Overview

File _patchinfo of Package patchinfo.8533

<patchinfo incident="8533">
  <issue tracker="bnc" id="1104668">VUL-0: IBM Java 8 SR5 FP20 was released</issue>
  <issue tracker="cve" id="2018-2973"/>
  <issue tracker="cve" id="2018-1656"/>
  <issue tracker="cve" id="2018-12539"/>
  <issue tracker="cve" id="2018-2952"/>
  <issue tracker="cve" id="2018-1517"/>
  <issue tracker="cve" id="2018-2940"/>
  <category>security</category>
  <rating>important</rating>
  <packager>scarabeus_iv</packager>
  <description>This update for java-1_7_1-ibm fixes the following issues:

Security issues fixed:
  
- CVE-2018-1517: Fixed a flaw in the java.math component in IBM SDK, which may
  allow an attacker to inflict a denial-of-service attack with specially
  crafted String data.
- CVE-2018-1656: Protect against path traversal attacks when extracting
  compressed dump files.
- CVE-2018-2940: Fixed an easily exploitable vulnerability in the libraries
  subcomponent, which allowed unauthenticated attackers with network access
  via multiple protocols to compromise the Java SE, leading to
  unauthorized read access.
- CVE-2018-2952: Fixed an easily exploitable vulnerability in the concurrency
  subcomponent, which allowed unauthenticated attackers with network access
  via multiple protocols to compromise the Java SE, leading to denial of
  service.
- CVE-2018-2973: Fixed a difficult to exploit vulnerability in the JSSE
  subcomponent, which allowed unauthenticated attackers with network access
  via SSL/TLS to compromise the Java SE, leading to unauthorized creation,
  deletion or modification access to critical data.
- CVE-2018-12539: Fixed a vulnerability in which users other than the process
  owner may be able to use Java Attach API to connect to the IBM JVM on the
  same machine and use Attach API operations, including the ability to execute
  untrusted arbitrary code.

Other changes made:

- Various JIT/JVM crash fixes
- Version update to 7.1.4.30 (bsc#1104668)

You can find detailed information about this update [here](https://developer.ibm.com/javasdk/support/security-vulnerabilities/#IBM_Security_Update_August_2018).
</description>
  <summary>Security update for java-1_7_1-ibm</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places