openSUSE Security Update : java-11-openjdk (openSUSE-2019-818)

critical Nessus Plugin ID 123345


New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.


The remote openSUSE host is missing a security update.


This update for java-11-openjdk fixes the following issues :

Update to upstream tag jdk-11.0.1+13 (Oracle October 2018 CPU)

Security fixes :

- S8202936, CVE-2018-3183, bsc#1112148: Improve script engine support

- S8199226, CVE-2018-3169, bsc#1112146: Improve field accesses

- S8199177, CVE-2018-3149, bsc#1112144: Enhance JNDI lookups

- S8202613, CVE-2018-3180, bsc#1112147: Improve TLS connections stability

- S8208209, CVE-2018-3180, bsc#1112147: Improve TLS connection stability again

- S8199172, CVE-2018-3150, bsc#1112145: Improve jar attribute checks

- S8200648, CVE-2018-3157, bsc#1112149: Make midi code more sound

- S8194534, CVE-2018-3136, bsc#1112142: Manifest better support

- S8208754, CVE-2018-3136, bsc#1112142: The fix for JDK-8194534 needs updates

- S8196902, CVE-2018-3139, bsc#1112143: Better HTTP Redirection

Security-In-Depth fixes :

- S8194546: Choosier FileManagers

- S8195874: Improve jar specification adherence

- S8196897: Improve PRNG support

- S8197881: Better StringBuilder support

- S8201756: Improve cipher inputs

- S8203654: Improve cypher state updates

- S8204497: Better formatting of decimals

- S8200666: Improve LDAP support

- S8199110: Address Internet Addresses

Update to upstream tag jdk-11+28 (OpenJDK 11 rc1)

- S8207317: SSLEngine negotiation fail exception behavior changed from fail-fast to fail-lazy

- S8207838: AArch64: Float registers incorrectly restored in JNI call

- S8209637: [s390x] Interpreter doesn't call result handler after native calls

- S8209670: CompilerThread releasing code buffer in destructor is unsafe

- S8209735: Disable avx512 by default

- S8209806: API docs should be updated to refer to javase11

- Report version without the '-internal' postfix

- Don't build against gdk making the accessibility depend on a particular version of gtk.

Update to upstream tag jdk-11+27

- S8031761: [TESTBUG] Add a regression test for JDK-8026328

- S8151259: [TESTBUG] nsk/jvmti/RedefineClasses/redefclass030 fails with 'unexpected values of outer fields of the class' when running with -Xcomp

- S8164639: Configure PKCS11 tests to use user-supplied NSS libraries

- S8189667: Desktop#moveToTrash expects incorrect '<<ALL FILES>>' FilePermission

- S8194949: [Graal] gc/ fail with OOM in


- S8195156: [Graal] serviceability/jvmti/GetModulesInfo/ / fails with Graal in Xcomp mode

- S8199081: [Testbug] compiler/linkage/ fails if run twice

- S8201394: Update module summary to reflect removal of module

- S8204931: Colors with alpha are painted incorrectly on Linux

- S8204966: [TESTBUG] hotspot/test/compiler/whitebox/ / test fails with


- S8205608: Fix 'frames()' in ThreadReferenceImpl.c to prevent quadratic runtime behavior

- S8205687: TimeoutHandler generates huge core files

- S8206176: Remove the temporary tls13VN field

- S8206258: [Test Error] sun/security/pkcs11 tests fail if NSS libs not found

- S8206965: java/util/TimeZone/ failed on de_DE and ja_JP locale.

- S8207009: TLS 1.3 half-close and synchronization issues

- S8207046: arm32 vm crash: C1 arm32 platform functions parameters type mismatch

- S8207139: NMT is not enabled on Windows 2016/10

- S8207237: SSLSocket#setEnabledCipherSuites is accepting empty string

- S8207355: C1 compilation hangs in ComputeLinearScanOrder::compute_dominator

- S8207746: C2: Lucene crashes on AVX512 instruction

- S8207765: intermittent failure

- S8207944: java.lang.ClassFormatError: Extra bytes at the end of class file test' possibly violation of JVMS 4.7.1

- S8207948: JDK 11 L10n resource file update msg drop 10

- S8207966: HttpClient response without content-length does not return body

- S8208125: Cannot input text into JOptionPane Text Input Dialog

- S8208164: (str) improve specification of String::lines

- S8208166: Still unable to use custom SSLEngine with default TrustManagerFactory after JDK-8207029

- S8208189: ProblemList compiler/graalunit/

- S8208205: ProblemList tests that fail due to 'Error attaching to process: Can't create thread_db agent!'

- S8208226: ProblemList com/sun/jdi/

- S8208251: serviceability/jvmti/HeapMonitor/MyPackage/ / fails intermittently on Linux-X64

- S8208305: ProblemList compiler/jvmci/compilerToVM/

- S8208347: ProblemList compiler/cpuflags/TestAESIntrinsicsOnSupportedConfig.jav a

- S8208353: Upgrade JDK 11 to libpng 1.6.35

- S8208358: update bug ids mentioned in tests

- S8208370: fix typo in ReservedStack tests' @requires

- S8208391: Differentiate response and connect timeouts in HTTP Client API

- S8208466: Fix potential memory leak in harfbuzz shaping.

- S8208496: New Test to verify concurrent behavior of TLS.

- S8208521: ProblemList more tests that fail due to 'Error attaching to process: Can't create thread_db agent!'

- S8208640: [a11y] [macos] Unable to navigate between Radiobuttons in Radio group using keyboard.

- S8208663: JDK 11 L10n resource file update msg drop 20

- S8208676: Missing NULL check and resource leak in NetworkPerformanceInterface::NetworkPerformance::network

- S8208691: Tighten up jdk.includeInExceptions security property

- S8209011: [TESTBUG] AArch64: sun/security/pkcs11/Secmod/ / fails in aarch64 platforms

- S8209029: ProblemList tests that fail due to 'Error attaching to process: Can't create thread_db agent!' in jdk-11+25 testing

- S8209149: [TESTBUG] runtime/RedefineTests/ / needs a longer timeout

- S8209451: Please change jdk 11 milestone to FCS

- S8209452: failed with 'At least one cacert test failed'

- S8209506: Add Google Trust Services GlobalSign root certificates

- S8209537: Two security tests failed after JDK-8164639 due to dependency was missed

This update was imported from the SUSE:SLE-15:Update update project.


Update the affected java-11-openjdk packages.

See Also

Plugin Details

Severity: Critical

ID: 123345

File Name: openSUSE-2019-818.nasl

Version: 1.4

Type: local

Agent: unix

Published: 3/27/2019

Updated: 1/19/2021

Dependencies: ssh_get_info.nasl

Risk Information


Risk Factor: High

Score: 7.3


Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C


Risk Factor: Critical

Base Score: 9

Temporal Score: 7.8

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:2.3:o:novell:opensuse:15.0:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:java-11-openjdk:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:java-11-openjdk-accessibility:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:java-11-openjdk-accessibility-debuginfo:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:java-11-openjdk-debuginfo:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:java-11-openjdk-debugsource:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:java-11-openjdk-demo:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:java-11-openjdk-devel:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:java-11-openjdk-headless:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:java-11-openjdk-javadoc:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:java-11-openjdk-jmods:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:java-11-openjdk-src:*:*:*:*:*:*:*

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 3/23/2019

Vulnerability Publication Date: 10/17/2018

Reference Information

CVE: CVE-2018-3136, CVE-2018-3139, CVE-2018-3149, CVE-2018-3169, CVE-2018-3180, CVE-2018-3183, CVE-2018-3150, CVE-2018-3157