Overview

File _patchinfo of Package patchinfo.14077

<patchinfo incident="14077">
  <issue tracker="bnc" id="1162972">VUL-0: java-1_7_0-ibm, java-1_7_1-ibm, java-1_8_0-ibm: IBM Security Update January 2020</issue>
  <issue tracker="bnc" id="1160968">VUL-0: java-1_7_0-openjdk,java-1_8_0-openjdk,java-11-openjdk: Oracle  January 2020 CPU</issue>
  <issue tracker="cve" id="2020-2583"/>
  <issue tracker="cve" id="2020-2604"/>
  <issue tracker="cve" id="2020-2659"/>
  <issue tracker="cve" id="2020-2593"/>
  <packager>pmonrealgonzalez</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for java-1_7_1-ibm</summary>
  <description>This update for java-1_7_1-ibm fixes the following issues:

Java was updated to 7.1 Service Refresh 4 Fix Pack 60 [bsc#1162972, bsc#1160968].

Security issues fixed:

- CVE-2020-2583: Fixed a serialization vulnerability in BeanContextSupport (bsc#1162972).
- CVE-2020-2593: Fixed an incorrect check in isBuiltinStreamHandler, causing URL normalization issues (bsc#1162972).
- CVE-2020-2604: Fixed a serialization issue in jdk.serialFilter (bsc#1162972).
- CVE-2020-2659: Fixed the incomplete enforcement of the maxDatagramSockets limit in DatagramChannelImpl (bsc#1162972).

Non-security issues fixed:

* Class Libraries:
  IJ22333 HANG IN JAVA_JAVA_NET_SOCKETINPUTSTREAM_SOCKETREAD0 EVEN
          WHEN TIMEOUT IS SET
  IJ22350 JAVA 7 AND JAVA 8 NOT WORKING WELL WITH TRADITIONAL/SIMPLIFIED
          CHINESE EDITION OF WINDOWS CLIENT SYSTEM
  IJ22337 THE NAME OF THE REPUBLIC OF BELARUS IN THE RUSSIAN LOCALE
          INCONSISTENT WITH CLDR
  IJ22349 UPDATE TIMEZONE INFORMATION TO TZDATA2019C
* JIT Compiler:
  IJ11368 JAVA JIT PPC: CRASH IN JIT COMPILED CODE ON PPC MACHINES
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places