Detections
Analytics

openSUSE Security Update : java-11-openjdk (openSUSE-2019-161)

low Nessus Plugin ID 122145

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for java-11-openjdk to version 11.0.2+7 fixes the following issues :

Security issues fixed :

 - CVE-2019-2422: Better FileChannel transfer performance (bsc#1122293)

 - CVE-2019-2426: Improve web server connections

 - CVE-2018-11212: Improve JPEG processing (bsc#1122299)

 - Better route routing

 - Better interface enumeration

 - Better interface lists

 - Improve BigDecimal support

 - Improve robot support

 - Better icon support

 - Choose printer defaults

 - Proper allocation handling

 - Initial class initialization

 - More reliable p11 transactions

 - Improve NIO stability

 - Better loading of classloader classes

 - Strengthen Windows Access Bridge Support

 - Improved data set handling

 - Improved LSA authentication

 - Libsunmscapi improved interactions

Non-security issues fix :

 - Do not resolve by default the added JavaEE modules (bsc#1120431)

 - ~2.5% regression on compression benchmark starting with 12-b11

 - java.net.http.HttpClient hangs on 204 reply without Content-length 0

 - Add additional TeliaSonera root certificate

 - Add more ld preloading related info to hs_error file on Linux

 - Add test to exercise server-side client hello processing

 - AES encrypt performance regression in jdk11b11

 - AIX: ProcessBuilder: Piping between created processes does not work.

 - AIX: Some class library files are missing the Classpath exception

 - AppCDS crashes for some uses with JRuby

 - Automate vtable/itable stub size calculation

 - BarrierSetC1::generate_referent_check() confuses register allocator

 - Better HTTP Redirection

 - Catastrophic size_t underflow in BitMap::*_large methods

 - Clip.isRunning() may return true after Clip.stop() was called

 - Compiler thread creation should be bounded by available space in memory and Code Cache

 - com.sun.net.httpserver.HttpServer returns Content-length header for 204 response code

 - Default mask register for avx512 instructions

 - Delayed starting of debugging via jcmd

 - Disable all DES cipher suites

 - Disable anon and NULL cipher suites

 - Disable unsupported GCs for Zero

 - Epsilon alignment adjustments can overflow max TLAB size

 - Epsilon elastic TLAB sizing may cause misalignment

 - HotSpot update for vm_version.cpp to recognise updated VS2017

 - HttpClient does not retrieve files with large sizes over HTTP/1.1

 - IIOException 'tEXt chunk length is not proper' on opening png file

 - Improve TLS connection stability again

 - InitialDirContext ctor sometimes throws NPE if the server has sent a disconnection

 - Inspect stack during error reporting

 - Instead of circle rendered in appl window, but ellipse is produced JEditor Pane

 - Introduce diagnostic flag to abort VM on failed JIT compilation

 - Invalid assert(HeapBaseMinAddress > 0) in ReservedHeapSpace::initialize_compressed_heap

 - jar has issues with UNC-path arguments for the jar -C parameter [windows]

 - java.net.http HTTP client should allow specifying Origin and Referer headers

 - java.nio.file.Files.writeString writes garbled UTF-16 instead of UTF-8

 - JDK 11.0.1 l10n resource file update

 - JDWP Transport Listener: dt_socket thread crash

 - JVMTI ResourceExhausted should not be posted in CompilerThread

 - LDAPS communication failure with jdk 1.8.0_181

 - linux: Poor StrictMath performance due to non-optimized compilation

 - Missing synchronization when reading counters for live threads and peak thread count

 - NPE in SupportedGroupsExtension

 - OpenDataException thrown when constructing CompositeData for StackTraceElement

 - Parent class loader may not have a referred ClassLoaderData instance when obtained in Klass::class_in_module_of_loader

 - Populate handlers while holding streamHandlerLock

 - ppc64: Enable POWER9 CPU detection

 - print_location is not reliable enough (printing register info)

 - Reconsider default option for ClassPathURLCheck change done in JDK-8195874

 - Register to register spill may use AVX 512 move instruction on unsupported platform.

 - s390: Use of shift operators not covered by cpp standard

 - serviceability/sa/TestUniverse.java#id0 intermittently fails with assert(get_instanceKlass()->is_loaded()) failed: must be at least loaded

 - SIGBUS in CodeHeapState::print_names()

 - SIGSEGV in MethodArityHistogram() with
 -XX:+CountCompiledCalls

 - Soft reference reclamation race in com.sun.xml.internal.stream.util.ThreadLocalBufferAlloca tor

 - Swing apps are slow if displaying from a remote source to many local displays

 - switch jtreg to 4.2b13

 - Test library OSInfo.getSolarisVersion cannot determine Solaris version

 - TestOptionsWithRanges.java is very slow

 - TestOptionsWithRanges.java of '-XX:TLABSize=2147483648' fails intermittently

 - The Japanese message of FileNotFoundException garbled

 - The 'supported_groups' extension in ServerHellos

 - ThreadInfoCompositeData.toCompositeData fails to map ThreadInfo to CompositeData

 - TimeZone.getDisplayName given Locale.US doesn't always honor the Locale.

 - TLS 1.2 Support algorithm in SunPKCS11 provider

 - TLS 1.3 handshake server name indication is missing on a session resume

 - TLS 1.3 server fails if ClientHello doesn't have pre_shared_key and psk_key_exchange_modes

 - TLS 1.3 interop problems with OpenSSL 1.1.1 when used on the client side with mutual auth

 - tz: Upgrade time-zone data to tzdata2018g

 - Undefined behaviour in ADLC

 - Update avx512 implementation

 - URLStreamHandler initialization race

 - UseCompressedOops requirement check fails fails on 32-bit system

 - windows: Update OS detection code to recognize Windows Server 2019

 - x86: assert on unbound assembler Labels used as branch targets

 - x86: jck tests for ldc2_w bytecode fail

 - x86: sharedRuntimeTrig/sharedRuntimeTrans compiled without optimization

 - '-XX:OnOutOfMemoryError' uses fork instead of vfork

This update was imported from the SUSE:SLE-15:Update update project.

Solution

Update the affected java-11-openjdk packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1120431

https://bugzilla.opensuse.org/show_bug.cgi?id=1122293

https://bugzilla.opensuse.org/show_bug.cgi?id=1122299

Plugin Details

Severity: Low

ID: 122145

File Name: openSUSE-2019-161.nasl

Version: 1.5

Type: local

Agent: unix

Published: 2/13/2019

Updated: 6/20/2024

Supported Sensors: Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.4

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2019-2426

CVSS v3

Risk Factor: Low

Base Score: 3.7

Temporal Score: 3.4

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:java-11-openjdk-javadoc, p-cpe:/a:novell:opensuse:java-11-openjdk-debugsource, cpe:/o:novell:opensuse:15.0, p-cpe:/a:novell:opensuse:java-11-openjdk-debuginfo, p-cpe:/a:novell:opensuse:java-11-openjdk-src, p-cpe:/a:novell:opensuse:java-11-openjdk-jmods, p-cpe:/a:novell:opensuse:java-11-openjdk, p-cpe:/a:novell:opensuse:java-11-openjdk-demo, p-cpe:/a:novell:opensuse:java-11-openjdk-accessibility, p-cpe:/a:novell:opensuse:java-11-openjdk-headless, p-cpe:/a:novell:opensuse:java-11-openjdk-devel, p-cpe:/a:novell:opensuse:java-11-openjdk-accessibility-debuginfo

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/23/2019

Vulnerability Publication Date: 5/16/2018

Reference Information

CVE: CVE-2018-11212, CVE-2019-2422, CVE-2019-2426