Security update for java-1_7_1-ibm
| Announcement ID: | SUSE-SU-2021:14634-1 |
|---|---|
| Rating: | important |
| References: | |
| Cross-References: | |
| CVSS scores: |
|
| Affected Products: |
|
An update that solves two vulnerabilities can now be installed.
Description:
This update for java-1_7_1-ibm fixes the following issues:
- Update to Java 7.1 Service Refresh 4 Fix Pack 80 [bsc#1182186, bsc#1181239, CVE-2020-27221, CVE-2020-14803]
- CVE-2020-27221: Potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding.
- CVE-2020-14803: Unauthenticated attacker with network access via multiple protocols allows to compromise Java SE.
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
SUSE Linux Enterprise Server 11 SP4 LTSS 11-SP4
zypper in -t patch slessp4-java-1_7_1-ibm-14634=1 -
SUSE Linux Enterprise Server 11 SP4
zypper in -t patch slessp4-java-1_7_1-ibm-14634=1
Package List:
-
SUSE Linux Enterprise Server 11 SP4 LTSS 11-SP4 (s390x x86_64 i586 ppc64 nosrc)
- java-1_7_1-ibm-1.7.1_sr4.80-26.65.1
-
SUSE Linux Enterprise Server 11 SP4 LTSS 11-SP4 (x86_64 i586)
- java-1_7_1-ibm-plugin-1.7.1_sr4.80-26.65.1
- java-1_7_1-ibm-alsa-1.7.1_sr4.80-26.65.1
-
SUSE Linux Enterprise Server 11 SP4 LTSS 11-SP4 (ppc64 s390x x86_64 i586)
- java-1_7_1-ibm-jdbc-1.7.1_sr4.80-26.65.1
- java-1_7_1-ibm-devel-1.7.1_sr4.80-26.65.1
-
SUSE Linux Enterprise Server 11 SP4 (s390x x86_64 i586 ppc64 nosrc)
- java-1_7_1-ibm-1.7.1_sr4.80-26.65.1
-
SUSE Linux Enterprise Server 11 SP4 (x86_64 i586)
- java-1_7_1-ibm-plugin-1.7.1_sr4.80-26.65.1
- java-1_7_1-ibm-alsa-1.7.1_sr4.80-26.65.1
-
SUSE Linux Enterprise Server 11 SP4 (ppc64 s390x x86_64 i586)
- java-1_7_1-ibm-jdbc-1.7.1_sr4.80-26.65.1
- java-1_7_1-ibm-devel-1.7.1_sr4.80-26.65.1