File _patchinfo of Package patchinfo.10530
<patchinfo incident="10530">
<issue tracker="bnc" id="1128158">VUL-0: CVE-2018-1890: java-1_8_0-ibm,java-1_7_0-ibm: local privilege escalation via insecure RPATHs</issue>
<issue tracker="bnc" id="1122299">VUL-1: CVE-2018-11212: libjpeg-turbo,libjpeg62-turbo: Divide By Zero in alloc_sarray function in jmemmgr.c</issue>
<issue tracker="bnc" id="1122292">VUL-0: CVE-2019-2449: java-1_8_0-openjdk: Remote attackers may delete arbitrary files</issue>
<issue tracker="bnc" id="1122293">VUL-0: CVE-2019-2422: java-1_7_0-openjdk,java-1_8_0-openjdk,java-11-openjdk: memory disclosure in FileChannelImpl</issue>
<issue tracker="cve" id="2018-1890"/>
<issue tracker="cve" id="2019-2422"/>
<issue tracker="cve" id="2018-11212"/>
<issue tracker="cve" id="2019-2449"/>
<category>security</category>
<rating>important</rating>
<packager>pmonrealgonzalez</packager>
<description>This update for java-1_8_0-ibm to version 8.0.5.30 fixes the following issues:
Security issues fixed:
- CVE-2019-2422: Fixed a memory disclosure in FileChannelImpl (bsc#1122293).
- CVE-2018-11212: Fixed an issue in alloc_sarray function in jmemmgr.c (bsc#1122299).
- CVE-2018-1890: Fixed a local privilege escalation via RPATHs (bsc#1128158).
- CVE-2019-2449: Fixed a vulnerabilit which could allow remote atackers to delete arbitrary files (bsc#1122292).
More information: https://www-01.ibm.com/support/docview.wss?uid=ibm10873332
</description>
<summary>Security update for java-1_8_0-ibm</summary>
</patchinfo>