OVAL Reference oval:org.opensuse.security:def:99865

Oval Definition:

oval:org.opensuse.security:def:99865

Revision Date:	2020-05-29	Version:	1
Title:	(Important)
Description:	This update for java-11-openjdk fixes the following issues: Java was updated to jdk-11.0.7+10 (April 2020 CPU, bsc#1169511). Security issues fixed: - CVE-2020-2754: Fixed an incorrect handling of regular expressions that could have resulted in denial of service (bsc#1169511). - CVE-2020-2755: Fixed an incorrect handling of regular expressions that could have resulted in denial of service (bsc#1169511). - CVE-2020-2756: Fixed an incorrect handling of regular expressions that could have resulted in denial of service (bsc#1169511). - CVE-2020-2757: Fixed an object deserialization issue that could have resulted in denial of service via crafted serialized input (bsc#1169511). - CVE-2020-2767: Fixed an incorrect handling of certificate messages during TLS handshakes (bsc#1169511). - CVE-2020-2773: Fixed the incorrect handling of exceptions thrown by unmarshalKeyInfo() and unmarshalXMLSignature() (bsc#1169511). - CVE-2020-2778: Fixed the incorrect handling of SSLParameters in setAlgorithmConstraints(), which could have been abused to override the defined systems security policy and lead to the use of weak crypto algorithms (bsc#1169511). - CVE-2020-2781: Fixed the incorrect re-use of single null TLS sessions (bsc#1169511). - CVE-2020-2800: Fixed an HTTP header injection issue caused by mishandling of CR/LF in header values (bsc#1169511). - CVE-2020-2803: Fixed a boundary check and type check issue that could have led to a sandbox bypass (bsc#1169511). - CVE-2020-2805: Fixed a boundary check and type check issue that could have led to a sandbox bypass (bsc#1169511). - CVE-2020-2816: Fixed an incorrect handling of application data packets during TLS handshakes (bsc#1169511). - CVE-2020-2830: Fixed an incorrect handling of regular expressions that could have resulted in denial of service (bsc#1169511).
Family:	unix	Class:	patch
Status:		Reference(s):	1167462 1169511 1170452 CVE-2020-12105 CVE-2020-2754 CVE-2020-2755 CVE-2020-2756 CVE-2020-2757 CVE-2020-2767 CVE-2020-2773 CVE-2020-2778 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 CVE-2020-2816 CVE-2020-2830 SUSE-SU-2020:1337-1
Platform(s):	Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure SUSE Linux Enterprise Desktop 15 SP1 SUSE Linux Enterprise Server 15 SP1 SUSE Linux Enterprise Server for SAP Applications 15 SP1 SUSE Linux Enterprise Workstation Extension 15 SP1	Product(s):
Definition Synopsis
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure is installed AND Package Information java-11-openjdk-11.0.7.0-3.42.4 is installed OR java-11-openjdk-headless-11.0.7.0-3.42.4 is installed
Definition Synopsis
SUSE Linux Enterprise Workstation Extension 15 SP1 is installed AND Package Information openconnect-7.08-6.6.1 is installed OR openconnect-devel-7.08-6.6.1 is installed OR openconnect-lang-7.08-6.6.1 is installed

BACK