 11 SP2
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Desktop 11 SP4
SUSE Linux Enterprise Desktop 12
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Desktop 12 SP3
SUSE Linux Enterprise Desktop 12 SP4
SUSE Linux Enterprise Module for Legacy Software 15
SUSE Linux Enterprise Module for Legacy Software 15 SP1
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-ESPOS
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Workstation Extension 15 SP2
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud Crowbar 8
SUSE OpenStack Cloud Crowbar 9
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND Package Information
  • freerdp-2.0.0~rc2-lp150.1 is installed
  • OR libfreerdp2-2.0.0~rc2-lp150.1 is installed
  • OR libwinpr2-2.0.0~rc2-lp150.1 is installed
    • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND apache2-mod_auth_openidc-2.3.8-lp151.2.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP2 is installed
  • AND Package Information
  • libpoppler-glib4-0.12.3-1.8 is installed
  • OR libpoppler-qt4-3-0.12.3-1.8 is installed
  • OR libpoppler5-0.12.3-1.8 is installed
  • OR poppler-tools-0.12.3-1.8 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP3 is installed
  • AND Package Information
  • MozillaFirefox-38.4.0esr-25 is installed
  • OR MozillaFirefox-branding-SLED-38-15 is installed
  • OR MozillaFirefox-translations-38.4.0esr-25 is installed
  • OR libfreebl3-3.19.2.1-19 is installed
  • OR libfreebl3-32bit-3.19.2.1-19 is installed
  • OR libsoftokn3-3.19.2.1-19 is installed
  • OR libsoftokn3-32bit-3.19.2.1-19 is installed
  • OR mozilla-nspr-4.10.10-16 is installed
  • OR mozilla-nspr-32bit-4.10.10-16 is installed
  • OR mozilla-nss-3.19.2.1-19 is installed
  • OR mozilla-nss-32bit-3.19.2.1-19 is installed
  • OR mozilla-nss-tools-3.19.2.1-19 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP4 is installed
  • AND Package Information
  • flash-player-11.2.202.535-0.20 is installed
  • OR flash-player-gnome-11.2.202.535-0.20 is installed
  • OR flash-player-kde4-11.2.202.535-0.20 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 is installed
  • AND kbd-1.15.5-7 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP1 is installed
  • AND fetchmail-6.3.26-5 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP2 is installed
  • AND libpng15-15-1.5.22-4 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP3 is installed
  • AND Package Information
  • dbus-1-1.8.22-28 is installed
  • OR dbus-1-x11-1.8.22-28 is installed
  • OR libdbus-1-3-1.8.22-28 is installed
  • OR libdbus-1-3-32bit-1.8.22-28 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP4 is installed
  • AND Package Information
  • libpoppler-glib8-0.43.0-16.15 is installed
  • OR libpoppler-qt4-4-0.43.0-16.15 is installed
  • OR libpoppler60-0.43.0-16.15 is installed
  • OR poppler-tools-0.43.0-16.15 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Legacy Software 15 is installed
  • AND Package Information
  • java-1_8_0-ibm-1.8.0_sr5.20-3.6 is installed
  • OR java-1_8_0-ibm-alsa-1.8.0_sr5.20-3.6 is installed
  • OR java-1_8_0-ibm-devel-1.8.0_sr5.20-3.6 is installed
  • OR java-1_8_0-ibm-plugin-1.8.0_sr5.20-3.6 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Legacy Software 15 SP1 is installed
  • AND Package Information
  • kernel-default-4.12.14-197.61 is installed
  • OR reiserfs-kmp-default-4.12.14-197.61 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1 is installed
  • AND patch-2.7.5-7 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1-LTSS is installed
  • AND Package Information
  • qemu-2.3.1-33.3 is installed
  • OR qemu-block-curl-2.3.1-33.3 is installed
  • OR qemu-block-rbd-2.3.1-33.3 is installed
  • OR qemu-guest-agent-2.3.1-33.3 is installed
  • OR qemu-ipxe-1.0.0-33.3 is installed
  • OR qemu-kvm-2.3.1-33.3 is installed
  • OR qemu-lang-2.3.1-33.3 is installed
  • OR qemu-ppc-2.3.1-33.3 is installed
  • OR qemu-s390-2.3.1-33.3 is installed
  • OR qemu-seabios-1.8.1-33.3 is installed
  • OR qemu-sgabios-8-33.3 is installed
  • OR qemu-tools-2.3.1-33.3 is installed
  • OR qemu-vgabios-1.8.1-33.3 is installed
  • OR qemu-x86-2.3.1-33.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND Package Information
  • eog-3.20.4-7 is installed
  • OR eog-lang-3.20.4-7 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-BCL is installed
  • AND Package Information
  • glibc-2.22-62.13 is installed
  • OR glibc-32bit-2.22-62.13 is installed
  • OR glibc-devel-2.22-62.13 is installed
  • OR glibc-devel-32bit-2.22-62.13 is installed
  • OR glibc-html-2.22-62.13 is installed
  • OR glibc-i18ndata-2.22-62.13 is installed
  • OR glibc-info-2.22-62.13 is installed
  • OR glibc-locale-2.22-62.13 is installed
  • OR glibc-locale-32bit-2.22-62.13 is installed
  • OR glibc-profile-2.22-62.13 is installed
  • OR glibc-profile-32bit-2.22-62.13 is installed
  • OR nscd-2.22-62.13 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND Package Information
  • java-1_7_0-openjdk-1.7.0.181-43.15 is installed
  • OR java-1_7_0-openjdk-demo-1.7.0.181-43.15 is installed
  • OR java-1_7_0-openjdk-devel-1.7.0.181-43.15 is installed
  • OR java-1_7_0-openjdk-headless-1.7.0.181-43.15 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-LTSS is installed
  • AND Package Information
  • kgraft-patch-4_4_103-92_53-default-6-2 is installed
  • OR kgraft-patch-SLE12-SP2_Update_16-6-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND libcares2-1.9.1-5 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-BCL is installed
  • AND Package Information
  • evince-3.20.2-6.27 is installed
  • OR evince-browser-plugin-3.20.2-6.27 is installed
  • OR evince-lang-3.20.2-6.27 is installed
  • OR evince-plugin-djvudocument-3.20.2-6.27 is installed
  • OR evince-plugin-dvidocument-3.20.2-6.27 is installed
  • OR evince-plugin-pdfdocument-3.20.2-6.27 is installed
  • OR evince-plugin-psdocument-3.20.2-6.27 is installed
  • OR evince-plugin-tiffdocument-3.20.2-6.27 is installed
  • OR evince-plugin-xpsdocument-3.20.2-6.27 is installed
  • OR libevdocument3-4-3.20.2-6.27 is installed
  • OR libevview3-3-3.20.2-6.27 is installed
  • OR nautilus-evince-3.20.2-6.27 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-ESPOS is installed
  • AND Package Information
  • kgraft-patch-4_4_156-94_61-default-8-2 is installed
  • OR kgraft-patch-SLE12-SP3_Update_19-8-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND Package Information
  • libecpg6-10.9-1.12 is installed
  • OR libpq5-10.9-1.12 is installed
  • OR libpq5-32bit-10.9-1.12 is installed
  • OR postgresql10-10.9-1.12 is installed
  • OR postgresql10-contrib-10.9-1.12 is installed
  • OR postgresql10-docs-10.9-1.12 is installed
  • OR postgresql10-libs-10.9-1.12 is installed
  • OR postgresql10-plperl-10.9-1.12 is installed
  • OR postgresql10-plpython-10.9-1.12 is installed
  • OR postgresql10-pltcl-10.9-1.12 is installed
  • OR postgresql10-server-10.9-1.12 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • AND Package Information
  • libQtWebKit4-4.8.7+2.3.4-4.7 is installed
  • OR libQtWebKit4-32bit-4.8.7+2.3.4-4.7 is installed
  • OR libqca2-2.0.3-17.7 is installed
  • OR libqca2-32bit-2.0.3-17.7 is installed
  • OR libqt4-4.8.7-8.8 is installed
  • OR libqt4-32bit-4.8.7-8.8 is installed
  • OR libqt4-devel-doc-4.8.7-8.8 is installed
  • OR libqt4-qt3support-4.8.7-8.8 is installed
  • OR libqt4-qt3support-32bit-4.8.7-8.8 is installed
  • OR libqt4-sql-4.8.7-8.8 is installed
  • OR libqt4-sql-32bit-4.8.7-8.8 is installed
  • OR libqt4-sql-mysql-4.8.7-8.8 is installed
  • OR libqt4-sql-plugins-4.8.7-8.8 is installed
  • OR libqt4-sql-sqlite-4.8.7-8.8 is installed
  • OR libqt4-x11-4.8.7-8.8 is installed
  • OR libqt4-x11-32bit-4.8.7-8.8 is installed
  • OR qt4-x11-tools-4.8.7-8.8 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND Package Information
  • gdk-pixbuf-loader-rsvg-2.40.20-5.6 is installed
  • OR librsvg-2-2-2.40.20-5.6 is installed
  • OR librsvg-2-2-32bit-2.40.20-5.6 is installed
  • OR rsvg-view-2.40.20-5.6 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Workstation Extension 15 SP2 is installed
  • AND Package Information
  • MozillaThunderbird-68.12.0-3.94 is installed
  • OR MozillaThunderbird-translations-common-68.12.0-3.94 is installed
  • OR MozillaThunderbird-translations-other-68.12.0-3.94 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND Package Information
  • ghostscript-9.26a-23.19 is installed
  • OR ghostscript-x11-9.26a-23.19 is installed
  • OR libspectre-0.2.7-12.6 is installed
  • OR libspectre1-0.2.7-12.6 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 8 is installed
  • AND slf4j-1.7.12-3.3 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND Package Information
  • libmysqlclient18-10.0.38-29.27 is installed
  • OR mariadb-10.0.38-29.27 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 9 is installed
  • AND python-SQLAlchemy-1.2.10-3.3 is installed
    • BACK