SUSE-SU-2020:0456-1

UNKNOWN

Security update for java-1_7_1-ibm

Published Apr 7, 2020

Modified 5 years ago

Fix available

Details

This update for java-1_7_1-ibm fixes the following issues:

Java was updated to 7.1 Service Refresh 4 Fix Pack 60 [bsc#1162972, bsc#1160968].

Security issues fixed:

CVE-2020-2583: Fixed a serialization vulnerability in BeanContextSupport (bsc#1162972).
CVE-2020-2593: Fixed an incorrect check in isBuiltinStreamHandler, causing URL normalization issues (bsc#1162972).
CVE-2020-2604: Fixed a serialization issue in jdk.serialFilter (bsc#1162972).
CVE-2020-2659: Fixed the incomplete enforcement of the maxDatagramSockets limit in DatagramChannelImpl (bsc#1162972).

Non-security issues fixed:

Class Libraries: IJ22333 HANG IN JAVA_JAVA_NET_SOCKETINPUTSTREAM_SOCKETREAD0 EVEN WHEN TIMEOUT IS SET IJ22350 JAVA 7 AND JAVA 8 NOT WORKING WELL WITH TRADITIONAL/SIMPLIFIED CHINESE EDITION OF WINDOWS CLIENT SYSTEM IJ22337 THE NAME OF THE REPUBLIC OF BELARUS IN THE RUSSIAN LOCALE INCONSISTENT WITH CLDR IJ22349 UPDATE TIMEZONE INFORMATION TO TZDATA2019C
JIT Compiler: IJ11368 JAVA JIT PPC: CRASH IN JIT COMPILED CODE ON PPC MACHINES

Affected Packages

java-1_7_1-ibm

SUSE Enterprise Storage 5SUSE HPE Helion OpenStack 8SUSE Linux Enterprise Server 12 SP1-LTSSSUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP2-LTSS

Fixed in:

1.7.1_sr4.60-38.47.1

java-1_7_1-ibm-alsa

SUSE Enterprise Storage 5SUSE HPE Helion OpenStack 8SUSE Linux Enterprise Server 12 SP1-LTSSSUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP2-LTSS

Fixed in:

1.7.1_sr4.60-38.47.1

java-1_7_1-ibm-devel

SUSE Enterprise Storage 5SUSE HPE Helion OpenStack 8SUSE Linux Enterprise Server 12 SP1-LTSSSUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP2-LTSS

Fixed in:

1.7.1_sr4.60-38.47.1

java-1_7_1-ibm-jdbc

SUSE Enterprise Storage 5SUSE HPE Helion OpenStack 8SUSE Linux Enterprise Server 12 SP1-LTSSSUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP2-LTSS

Fixed in:

1.7.1_sr4.60-38.47.1

java-1_7_1-ibm-plugin

SUSE Enterprise Storage 5SUSE HPE Helion OpenStack 8SUSE Linux Enterprise Server 12 SP1-LTSSSUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP2-LTSS

Fixed in:

1.7.1_sr4.60-38.47.1

References

https://bugzilla.suse.com/1160968

https://bugzilla.suse.com/1162972

https://www.suse.com/security/cve/CVE-2020-2583

https://www.suse.com/security/cve/CVE-2020-2593

https://www.suse.com/security/cve/CVE-2020-2604

https://www.suse.com/security/cve/CVE-2020-2659

https://www.suse.com/support/update/announcement/2020/suse-su-20200456-1/

Upstream

CVE-2020-2583 CVE-2020-2593 CVE-2020-2604 CVE-2020-2659

Related

CVE-2020-2583 CVE-2020-2593 CVE-2020-2604 CVE-2020-2659

Ecosystems(19)

SUSE Enterprise Storage 5 SUSE HPE Helion OpenStack 8 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-LTSS

Timeline

PublishedApr 7, 2020

ModifiedApr 7, 2020

SUSE-SU-2020:0456-1 | Mondoo Vulnerability Intelligence