Vulnerability CVE-2018-12549 - CERT Civis.Net

Vulnerability Name:

CVE-2018-12549 (CCN-157513)

Assigned:

2018-06-18

Published:

2019-02-08

Updated:

2019-05-16

Summary:

In Eclipse OpenJ9 version 0.11.0, the OpenJ9 JIT compiler may incorrectly omit a null check on the receiver object of an Unsafe call when accelerating it.

CVSS v3 Severity:

9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

9.8 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

9.8 Critical (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2018-12549

Source: CCN
Type: IBM Security Bulletin 878376 (AIX family)
Multiple vulnerabilities in IBM Java SDK affect AIX

Source: CCN
Type: IBM Security Bulletin 880991 (Content Collector)
Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email

Source: CCN
Type: IBM Security Bulletin 882672 (Tivoli Application Dependency Discovery Manager)
Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Application Dependency Discovery Manager (TADDM)

Source: CCN
Type: IBM Security Bulletin 883608 (Security Guardium)
Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium

Source: CCN
Type: IBM Security Bulletin 957781 (Security Privileged Identity Manager)
IBM Security Privileged Identity Manager is affected by multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 957973 (Security Identity Governance and Intelligence)
Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Security Identity Governance and Intelligence

Source: CCN
Type: IBM Security Bulletin 967469 (Security Privileged Identity Manager)
IBM Security Privileged Identity Manager is affected by multiple security vulnerabilities

Source: REDHAT
Type: Third Party Advisory
RHSA-2019:0469

Source: REDHAT
Type: Third Party Advisory
RHSA-2019:0472

Source: REDHAT
Type: Third Party Advisory
RHSA-2019:0640

Source: REDHAT
Type: UNKNOWN
RHSA-2019:1238

Source: CCN
Type: Bugzilla Bug 544019
(CVE-2018-12549) - OpenJ9 may fail to null check the receiver of an unsafe call

Source: CONFIRM
Type: Issue Tracking, Mitigation, Vendor Advisory
https://bugs.eclipse.org/bugs/show_bug.cgi?id=544019

Source: XF
Type: UNKNOWN
eclipse-openj9-cve201812549-code-exec(157513)

Source: CCN
Type: OpenJ9 GIT Repository
CVE-2018-12547 and CVE-2018-12549. #1589

Source: CCN
Type: IBM Security Bulletin 873332 (Runtimes for Java Technology)
Multiple vulnerabilities may affect IBM SDK, Java Technology Edition

Source: CCN
Type: IBM Security Bulletin 875554 (i)
Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM i

Source: CCN
Type: IBM Security Bulletin 878518 (MessageSight)
IBM MessageSight is affected by the following four IBM Java vulnerabilities

Source: CCN
Type: IBM Security Bulletin 882042 (Rational Directory Server)
Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Server (Tivoli) & Rational Directory Administrator

Source: CCN
Type: IBM Security Bulletin 882150 (Tivoli Composite Application Manager (ITCAM) for Transactions)
IBM SDK, Java Technology Edition Quarterly CPU - Jan 2019 - Includes Oracle Jan 2019 CPU affects IBM Tivoli Composite Application Manager for Transactions-Robotic Response Time

Source: CCN
Type: IBM Security Bulletin 882468 (InfoSphere Information Server)
Multiple vulnerabilities in IBM Java SDK affects IBM InfoSphere Information Server

Source: CCN
Type: IBM Security Bulletin 882598 (API Connect)
Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM API Connect

Source: CCN
Type: IBM Security Bulletin 883242 (Cloud Manager with Openstack)
Multiple vulnerabilities in IBM Runtime Environment Java Version affect IBM Cloud Manager with OpenStack

Source: CCN
Type: IBM Security Bulletin 884286 (MQ)
Multiple vulnerabilities in IBM Java Runtime affect IBM MQ and IBM MQ Appliance

Source: CCN
Type: IBM Security Bulletin 885813 (Cloud App Management)
Multiple vulnerabilities in IBM SDK Java Technology Edition affect IBM Cloud App Management V2018.4.1

Source: CCN
Type: IBM Security Bulletin 887917 (Netcool Agile Service Manager)
Multiple vulnerabilities in IBM Java Runtime affect Netcool Agile Service Manager

Source: CCN
Type: IBM Security Bulletin 957765 (Cloud Transformation Advisor)
Multiple vulnerabilities in IBM Java Runtime affect IBM Cloud Transformation Advisor

Source: CCN
Type: IBM Security Bulletin 1118799 (Tivoli Federated Identity Manager)
Security Vulnerabilities have been identified in IBM Java Runtime as shipped with Tivoli Federated Identity Manager

Source: CCN
Type: IBM Security Bulletin 6837345 (PureData System for Operational Analytics)
IBM SDK, Java Technology Edition Quarterly CPU - January 2019 through July 2022 affects AIX LPARs in IBM PureData System for Operational Analytics

Source: CCN
Type: IBM Security Bulletin 879975 (InfoSphere Streams)
Vulnerabilities in IBM SDK, Java Technology Edition Quarterly CPU - Jan 2019 - Includes Oracle Jan 2019 CPU

Source: CCN
Type: IBM Security Bulletin 879975 (Streams)
Vulnerabilities in IBM SDK, Java Technology Edition Quarterly CPU - Jan 2019 - Includes Oracle Jan 2019 CPU

Vulnerable Configuration:

Configuration 1:

cpe:/a:eclipse:openj9:0.11.0:*:*:*:*:*:*:*

Configuration 2:

cpe:/a:redhat:satellite:5.8:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:enterprise_linux:8::supplementary:*:*:*:*:*

Configuration CCN 1:

cpe:/a:eclipse:openj9:0.11:*:*:*:*:*:*:*

AND

cpe:/a:ibm:tivoli_federated_identity_manager:6.2.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_directory_server:5.2.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:infosphere_information_server:11.3:*:*:*:*:*:*:*

OR cpe:/o:ibm:i:7.1:*:*:*:*:*:*:*

OR cpe:/o:ibm:i:7.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_application_dependency_discovery_manager:7.2.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:content_collector:4:*:*:*:*:*:*:*

OR cpe:/a:ibm:messagesight:1.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_application_dependency_discovery_manager:7.3:*:*:*:*:*:*:*

OR cpe:/o:ibm:aix:7.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:infosphere_information_server:11.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_guardium:10.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_identity_governance_and_intelligence:5.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_privileged_identity_manager:2.0.2:*:*:*:*:*:*:*

OR cpe:/o:ibm:i:7.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_identity_governance_and_intelligence:5.2.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:api_connect:5.0.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:mq:8.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:mq:9.0.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:mq:9.0.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:*

OR cpe:/o:ibm:aix:7.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:mq:9.0.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_identity_governance_and_intelligence:5.2.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_identity_governance_and_intelligence:5.2.2.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_identity_governance_and_intelligence:5.2.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_identity_governance_and_intelligence:5.2.3.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_identity_governance_and_intelligence:5.2.3.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:api_connect:2018.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_manager:4.3:*:*:*:*:openstack:*:*

OR cpe:/a:ibm:security_identity_governance_and_intelligence:5.2.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:mq:9.0.0.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:mq:9.0.0.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:mq:9.1.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:runtimes_for_java_technology:*:*:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_composite_application_manager:7.4.0:*:*:*:transactions:*:*:*

OR cpe:/a:ibm:security_identity_governance_and_intelligence:5.2.4.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_guardium:10.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:mq:9.1.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:mq:9.1.1:*:*:*:continuous_delivery:*:*:*

OR cpe:/a:ibm:infosphere_streams:3.2.1.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:infosphere_streams:4.0.1.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_privileged_identity_manager:2.1.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:api_connect:5.0.8.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_composite_application_manager:7.4:*:*:*:transactions:*:*:*

OR cpe:/a:ibm:api_connect:2018.4.1.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:messagesight:5.0.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:messagesight:5.0.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_identity_governance_and_intelligence:5.2.5.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_transformation_advisor:1.9.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_transformation_advisor:1.9.7:*:*:*:*:*:*:*

OR cpe:/a:ibm:netcool_agile_service_manager:1.1.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:netcool_agile_service_manager:1.1.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:streams:4.1.1.8:*:*:*:*:*:*:*

OR cpe:/a:ibm:streams:4.2.1.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:streams:4.3.0.2:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:201812549	V	CVE-2018-12549	2023-06-22
oval:org.opensuse.security:def:8079	P	java-1_8_0-ibm-1.8.0_sr8.0-150000.3.71.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:3114	P	java-1_8_0-ibm-1.8.0_sr5.40-30.54.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3534	P	java-1_8_0-ibm-1.8.0_sr5.40-30.54.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3437	P	audiofile-0.3.6-11.3.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:95067	P	java-1_8_0-ibm-1.8.0_sr7.5-150000.3.56.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:1446	P	Security update for the Linux Kernel (Important)	2022-03-08
oval:org.opensuse.security:def:935	P	Security update for samba (Critical)	2022-02-08
oval:org.opensuse.security:def:11246	P	Security update for watchman (Important)	2022-01-17
oval:org.opensuse.security:def:8730	P	Security update for libsndfile (Important)	2022-01-11
oval:org.opensuse.security:def:9421	P	Security update for webkit2gtk3 (Important)	2021-11-23
oval:org.opensuse.security:def:8672	P	Security update for java-11-openjdk (Important)	2021-11-16
oval:org.opensuse.security:def:64581	P	Security update for postgresql13 (Moderate)	2021-09-29
oval:org.opensuse.security:def:71368	P	policycoreutils-2.8-9.19 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:71255	P	libfreebl3-3.41.1-3.13.1 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:9399	P	Security update for openssl-1_0_0 (Low)	2021-09-09
oval:org.opensuse.security:def:47471	P	pigz-2.3-5.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47456	P	p7zip-9.20.1-6.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48157	P	libnghttp2-14-1.7.1-1.84 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14933	P	java-1_8_0-ibm-1.8.0_sr5.40-30.54.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47917	P	wget-1.14-21.7.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47592	P	dbus-1-glib-0.100.2-3.58 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48053	P	java-1_8_0-ibm-1.8.0_sr5.40-30.54.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47457	P	pam-1.1.8-23.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48009	P	freeradius-server-3.0.19-1.48 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47785	P	libsoup-2_4-1-2.62.2-5.7.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:2002	P	java-1_8_0-ibm-1.8.0_sr6.25-3.50.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63091	P	java-1_8_0-ibm-1.8.0_sr6.25-3.50.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:100883	P	libXfont2-2-2.0.3-1.17 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:6695	P	Security update for the Linux Kernel (Live Patch 19 for SLE 15) (Important)	2021-07-27
oval:org.opensuse.security:def:68015	P	Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP1) (Important)	2021-07-14
oval:org.opensuse.security:def:10295	P	Security update for arpwatch (Important)	2021-06-28
oval:org.opensuse.security:def:48517	P	libldb1-1.1.26-10.4 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:8597	P	Security update for libX11 (Important)	2021-06-08
oval:org.opensuse.security:def:48684	P	libid3tag0-0.15.1b-182.58 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48582	P	openslp-2.0.0-11.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:10273	P	Security update for gstreamer-plugins-bad (Important)	2021-06-08
oval:org.opensuse.security:def:48371	P	apache2-mod_perl-2.0.8-11.43 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48613	P	radvd-1.9.7-2.12 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48455	P	krb5-appl-clients-1.0.3-1.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:94170	P	(Important)	2021-06-07
oval:org.opensuse.security:def:10265	P	Security update for dhcp (Important)	2021-06-02
oval:org.opensuse.security:def:11224	P	Security update for upx (Moderate)	2021-05-30
oval:org.opensuse.security:def:8761	P	Security update for slurm_20_11 (Important)	2021-05-27
oval:org.opensuse.security:def:6670	P	Security update for the Linux Kernel (Live Patch 23 for SLE 15) (Important)	2021-05-25
oval:org.opensuse.security:def:7419	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:8578	P	Security update for the Linux Kernel (Important)	2021-05-12
oval:org.opensuse.security:def:8748	P	Security update for ceph (Important)	2021-05-04
oval:org.opensuse.security:def:103668	P	java-1_8_0-ibm-1.8.0_sr5.30-3.16.2 on GA media (Moderate)	2021-04-29
oval:org.opensuse.security:def:90013	P	java-1_8_0-ibm-1.8.0_sr5.30-3.16.2 on GA media (Moderate)	2021-04-29
oval:org.opensuse.security:def:1982	P	java-1_8_0-ibm-1.8.0_sr5.30-3.16.2 on GA media (Moderate)	2021-04-29
oval:org.opensuse.security:def:63071	P	java-1_8_0-ibm-1.8.0_sr5.30-3.16.2 on GA media (Moderate)	2021-04-29
oval:org.opensuse.security:def:8563	P	Security update for xen (Important)	2021-04-19
oval:org.opensuse.security:def:8739	P	Security update for clamav (Important)	2021-04-14
oval:org.opensuse.security:def:6468	P	Security update for open-iscsi (Important)	2021-04-13
oval:org.opensuse.security:def:10422	P	Security update for go1.15 (Moderate)	2021-03-24
oval:org.opensuse.security:def:64668	P	Security update for s390-tools (Important)	2021-03-12
oval:org.opensuse.security:def:6728	P	Security update for the Linux Kernel (Important)	2021-03-09
oval:org.opensuse.security:def:10403	P	Security update for nodejs10 (Important)	2021-03-02
oval:org.opensuse.security:def:8697	P	Security update for the Linux Kernel (Important)	2021-02-11
oval:org.opensuse.security:def:10388	P	Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork (Important)	2021-02-11
oval:org.opensuse.security:def:10341	P	Security update for openvswitch (Important)	2021-02-03
oval:org.opensuse.security:def:6446	P	Security update for openldap2 (Moderate)	2021-01-14
oval:org.opensuse.security:def:10586	P	Security update for PackageKit (Moderate)	2020-12-16
oval:org.opensuse.security:def:63080	P	java-1_8_0-ibm-1.8.0_sr6.5-3.33.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16760	P	java-1_8_0-ibm-devel-1.8.0_sr5.40-30.54.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:107549	P	java-1_8_0-ibm-1.8.0_sr6.5-3.33.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:3924	P	java-1_8_0-ibm-devel-1.8.0_sr5.40-30.54.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:12927	P	java-1_8_0-ibm-1.8.0_sr5.40-30.54.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:117107	P	java-1_8_0-ibm-1.8.0_sr6.5-3.33.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:1991	P	java-1_8_0-ibm-1.8.0_sr6.5-3.33.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:8516	P	rsyslog on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6759	P	libspice-client-glib-2_0-8 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6561	P	bind-libs-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37477	P	krb5 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:36786	P	alsa on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38229	P	java-1_8_0-ibm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:8448	P	libsrtp1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37330	P	squashfs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49833	P	git on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10573	P	mpfr-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6737	P	libpcsclite1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10522	P	libmysqlclient-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:36691	P	librpcsecgss3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37080	P	bzip2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49887	P	java-1_8_0-ibm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6576	P	cups on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37505	P	libapr-util1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:36922	P	liblzo2-2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:8470	P	logwatch on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37389	P	avahi on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6438	P	libsrtp1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6746	P	libpython2_7-1_0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6514	P	syslog-service on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37438	P	gdm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:36702	P	libvirt on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:67915	P	libmad-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:36690	P	libraptor2-0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37170	P	libXi6 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:7397	P	gstreamer on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10564	P	libxerces-c-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10497	P	libgcrypt-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38187	P	fuse on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:8440	P	libruby2_1-2_1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6595	P	eog on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37549	P	liblzo2-2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37023	P	squid on GA media (Moderate)	2020-12-01
oval:com.redhat.rhsa:def:20191238	P	RHSA-2019:1238: java-1.8.0-ibm security update (Critical)	2019-05-16