SUSE-SU-2020:2143-1

Source
https://www.suse.com/support/update/announcement/2020/suse-su-20202143-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2020:2143-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2020:2143-1
Related
Published
2020-08-06T09:07:26Z
Modified
2020-08-06T09:07:26Z
Summary
Security update for java-11-openjdk
Details

This update for java-11-openjdk fixes the following issues:

  • Update to upstream tag jdk-11.0.8+10 (July 2020 CPU, bsc#1174157)
    • Security fixes:
      • JDK-8230613: Better ASCII conversions
      • JDK-8231800: Better listing of arrays
      • JDK-8232014: Expand DTD support
      • JDK-8233234: Better Zip Naming
      • JDK-8233239, CVE-2020-14562: Enhance TIFF support
      • JDK-8233255: Better Swing Buttons
      • JDK-8234032: Improve basic calendar services
      • JDK-8234042: Better factory production of certificates
      • JDK-8234418: Better parsing with CertificateFactory
      • JDK-8234836: Improve serialization handling
      • JDK-8236191: Enhance OID processing
      • JDK-8236867, CVE-2020-14573: Enhance Graal interface handling
      • JDK-8237117, CVE-2020-14556: Better ForkJoinPool behavior
      • JDK-8237592, CVE-2020-14577: Enhance certificate verification
      • JDK-8238002, CVE-2020-14581: Better matrix operations
      • JDK-8238013: Enhance String writing
      • JDK-8238804: Enhance key handling process
      • JDK-8238842: AIOOBE in GIFImageReader.initializeStringTable
      • JDK-8238843: Enhanced font handing
      • JDK-8238920, CVE-2020-14583: Better Buffer support
      • JDK-8238925: Enhance WAV file playback
      • JDK-8240119, CVE-2020-14593: Less Affine Transformations
      • JDK-8240482: Improved WAV file playback
      • JDK-8241379: Update JCEKS support
      • JDK-8241522: Manifest improved jar headers redux
      • JDK-8242136, CVE-2020-14621: Better XML namespace handling
    • Other changes:
      • JDK-6933331: (d3d/ogl) java.lang.IllegalStateException: Buffers have not been created
      • JDK-7124307: JSpinner and changing value by mouse
      • JDK-8022574: remove HaltNode code after uncommon trap calls
      • JDK-8039082: [TESTBUG] Test java/awt/dnd/BadSerializationTest/BadSerializationTest.java fails
      • JDK-8040630: Popup menus and tooltips flicker with previous popup contents when first shown
      • JDK-8044365: (dc) MulticastSendReceiveTests.java failing with ENOMEM when joining group (OS X 10.9)
      • JDK-8048215: [TESTBUG] java/lang/management/ManagementFactory/ThreadMXBeanProxy.java Expected non-null LockInfo
      • JDK-8051349: nsk/jvmti/scenarios/sampling/SP06/sp06t003 fails in nightly
      • JDK-8080353: JShell: Better error message on attempting to add default method
      • JDK-8139876: Exclude hanging nsk/stress/stack from execution with deoptimization enabled
      • JDK-8146090: java/lang/ref/ReachabilityFenceTest.java fails with -XX:+DeoptimizeALot
      • JDK-8153430: jdk regression test MletParserLocaleTest, ParserInfiniteLoopTest reduce default timeout
      • JDK-8156207: Resource allocated BitMaps are often cleared unnecessarily
      • JDK-8159740: JShell: corralled declarations do not have correct source to wrapper mapping
      • JDK-8175984: ICCProfile has un-needed, not-empty finalize method
      • JDK-8176359: Frame#setMaximizedbounds not working properly in multi screen environments
      • JDK-8183369: RFC unconformity of HttpURLConnection with proxy
      • JDK-8187078: -XX:+VerifyOops finds numerous problems when running JPRT
      • JDK-8189861: Refactor CacheFind
      • JDK-8191169: java/net/Authenticator/B4769350.java failed intermittently
      • JDK-8191930: [Graal] emits unparseable XML into compile log
      • JDK-8193879: Java debugger hangs on method invocation
      • JDK-8196019: java/awt/Window/Grab/GrabTest.java fails on Windows
      • JDK-8196181: sun/java2d/GdiRendering/InsetClipping.java fails
      • JDK-8198000: java/awt/List/EmptyListEventTest/EmptyListEventTest.java debug assert on Windows
      • JDK-8198001: java/awt/Menu/WrongParentAfterRemoveMenu/ /WrongParentAfterRemoveMenu.java debug assert on Windows
      • JDK-8198339: Test javax/swing/border/Test6981576.java is unstable
      • JDK-8200701: jdk/jshell/ExceptionsTest.java fails on Windows, after JDK-8198801
      • JDK-8203264: JNI exception pending in PlainDatagramSocketImpl.c:740
      • JDK-8203672: JNI exception pending in PlainSocketImpl.c
      • JDK-8203673: JNI exception pending in DualStackPlainDatagramSocketImpl.c:398
      • JDK-8204834: Fix confusing 'allocate' naming in OopStorage
      • JDK-8205399: Set node color on pinned HashMap.TreeNode deletion
      • JDK-8205653: test/jdk/sun/management/jmxremote/bootstrap/ /RmiRegistrySslTest.java and RmiSslBootstrapTest.sh fail with handshakefailure
      • JDK-8206179: com/sun/management/OperatingSystemMXBean/ /GetCommittedVirtualMemorySize.java fails with Committed virtual memory size illegal value
      • JDK-8207334: VM times out in VMHandshakeAllThreads::doit() with RunThese30M
      • JDK-8208277: Code cache heap (-XX:ReservedCodeCacheSize) doesn't work with 1GB LargePages
References

Affected packages

SUSE:Linux Enterprise Module for Basesystem 15 SP1 / java-11-openjdk

Package

Name
java-11-openjdk
Purl
purl:rpm/suse/java-11-openjdk&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
11.0.8.0-3.45.1

Ecosystem specific

{
    "binaries": [
        {
            "java-11-openjdk-demo": "11.0.8.0-3.45.1",
            "java-11-openjdk": "11.0.8.0-3.45.1",
            "java-11-openjdk-devel": "11.0.8.0-3.45.1",
            "java-11-openjdk-headless": "11.0.8.0-3.45.1"
        }
    ]
}

SUSE:Linux Enterprise Module for Basesystem 15 SP2 / java-11-openjdk

Package

Name
java-11-openjdk
Purl
purl:rpm/suse/java-11-openjdk&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
11.0.8.0-3.45.1

Ecosystem specific

{
    "binaries": [
        {
            "java-11-openjdk-demo": "11.0.8.0-3.45.1",
            "java-11-openjdk": "11.0.8.0-3.45.1",
            "java-11-openjdk-devel": "11.0.8.0-3.45.1",
            "java-11-openjdk-headless": "11.0.8.0-3.45.1"
        }
    ]
}

SUSE:Linux Enterprise Module for Package Hub 15 SP1 / java-11-openjdk

Package

Name
java-11-openjdk
Purl
purl:rpm/suse/java-11-openjdk&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
11.0.8.0-3.45.1

Ecosystem specific

{
    "binaries": [
        {
            "java-11-openjdk-javadoc": "11.0.8.0-3.45.1"
        }
    ]
}

SUSE:Linux Enterprise Module for Package Hub 15 SP2 / java-11-openjdk

Package

Name
java-11-openjdk
Purl
purl:rpm/suse/java-11-openjdk&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
11.0.8.0-3.45.1

Ecosystem specific

{
    "binaries": [
        {
            "java-11-openjdk-javadoc": "11.0.8.0-3.45.1"
        }
    ]
}

SUSE:Linux Enterprise High Performance Computing 15-ESPOS / java-11-openjdk

Package

Name
java-11-openjdk
Purl
purl:rpm/suse/java-11-openjdk&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
11.0.8.0-3.45.1

Ecosystem specific

{
    "binaries": [
        {
            "java-11-openjdk-demo": "11.0.8.0-3.45.1",
            "java-11-openjdk": "11.0.8.0-3.45.1",
            "java-11-openjdk-devel": "11.0.8.0-3.45.1",
            "java-11-openjdk-headless": "11.0.8.0-3.45.1"
        }
    ]
}

SUSE:Linux Enterprise High Performance Computing 15-LTSS / java-11-openjdk

Package

Name
java-11-openjdk
Purl
purl:rpm/suse/java-11-openjdk&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
11.0.8.0-3.45.1

Ecosystem specific

{
    "binaries": [
        {
            "java-11-openjdk-demo": "11.0.8.0-3.45.1",
            "java-11-openjdk": "11.0.8.0-3.45.1",
            "java-11-openjdk-devel": "11.0.8.0-3.45.1",
            "java-11-openjdk-headless": "11.0.8.0-3.45.1"
        }
    ]
}

SUSE:Linux Enterprise Server 15-LTSS / java-11-openjdk

Package

Name
java-11-openjdk
Purl
purl:rpm/suse/java-11-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
11.0.8.0-3.45.1

Ecosystem specific

{
    "binaries": [
        {
            "java-11-openjdk-demo": "11.0.8.0-3.45.1",
            "java-11-openjdk": "11.0.8.0-3.45.1",
            "java-11-openjdk-devel": "11.0.8.0-3.45.1",
            "java-11-openjdk-headless": "11.0.8.0-3.45.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 15 / java-11-openjdk

Package

Name
java-11-openjdk
Purl
purl:rpm/suse/java-11-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
11.0.8.0-3.45.1

Ecosystem specific

{
    "binaries": [
        {
            "java-11-openjdk-demo": "11.0.8.0-3.45.1",
            "java-11-openjdk": "11.0.8.0-3.45.1",
            "java-11-openjdk-devel": "11.0.8.0-3.45.1",
            "java-11-openjdk-headless": "11.0.8.0-3.45.1"
        }
    ]
}