openSUSE Security Update : java-11-openjdk (openSUSE-2018-1205)

critical Nessus Plugin ID 118221

Language:

New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for java-11-openjdk fixes the following issues :

Update to upstream tag jdk-11.0.1+13 (Oracle October 2018 CPU)

Security fixes :

- S8202936, CVE-2018-3183, bsc#1112148: Improve script engine support

- S8199226, CVE-2018-3169, bsc#1112146: Improve field accesses

- S8199177, CVE-2018-3149, bsc#1112144: Enhance JNDI lookups

- S8202613, CVE-2018-3180, bsc#1112147: Improve TLS connections stability

- S8208209, CVE-2018-3180, bsc#1112147: Improve TLS connection stability again

- S8199172, CVE-2018-3150, bsc#1112145: Improve jar attribute checks

- S8200648, CVE-2018-3157, bsc#1112149: Make midi code more sound

- S8194534, CVE-2018-3136, bsc#1112142: Manifest better support

- S8208754, CVE-2018-3136, bsc#1112142: The fix for JDK-8194534 needs updates

- S8196902, CVE-2018-3139, bsc#1112143: Better HTTP Redirection

Security-In-Depth fixes :

- S8194546: Choosier FileManagers

- S8195874: Improve jar specification adherence

- S8196897: Improve PRNG support

- S8197881: Better StringBuilder support

- S8201756: Improve cipher inputs

- S8203654: Improve cypher state updates

- S8204497: Better formatting of decimals

- S8200666: Improve LDAP support

- S8199110: Address Internet Addresses

Update to upstream tag jdk-11+28 (OpenJDK 11 rc1)

- S8207317: SSLEngine negotiation fail exception behavior changed from fail-fast to fail-lazy

- S8207838: AArch64: Float registers incorrectly restored in JNI call

- S8209637: [s390x] Interpreter doesn't call result handler after native calls

- S8209670: CompilerThread releasing code buffer in destructor is unsafe

- S8209735: Disable avx512 by default

- S8209806: API docs should be updated to refer to javase11

- Report version without the '-internal' postfix

- Don't build against gdk making the accessibility depend on a particular version of gtk.

Update to upstream tag jdk-11+27

- S8031761: [TESTBUG] Add a regression test for JDK-8026328

- S8151259: [TESTBUG] nsk/jvmti/RedefineClasses/redefclass030 fails with 'unexpected values of outer fields of the class' when running with -Xcomp

- S8164639: Configure PKCS11 tests to use user-supplied NSS libraries

- S8189667: Desktop#moveToTrash expects incorrect '<<ALL FILES>>' FilePermission

- S8194949: [Graal] gc/TestNUMAPageSize.java fail with OOM in

-Xcomp

- S8195156: [Graal] serviceability/jvmti/GetModulesInfo/ /JvmtiGetAllModulesTest.java fails with Graal in Xcomp mode

- S8199081: [Testbug] compiler/linkage/LinkageErrors.java fails if run twice

- S8201394: Update java.se module summary to reflect removal of java.se.ee module

- S8204931: Colors with alpha are painted incorrectly on Linux

- S8204966: [TESTBUG] hotspot/test/compiler/whitebox/ /IsMethodCompilableTest.java test fails with

-XX:CompileThreshold=1

- S8205608: Fix 'frames()' in ThreadReferenceImpl.c to prevent quadratic runtime behavior

- S8205687: TimeoutHandler generates huge core files

- S8206176: Remove the temporary tls13VN field

- S8206258: [Test Error] sun/security/pkcs11 tests fail if NSS libs not found

- S8206965: java/util/TimeZone/Bug8149452.java failed on de_DE and ja_JP locale.

- S8207009: TLS 1.3 half-close and synchronization issues

- S8207046: arm32 vm crash: C1 arm32 platform functions parameters type mismatch

- S8207139: NMT is not enabled on Windows 2016/10

- S8207237: SSLSocket#setEnabledCipherSuites is accepting empty string

- S8207355: C1 compilation hangs in ComputeLinearScanOrder::compute_dominator

- S8207746: C2: Lucene crashes on AVX512 instruction

- S8207765: HeapMonitorTest.java intermittent failure

- S8207944: java.lang.ClassFormatError: Extra bytes at the end of class file test' possibly violation of JVMS 4.7.1

- S8207948: JDK 11 L10n resource file update msg drop 10

- S8207966: HttpClient response without content-length does not return body

- S8208125: Cannot input text into JOptionPane Text Input Dialog

- S8208164: (str) improve specification of String::lines

- S8208166: Still unable to use custom SSLEngine with default TrustManagerFactory after JDK-8207029

- S8208189: ProblemList compiler/graalunit/JttThreadsTest.java

- S8208205: ProblemList tests that fail due to 'Error attaching to process: Can't create thread_db agent!'

- S8208226: ProblemList com/sun/jdi/BasicJDWPConnectionTest.java

- S8208251: serviceability/jvmti/HeapMonitor/MyPackage/ /HeapMonitorGCCMSTest.java fails intermittently on Linux-X64

- S8208305: ProblemList compiler/jvmci/compilerToVM/GetFlagValueTest.java

- S8208347: ProblemList compiler/cpuflags/TestAESIntrinsicsOnSupportedConfig.jav a

- S8208353: Upgrade JDK 11 to libpng 1.6.35

- S8208358: update bug ids mentioned in tests

- S8208370: fix typo in ReservedStack tests' @requires

- S8208391: Differentiate response and connect timeouts in HTTP Client API

- S8208466: Fix potential memory leak in harfbuzz shaping.

- S8208496: New Test to verify concurrent behavior of TLS.

- S8208521: ProblemList more tests that fail due to 'Error attaching to process: Can't create thread_db agent!'

- S8208640: [a11y] [macos] Unable to navigate between Radiobuttons in Radio group using keyboard.

- S8208663: JDK 11 L10n resource file update msg drop 20

- S8208676: Missing NULL check and resource leak in NetworkPerformanceInterface::NetworkPerformance::network
_utilization

- S8208691: Tighten up jdk.includeInExceptions security property

- S8209011: [TESTBUG] AArch64: sun/security/pkcs11/Secmod/ /TestNssDbSqlite.java fails in aarch64 platforms

- S8209029: ProblemList tests that fail due to 'Error attaching to process: Can't create thread_db agent!' in jdk-11+25 testing

- S8209149: [TESTBUG] runtime/RedefineTests/ /RedefineRunningMethods.java needs a longer timeout

- S8209451: Please change jdk 11 milestone to FCS

- S8209452: VerifyCACerts.java failed with 'At least one cacert test failed'

- S8209506: Add Google Trust Services GlobalSign root certificates

- S8209537: Two security tests failed after JDK-8164639 due to dependency was missed

This update was imported from the SUSE:SLE-15:Update update project.

Solution

Update the affected java-11-openjdk packages.

See Also

https://features.opensuse.org/

https://bugzilla.opensuse.org/show_bug.cgi?id=1112142

https://bugzilla.opensuse.org/show_bug.cgi?id=1112143

https://bugzilla.opensuse.org/show_bug.cgi?id=1112144

https://bugzilla.opensuse.org/show_bug.cgi?id=1112146

https://bugzilla.opensuse.org/show_bug.cgi?id=1112147

https://bugzilla.opensuse.org/show_bug.cgi?id=1112148

https://bugzilla.opensuse.org/show_bug.cgi?id=1111162

https://bugzilla.opensuse.org/show_bug.cgi?id=1112145

https://bugzilla.opensuse.org/show_bug.cgi?id=1112149

Plugin Details

Severity: Critical

ID: 118221

File Name: openSUSE-2018-1205.nasl

Version: 1.6

Type: local

Agent: unix

Published: 10/19/2018

Updated: 1/19/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: High

Score: 7.3

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: Critical

Base Score: 9

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:2.3:o:novell:opensuse:15.0:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:java-11-openjdk:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:java-11-openjdk-accessibility:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:java-11-openjdk-accessibility-debuginfo:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:java-11-openjdk-debuginfo:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:java-11-openjdk-debugsource:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:java-11-openjdk-demo:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:java-11-openjdk-devel:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:java-11-openjdk-headless:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:java-11-openjdk-javadoc:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:java-11-openjdk-jmods:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:java-11-openjdk-src:*:*:*:*:*:*:*

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 10/18/2018

Reference Information

CVE: CVE-2018-3136, CVE-2018-3139, CVE-2018-3149, CVE-2018-3169, CVE-2018-3180, CVE-2018-3183, CVE-2018-3150, CVE-2018-3157