File _patchinfo of Package patchinfo
<patchinfo incident="9429">
<issue tracker="bnc" id="1112147">VUL-0: CVE-2018-3180: java-1_7_0-openjdk, java-1_8_0-openjdk, java-11-openjdk: Unspecified vulnerability in subcomponent: JSSE</issue>
<issue tracker="bnc" id="1112146">VUL-0: CVE-2018-3169: java-1_7_0-openjdk, java-1_8_0-openjdk, java-11-openjdk: Unspecified vulnerability in subcomponent: Hotspot</issue>
<issue tracker="bnc" id="1112144">VUL-0: CVE-2018-3149: java-1_7_0-openjdk, java-1_8_0-openjdk, java-11-openjdk: Unspecified vulnerability in subcomponent: JNDI</issue>
<issue tracker="bnc" id="1112143">VUL-0: CVE-2018-3139: java-1_7_0-openjdk, java-1_8_0-openjdk, java-11-openjdk: Unspecified vulnerability in subcomponent: Networking</issue>
<issue tracker="bnc" id="1112142">VUL-0: CVE-2018-3136: java-1_7_0-openjdk, java-1_8_0-openjdk, java-11-openjdk: Unspecified vulnerability in subcomponent: Security</issue>
<issue tracker="bnc" id="1112152">VUL-0: CVE-2018-3214: java-1_7_0-openjdk, java-1_8_0-openjdk: Unspecified vulnerability in subcomponent: Sound</issue>
<issue tracker="bnc" id="1112153">VUL-0: CVE-2018-13785: java-1_7_0-openjdk, java-1_8_0-openjdk: Unspecified vulnerability in subcomponent: Deployment (libpng)</issue>
<issue tracker="bnc" id="1101645">VUL-0: CVE-2018-2940: java-1_7_0-openjdk, java-1_8_0-openjdk, java-10-openjdk: Unspecified vulnerability in subcomponent Libraries</issue>
<issue tracker="bnc" id="1101644">VUL-0: CVE-2018-2938: java-1_7_0-openjdk, java-1_8_0-openjdk: Unspecified vulnerability in subcomponent Java DB</issue>
<issue tracker="bnc" id="1101656">VUL-0: CVE-2018-2973: java-1_7_0-openjdk, java-1_8_0-openjdk, java-10-openjdk: Unspecified vulnerability in subcomponent JSSE</issue>
<issue tracker="bnc" id="1101651">VUL-0: CVE-2018-2952: java-1_7_0-openjdk, java-1_8_0-openjdk, java-10-openjdk: Unspecified vulnerability in subcomponent Concurrency</issue>
<issue tracker="cve" id="2018-2938"/>
<issue tracker="cve" id="2018-3214"/>
<issue tracker="cve" id="2018-2973"/>
<issue tracker="cve" id="2018-3169"/>
<issue tracker="cve" id="2018-3180"/>
<issue tracker="cve" id="2018-3639"/>
<issue tracker="cve" id="2018-13785"/>
<issue tracker="cve" id="2018-3149"/>
<issue tracker="cve" id="2018-3139"/>
<issue tracker="cve" id="2018-3136"/>
<issue tracker="cve" id="2018-2952"/>
<issue tracker="cve" id="2018-2940"/>
<issue tracker="cve" id="2018-16435"/>
<category>security</category>
<rating>important</rating>
<packager>fstrba</packager>
<description>This update for java-1_7_0-openjdk to version 7u201 fixes the following issues:
Security issues fixed:
- CVE-2018-3136: Manifest better support (bsc#1112142)
- CVE-2018-3139: Better HTTP Redirection (bsc#1112143)
- CVE-2018-3149: Enhance JNDI lookups (bsc#1112144)
- CVE-2018-3169: Improve field accesses (bsc#1112146)
- CVE-2018-3180: Improve TLS connections stability (bsc#1112147)
- CVE-2018-3214: Better RIFF reading support (bsc#1112152)
- CVE-2018-13785: Upgrade JDK 8u to libpng 1.6.35 (bsc#1112153)
- CVE-2018-16435: heap-based buffer overflow in SetData function in cmsIT8LoadFromFile
- CVE-2018-2938: Support Derby connections (bsc#1101644)
- CVE-2018-2940: Better stack walking (bsc#1101645)
- CVE-2018-2952: Exception to Pattern Syntax (bsc#1101651)
- CVE-2018-2973: Improve LDAP support (bsc#1101656)
- CVE-2018-3639 cpu speculative store bypass mitigation
This update was imported from the SUSE:SLE-12:Update update project.</description>
<summary>Security update for java-1_7_0-openjdk</summary>
<stopped>review sles text</stopped>
</patchinfo>