SUSE-SU-2020:1569-1

Source
https://www.suse.com/support/update/announcement/2020/suse-su-20201569-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2020:1569-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2020:1569-1
Related
Published
2020-06-09T09:13:34Z
Modified
2020-06-09T09:13:34Z
Summary
Security update for java-1_8_0-openjdk
Details

This update for java-180-openjdk to version jdk8u252 fixes the following issues:

  • CVE-2020-2754: Forward references to Nashorn (bsc#1169511)
  • CVE-2020-2755: Improve Nashorn matching (bsc#1169511)
  • CVE-2020-2756: Better mapping of serial ENUMs (bsc#1169511)
  • CVE-2020-2757: Less Blocking Array Queues (bsc#1169511)
  • CVE-2020-2773: Better signatures in XML (bsc#1169511)
  • CVE-2020-2781: Improve TLS session handling (bsc#1169511)
  • CVE-2020-2800: Better Headings for HTTP Servers (bsc#1169511)
  • CVE-2020-2803: Enhance buffering of byte buffers (bsc#1169511)
  • CVE-2020-2805: Enhance typing of methods (bsc#1169511)
  • CVE-2020-2830: Better Scanner conversions (bsc#1169511)
  • Ignore whitespaces after the header or footer in PEM X.509 cert (bsc#1171352)
References

Affected packages

SUSE:Linux Enterprise Module for Legacy 15 SP1 / java-1_8_0-openjdk

Package

Name
java-1_8_0-openjdk
Purl
pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.0.252-3.35.3

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-openjdk-demo": "1.8.0.252-3.35.3",
            "java-1_8_0-openjdk": "1.8.0.252-3.35.3",
            "java-1_8_0-openjdk-devel": "1.8.0.252-3.35.3",
            "java-1_8_0-openjdk-headless": "1.8.0.252-3.35.3"
        }
    ]
}

SUSE:Linux Enterprise Server 15-LTSS / java-1_8_0-openjdk

Package

Name
java-1_8_0-openjdk
Purl
pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.0.252-3.35.3

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-openjdk-demo": "1.8.0.252-3.35.3",
            "java-1_8_0-openjdk": "1.8.0.252-3.35.3",
            "java-1_8_0-openjdk-devel": "1.8.0.252-3.35.3",
            "java-1_8_0-openjdk-headless": "1.8.0.252-3.35.3"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 15 / java-1_8_0-openjdk

Package

Name
java-1_8_0-openjdk
Purl
pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.0.252-3.35.3

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-openjdk-demo": "1.8.0.252-3.35.3",
            "java-1_8_0-openjdk": "1.8.0.252-3.35.3",
            "java-1_8_0-openjdk-devel": "1.8.0.252-3.35.3",
            "java-1_8_0-openjdk-headless": "1.8.0.252-3.35.3"
        }
    ]
}