Bugzilla – Bug 1122293
VUL-0: CVE-2019-2422: java-1_7_0-openjdk,java-1_8_0-openjdk,java-11-openjdk: memory disclosure in FileChannelImpl
Last modified: 2019-06-08 16:18:00 UTC
A memory disclosure flaw was found in the FileChannelImpl class in the Libraries component of OpenJDK. An untrusted Java application or applet could use this flaw leak limited amount of Java Virtual Machine memory possibly containing sensitive information, resulting in a partial bypass of Java sandbox restrictions. References: https://bugzilla.redhat.com/show_bug.cgi?id=1665945 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2422 http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#CVE-2019-2422
SUSE-SU-2019:0221-1: An update that fixes three vulnerabilities is now available. Category: security (important) Bug References: 1120431,1122293,1122299 CVE References: CVE-2018-11212,CVE-2019-2422,CVE-2019-2426 Sources used: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src): java-11-openjdk-11.0.2.0-3.18.1
openSUSE-SU-2019:0161-1: An update that fixes three vulnerabilities is now available. Category: security (important) Bug References: 1120431,1122293,1122299 CVE References: CVE-2018-11212,CVE-2019-2422,CVE-2019-2426 Sources used: openSUSE Leap 15.0 (src): java-11-openjdk-11.0.2.0-lp150.2.12.1
SUSE-SU-2019:0585-1: An update that fixes four vulnerabilities is now available. Category: security (important) Bug References: 1122292,1122293,1122299,1128158 CVE References: CVE-2018-11212,CVE-2018-1890,CVE-2019-2422,CVE-2019-2449 Sources used: SUSE Linux Enterprise Module for Legacy Software 15 (src): java-1_8_0-ibm-1.8.0_sr5.30-3.16.2
SUSE-SU-2019:13975-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 1122293,1122299 CVE References: CVE-2018-11212,CVE-2019-2422 Sources used: SUSE Linux Enterprise Point of Sale 11-SP3 (src): java-1_7_0-ibm-1.7.0_sr10.40-65.35.1
SUSE-SU-2019:0604-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 1122293,1122299 CVE References: CVE-2018-11212,CVE-2019-2422 Sources used: SUSE OpenStack Cloud 7 (src): java-1_7_1-ibm-1.7.1_sr4.40-38.34.1 SUSE Linux Enterprise Software Development Kit 12-SP4 (src): java-1_7_1-ibm-1.7.1_sr4.40-38.34.1 SUSE Linux Enterprise Software Development Kit 12-SP3 (src): java-1_7_1-ibm-1.7.1_sr4.40-38.34.1 SUSE Linux Enterprise Server for SAP 12-SP2 (src): java-1_7_1-ibm-1.7.1_sr4.40-38.34.1 SUSE Linux Enterprise Server for SAP 12-SP1 (src): java-1_7_1-ibm-1.7.1_sr4.40-38.34.1 SUSE Linux Enterprise Server 12-SP4 (src): java-1_7_1-ibm-1.7.1_sr4.40-38.34.1 SUSE Linux Enterprise Server 12-SP3 (src): java-1_7_1-ibm-1.7.1_sr4.40-38.34.1 SUSE Linux Enterprise Server 12-SP2-LTSS (src): java-1_7_1-ibm-1.7.1_sr4.40-38.34.1 SUSE Linux Enterprise Server 12-SP2-BCL (src): java-1_7_1-ibm-1.7.1_sr4.40-38.34.1 SUSE Linux Enterprise Server 12-SP1-LTSS (src): java-1_7_1-ibm-1.7.1_sr4.40-38.34.1 SUSE Linux Enterprise Server 12-LTSS (src): java-1_7_1-ibm-1.7.1_sr4.40-38.34.1 SUSE Enterprise Storage 4 (src): java-1_7_1-ibm-1.7.1_sr4.40-38.34.1
SUSE-SU-2019:13978-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 1122293,1122299 CVE References: CVE-2018-11212,CVE-2019-2422 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP4 (src): java-1_7_1-ibm-1.7.1_sr4.40-26.36.1 SUSE Linux Enterprise Server 11-SP4 (src): java-1_7_1-ibm-1.7.1_sr4.40-26.36.1
SUSE-SU-2019:0617-1: An update that fixes four vulnerabilities is now available. Category: security (important) Bug References: 1122292,1122293,1122299,1128158 CVE References: CVE-2018-11212,CVE-2018-1890,CVE-2019-2422,CVE-2019-2449 Sources used: SUSE OpenStack Cloud 7 (src): java-1_8_0-ibm-1.8.0_sr5.30-30.46.1 SUSE Linux Enterprise Software Development Kit 12-SP4 (src): java-1_8_0-ibm-1.8.0_sr5.30-30.46.1 SUSE Linux Enterprise Software Development Kit 12-SP3 (src): java-1_8_0-ibm-1.8.0_sr5.30-30.46.1 SUSE Linux Enterprise Server for SAP 12-SP2 (src): java-1_8_0-ibm-1.8.0_sr5.30-30.46.1 SUSE Linux Enterprise Server for SAP 12-SP1 (src): java-1_8_0-ibm-1.8.0_sr5.30-30.46.1 SUSE Linux Enterprise Server 12-SP4 (src): java-1_8_0-ibm-1.8.0_sr5.30-30.46.1 SUSE Linux Enterprise Server 12-SP3 (src): java-1_8_0-ibm-1.8.0_sr5.30-30.46.1 SUSE Linux Enterprise Server 12-SP2-LTSS (src): java-1_8_0-ibm-1.8.0_sr5.30-30.46.1 SUSE Linux Enterprise Server 12-SP2-BCL (src): java-1_8_0-ibm-1.8.0_sr5.30-30.46.1 SUSE Linux Enterprise Server 12-SP1-LTSS (src): java-1_8_0-ibm-1.8.0_sr5.30-30.46.1 SUSE Enterprise Storage 4 (src): java-1_8_0-ibm-1.8.0_sr5.30-30.46.1
openSUSE-SU-2019:0346-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 1122293,1122299 CVE References: CVE-2018-11212,CVE-2019-2422 Sources used: openSUSE Leap 15.0 (src): java-1_8_0-openjdk-1.8.0.201-lp150.2.12.1
SUSE-SU-2019:1219-1: An update that fixes 7 vulnerabilities is now available. Category: security (important) Bug References: 1122293,1122299,1132728,1132729,1132732,1133135 CVE References: CVE-2018-11212,CVE-2018-3639,CVE-2019-2422,CVE-2019-2426,CVE-2019-2602,CVE-2019-2684,CVE-2019-2698 Sources used: SUSE OpenStack Cloud 7 (src): java-1_8_0-openjdk-1.8.0.212-27.32.1 SUSE Linux Enterprise Server for SAP 12-SP2 (src): java-1_8_0-openjdk-1.8.0.212-27.32.1 SUSE Linux Enterprise Server for SAP 12-SP1 (src): java-1_8_0-openjdk-1.8.0.212-27.32.1 SUSE Linux Enterprise Server 12-SP4 (src): java-1_8_0-openjdk-1.8.0.212-27.32.1 SUSE Linux Enterprise Server 12-SP3 (src): java-1_8_0-openjdk-1.8.0.212-27.32.1 SUSE Linux Enterprise Server 12-SP2-LTSS (src): java-1_8_0-openjdk-1.8.0.212-27.32.1 SUSE Linux Enterprise Server 12-SP2-BCL (src): java-1_8_0-openjdk-1.8.0.212-27.32.1 SUSE Linux Enterprise Server 12-SP1-LTSS (src): java-1_8_0-openjdk-1.8.0.212-27.32.1 SUSE Linux Enterprise Desktop 12-SP4 (src): java-1_8_0-openjdk-1.8.0.212-27.32.1 SUSE Linux Enterprise Desktop 12-SP3 (src): java-1_8_0-openjdk-1.8.0.212-27.32.1 SUSE Enterprise Storage 4 (src): java-1_8_0-openjdk-1.8.0.212-27.32.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2019:1439-1: An update that fixes 7 vulnerabilities is now available. Category: security (important) Bug References: 1122293,1122299,1132728,1132729,1132732,1133135 CVE References: CVE-2018-11212,CVE-2018-3639,CVE-2019-2422,CVE-2019-2426,CVE-2019-2602,CVE-2019-2684,CVE-2019-2698 Sources used: openSUSE Leap 42.3 (src): java-1_8_0-openjdk-1.8.0.212-34.1
SUSE-SU-2019:1392-1: An update that fixes 6 vulnerabilities is now available. Category: security (moderate) Bug References: 1122293,1122299,1132728,1132729,1132732,1134297 CVE References: CVE-2018-11212,CVE-2019-2422,CVE-2019-2426,CVE-2019-2602,CVE-2019-2684,CVE-2019-2698 Sources used: SUSE OpenStack Cloud 7 (src): java-1_7_0-openjdk-1.7.0.221-43.22.1 SUSE Linux Enterprise Server for SAP 12-SP2 (src): java-1_7_0-openjdk-1.7.0.221-43.22.1 SUSE Linux Enterprise Server for SAP 12-SP1 (src): java-1_7_0-openjdk-1.7.0.221-43.22.1 SUSE Linux Enterprise Server 12-SP4 (src): java-1_7_0-openjdk-1.7.0.221-43.22.1 SUSE Linux Enterprise Server 12-SP3 (src): java-1_7_0-openjdk-1.7.0.221-43.22.1 SUSE Linux Enterprise Server 12-SP2-LTSS (src): java-1_7_0-openjdk-1.7.0.221-43.22.1 SUSE Linux Enterprise Server 12-SP2-BCL (src): java-1_7_0-openjdk-1.7.0.221-43.22.1 SUSE Linux Enterprise Server 12-SP1-LTSS (src): java-1_7_0-openjdk-1.7.0.221-43.22.1 SUSE Linux Enterprise Server 12-LTSS (src): java-1_7_0-openjdk-1.7.0.221-43.22.1 SUSE Linux Enterprise Desktop 12-SP4 (src): java-1_7_0-openjdk-1.7.0.221-43.22.1 SUSE Linux Enterprise Desktop 12-SP3 (src): java-1_7_0-openjdk-1.7.0.221-43.22.1 SUSE Enterprise Storage 4 (src): java-1_7_0-openjdk-1.7.0.221-43.22.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2019:1500-1: An update that fixes 6 vulnerabilities is now available. Category: security (moderate) Bug References: 1122293,1122299,1132728,1132729,1132732,1134297 CVE References: CVE-2018-11212,CVE-2019-2422,CVE-2019-2426,CVE-2019-2602,CVE-2019-2684,CVE-2019-2698 Sources used: openSUSE Leap 42.3 (src): java-1_7_0-openjdk-1.7.0.221-57.1, java-1_7_0-openjdk-bootstrap-1.7.0.221-57.1
released