openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2021-374)

medium Nessus Plugin ID 147161

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for java-1_8_0-openjdk fixes the following issues :

- Update to version jdk8u282 (icedtea 3.18.0)

- January 2021 CPU (bsc#1181239)

- Security fixes

+ JDK-8247619: Improve Direct Buffering of Characters (CVE-2020-14803)

- Import of OpenJDK 8 u282 build 01

+ JDK-6962725: Regtest javax/swing/JFileChooser/6738668/ /bug6738668.java fails under Linux

+ JDK-8025936: Windows .pdb and .map files does not have proper dependencies setup

+ JDK-8030350: Enable additional compiler warnings for GCC

+ JDK-8031423: Test java/awt/dnd/DisposeFrameOnDragCrash/ /DisposeFrameOnDragTest.java fails by Timeout on Windows

+ JDK-8036122: Fix warning 'format not a string literal'

+ JDK-8051853: new URI('x/').resolve('..').getSchemeSpecificPart() returns null!

+ JDK-8132664:
closed/javax/swing/DataTransfer/DefaultNoDrop/ /DefaultNoDrop.java locks on Windows

+ JDK-8134632: Mark javax/sound/midi/Devices/ /InitializationHang.java as headful

+ JDK-8148854: Class names 'SomeClass' and 'LSomeClass;' treated by JVM as an equivalent

+ JDK-8148916: Mark bug6400879.java as intermittently failing

+ JDK-8148983: Fix extra comma in changes for JDK-8148916

+ JDK-8160438:
javax/swing/plaf/nimbus/8057791/bug8057791.java fails

+ JDK-8165808: Add release barriers when allocating objects with concurrent collection

+ JDK-8185003: JMX: Add a version of ThreadMXBean.dumpAllThreads with a maxDepth argument

+ JDK-8202076: test/jdk/java/io/File/WinSpecialFiles.java on windows with VS2017

+ JDK-8207766: [testbug] Adapt tests for Aix.

+ JDK-8212070: Introduce diagnostic flag to abort VM on failed JIT compilation

+ JDK-8213448: [TESTBUG] enhance jfr/jvm/TestDumpOnCrash

+ JDK-8215727: Restore JFR thread sampler loop to old / previous behavior

+ JDK-8220657: JFR.dump does not work when filename is set

+ JDK-8221342: [TESTBUG] Generate Dockerfile for docker testing

+ JDK-8224502: [TESTBUG] JDK docker test TestSystemMetrics.java fails with access issues and OOM

+ JDK-8231209: [REDO] ThreadMXBean::getThreadAllocatedBytes() can be quicker for self thread

+ JDK-8231968: getCurrentThreadAllocatedBytes default implementation s/b getThreadAllocatedBytes

+ JDK-8232114: JVM crashed at imjpapi.dll in native code

+ JDK-8234270: [REDO] JDK-8204128 NMT might report incorrect numbers for Compiler area

+ JDK-8234339: replace JLI_StrTok in java_md_solinux.c

+ JDK-8238448: RSASSA-PSS signature verification fail when using certain odd key sizes

+ JDK-8242335: Additional Tests for RSASSA-PSS

+ JDK-8244225: stringop-overflow warning on strncpy call from compile_the_world_in

+ JDK-8245400: Upgrade to LittleCMS 2.11

+ JDK-8248214: Add paddings for TaskQueueSuper to reduce false-sharing cache contention

+ JDK-8249176: Update GlobalSignR6CA test certificates

+ JDK-8250665: Wrong translation for the month name of May in ar_JO,LB,SY

+ JDK-8250928: JFR: Improve hash algorithm for stack traces

+ JDK-8251469: Better cleanup for test/jdk/javax/imageio/SetOutput.java

+ JDK-8251840:
Java_sun_awt_X11_XToolkit_getDefaultScreenData should not be in make/mapfiles/libawt_xawt/mapfile-vers

+ JDK-8252384: [TESTBUG] Some tests refer to COMPAT provider rather than JRE

+ JDK-8252395: [8u] --with-native-debug-symbols=external doesn't include debuginfo files for binaries

+ JDK-8252497: Incorrect numeric currency code for ROL

+ JDK-8252754: Hash code calculation of JfrStackTrace is inconsistent

+ JDK-8252904: VM crashes when JFR is used and JFR event class is transformed

+ JDK-8252975: [8u] JDK-8252395 breaks the build for

--with-native-debug-symbols=internal

+ JDK-8253284: Zero OrderAccess barrier mappings are incorrect

+ JDK-8253550: [8u] JDK-8252395 breaks the build for make STRIP_POLICY=no_strip

+ JDK-8253752: test/sun/management/jmxremote/bootstrap/ /RmiBootstrapTest.java fails randomly

+ JDK-8254081: java/security/cert/PolicyNode/ /GetPolicyQualifiers.java fails due to an expired certificate

+ JDK-8254144: Non-x86 Zero builds fail with return-type warning in os_linux_zero.cpp

+ JDK-8254166: Zero: return-type warning in zeroInterpreter_zero.cpp

+ JDK-8254683: [TEST_BUG] jdk/test/sun/tools/jconsole/ /WorkerDeadlockTest.java fails

+ JDK-8255003: Build failures on Solaris

This update was imported from the SUSE:SLE-15:Update update project.

Solution

Update the affected java-1_8_0-openjdk packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1181239

Plugin Details

Severity: Medium

ID: 147161

File Name: openSUSE-2021-374.nasl

Version: 1.2

Type: local

Agent: unix

Published: 3/5/2021

Updated: 3/10/2021

Supported Sensors: Nessus Agent

Risk Information

VPR

Risk Factor: Low

Score: 2.2

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: E:U/RL:OF/RC:C

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:java-1_8_0-openjdk, p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-accessibility, p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-debuginfo, p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-debugsource, p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-demo, p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-demo-debuginfo, p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-devel, p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-devel-debuginfo, p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-headless, p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-headless-debuginfo, p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-javadoc, p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-src, cpe:/o:novell:opensuse:15.2

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 3/3/2021

Vulnerability Publication Date: 10/21/2020

Reference Information

CVE: CVE-2020-14803