Overview

File _patchinfo of Package patchinfo.16170

<patchinfo incident="16170">
  <issue tracker="bnc" id="1174157">VUL-0: java-1_7_0-openjdk,java-1_8_0-openjdk,java-11-openjdk: Oracle July 2020 CPU</issue>
  <issue tracker="bnc" id="1175259">VUL-0: IBM Java August 2020 release</issue>
  <issue tracker="cve" id="2019-17639"/>
  <issue tracker="cve" id="2020-14556"/>
  <issue tracker="cve" id="2020-14577"/>
  <issue tracker="cve" id="2020-14578"/>
  <issue tracker="cve" id="2020-14579"/>
  <issue tracker="cve" id="2020-14581"/>
  <issue tracker="cve" id="2020-14583"/>
  <issue tracker="cve" id="2020-14593"/>
  <issue tracker="cve" id="2020-14621"/>
  <packager>pmonrealgonzalez</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for java-1_8_0-ibm</summary>
  <description>This update for java-1_8_0-ibm fixes the following issues:

- Update to Java 8.0 Service Refresh 6 Fix Pack 15 [bsc#1175259, bsc#1174157]
  CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14581
  CVE-2020-14556 CVE-2020-14621 CVE-2020-14593 CVE-2020-14583
  CVE-2019-17639
  * Class Libraries:
    - JAVA.UTIL.ZIP.DEFLATER OPERATIONS THROW JAVA.LANG.INTERNALERROR
    - JAVA 8 DECODER OBJECTS CONSUME A LARGE AMOUNT OF JAVA HEAP
    - TRANSLATION MESSAGES UPDATE FOR JCL
    - UPDATE TIMEZONE INFORMATION TO TZDATA2020A
  * Java Virtual Machine:
    - IBM JAVA REGISTERS A HANDLER BY DEFAULT FOR SIGABRT
    - LARGE MEMORY FOOTPRINT HELD BY TRACECONTEXT OBJECT
  * JIT Compiler:
    - CRASH IN THE INTERPRETER AFTER OSR FROM INLINED SYNCHRONIZED METHOD
      IN DEBUGGING MODE
    - INTERMITTENT ASSERTION FAILURE REPORTED
    - CRASH IN RESOLVECLASSREF() DURING AOT LOAD
    - JIT CRASH DURING CLASS UNLOADING IN J9METHOD_HT::ONCLASSUNLOADING()
    - SEGMENTATION FAULT WHILE COMPILING A METHOD
    - UNEXPECTED CLASSCASTEXCEPTION THROWN IN HIGH LEVEL PARALLEL
      APPLICATION ON IBM Z PLATFORM
  * Security:
    - CERTIFICATEEXCEPTION OCCURS WHEN FILE.ENCODING PROPERTY SET TO
      NON DEFAULT VALUE
    - CHANGES TO IBMJCE AND IBMJCEPLUS PROVIDERS
    - IBMJCEPLUS FAILS, WHEN THE SECURITY MANAGER IS ENABLED, WITH
      DEFAULT PERMISSIONS, SPECIFIED IN JAVA.POLICY FILE
    - IN CERTAIN INSTANCES, IBMJCEPLUS PROVIDER THROWS EXCEPTION FROM
      KEYFACTORY CLASS
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places