Security update for java-11-openjdk

SUSE Security Update: Security update for java-11-openjdk

---

Announcement ID:	SUSE-SU-2019:2998-1
Rating:	important
References:	#1152856 #1154212
Cross-References:	CVE-2019-2894 CVE-2019-2933 CVE-2019-2945 CVE-2019-2949 CVE-2019-2958 CVE-2019-2962 CVE-2019-2964 CVE-2019-2973 CVE-2019-2975 CVE-2019-2977 CVE-2019-2978 CVE-2019-2981 CVE-2019-2983 CVE-2019-2987 CVE-2019-2988 CVE-2019-2989 CVE-2019-2992 CVE-2019-2999
Affected Products:	SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15

---

An update that fixes 18 vulnerabilities is now available.

Description:

This update for java-11-openjdk to version jdk-11.0.5-10 fixes the following issues:
Security issues fixed (October 2019 CPU bsc#1154212):

• CVE-2019-2933: Windows file handling redux
• CVE-2019-2945: Better socket support
• CVE-2019-2949: Better Kerberos ccache handling
• CVE-2019-2958: Build Better Processes
• CVE-2019-2964: Better support for patterns
• CVE-2019-2962: Better Glyph Images
• CVE-2019-2973: Better pattern compilation
• CVE-2019-2975: Unexpected exception in jjs
• CVE-2019-2978: Improved handling of jar files
• CVE-2019-2977: Improve String index handling
• CVE-2019-2981: Better Path supports
• CVE-2019-2983: Better serial attributes
• CVE-2019-2987: Better rendering of native glyphs
• CVE-2019-2988: Better Graphics2D drawing
• CVE-2019-2989: Improve TLS connection support
• CVE-2019-2992: Enhance font glyph mapping
• CVE-2019-2999: Commentary on Javadoc comments
• CVE-2019-2894: Enhance ECDSA operations (bsc#1152856).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1:
  zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2998=1
• SUSE Linux Enterprise Module for Open Buildservice Development Tools 15:
  zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2998=1
• SUSE Linux Enterprise Module for Basesystem 15-SP1:
  zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2998=1
• SUSE Linux Enterprise Module for Basesystem 15:
  zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2998=1

Package List:

• SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64):
  • java-11-openjdk-accessibility-11.0.5.0-3.36.1
  • java-11-openjdk-accessibility-debuginfo-11.0.5.0-3.36.1
  • java-11-openjdk-debuginfo-11.0.5.0-3.36.1
  • java-11-openjdk-debugsource-11.0.5.0-3.36.1
  • java-11-openjdk-jmods-11.0.5.0-3.36.1
  • java-11-openjdk-src-11.0.5.0-3.36.1
• SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch):
  • java-11-openjdk-javadoc-11.0.5.0-3.36.1
• SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64):
  • java-11-openjdk-11.0.5.0-3.36.1
  • java-11-openjdk-accessibility-11.0.5.0-3.36.1
  • java-11-openjdk-accessibility-debuginfo-11.0.5.0-3.36.1
  • java-11-openjdk-debuginfo-11.0.5.0-3.36.1
  • java-11-openjdk-debugsource-11.0.5.0-3.36.1
  • java-11-openjdk-demo-11.0.5.0-3.36.1
  • java-11-openjdk-devel-11.0.5.0-3.36.1
  • java-11-openjdk-headless-11.0.5.0-3.36.1
  • java-11-openjdk-jmods-11.0.5.0-3.36.1
  • java-11-openjdk-src-11.0.5.0-3.36.1
• SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch):
  • java-11-openjdk-javadoc-11.0.5.0-3.36.1
• SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64):
  • java-11-openjdk-11.0.5.0-3.36.1
  • java-11-openjdk-debuginfo-11.0.5.0-3.36.1
  • java-11-openjdk-debugsource-11.0.5.0-3.36.1
  • java-11-openjdk-demo-11.0.5.0-3.36.1
  • java-11-openjdk-devel-11.0.5.0-3.36.1
  • java-11-openjdk-headless-11.0.5.0-3.36.1
• SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64):
  • java-11-openjdk-11.0.5.0-3.36.1
  • java-11-openjdk-debuginfo-11.0.5.0-3.36.1
  • java-11-openjdk-debugsource-11.0.5.0-3.36.1
  • java-11-openjdk-demo-11.0.5.0-3.36.1
  • java-11-openjdk-devel-11.0.5.0-3.36.1
  • java-11-openjdk-headless-11.0.5.0-3.36.1

References:

• https://www.suse.com/security/cve/CVE-2019-2894.html
• https://www.suse.com/security/cve/CVE-2019-2933.html
• https://www.suse.com/security/cve/CVE-2019-2945.html
• https://www.suse.com/security/cve/CVE-2019-2949.html
• https://www.suse.com/security/cve/CVE-2019-2958.html
• https://www.suse.com/security/cve/CVE-2019-2962.html
• https://www.suse.com/security/cve/CVE-2019-2964.html
• https://www.suse.com/security/cve/CVE-2019-2973.html
• https://www.suse.com/security/cve/CVE-2019-2975.html
• https://www.suse.com/security/cve/CVE-2019-2977.html
• https://www.suse.com/security/cve/CVE-2019-2978.html
• https://www.suse.com/security/cve/CVE-2019-2981.html
• https://www.suse.com/security/cve/CVE-2019-2983.html
• https://www.suse.com/security/cve/CVE-2019-2987.html
• https://www.suse.com/security/cve/CVE-2019-2988.html
• https://www.suse.com/security/cve/CVE-2019-2989.html
• https://www.suse.com/security/cve/CVE-2019-2992.html
• https://www.suse.com/security/cve/CVE-2019-2999.html
• https://bugzilla.suse.com/1152856
• https://bugzilla.suse.com/1154212