Bugzilla – Bug 1128158
VUL-0: CVE-2018-1890: java-1_8_0-ibm,java-1_7_0-ibm: local privilege escalation via insecure RPATHs
Last modified: 2020-04-23 15:36:01 UTC
rh#1685725 IBM JDK 8 SR5 FP20 (8.0.5.30) fixes a flaw described by upstream as: IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. References: https://www-01.ibm.com/support/docview.wss?uid=ibm10873332 https://developer.ibm.com/javasdk/support/security-vulnerabilities/#IBM_Security_Update_March_2019 References: https://bugzilla.redhat.com/show_bug.cgi?id=1685725 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1890
for java-1_7_0-ibm should be affected: - SUSE:SLE-11-SP2:Update for java-1_8_0-ibm should be affected: - SUSE:SLE-12-SP1:Update - SUSE:SLE-15:Update
Also affected java-1_7_1-ibm: - SUSE_SLE-11-SP4_Update - SUSE_SLE-12_Update
Thanks Pedro, I missed that version.
Packages submitted: java-1_8_0-ibm.SUSE_SLE-15_Update sr#186372 java-1_8_0-ibm.SUSE_SLE-12-SP1_Update sr#186370 java-1_7_1-ibm.SUSE_SLE-12_Update sr#186375 java-1_7_1-ibm.SUSE_SLE-11-SP4_Update sr#186379 java-1_7_0-ibm.SUSE_SLE-11-SP2_Update sr#186383
SUSE-SU-2019:0585-1: An update that fixes four vulnerabilities is now available. Category: security (important) Bug References: 1122292,1122293,1122299,1128158 CVE References: CVE-2018-11212,CVE-2018-1890,CVE-2019-2422,CVE-2019-2449 Sources used: SUSE Linux Enterprise Module for Legacy Software 15 (src): java-1_8_0-ibm-1.8.0_sr5.30-3.16.2
SUSE-SU-2019:0617-1: An update that fixes four vulnerabilities is now available. Category: security (important) Bug References: 1122292,1122293,1122299,1128158 CVE References: CVE-2018-11212,CVE-2018-1890,CVE-2019-2422,CVE-2019-2449 Sources used: SUSE OpenStack Cloud 7 (src): java-1_8_0-ibm-1.8.0_sr5.30-30.46.1 SUSE Linux Enterprise Software Development Kit 12-SP4 (src): java-1_8_0-ibm-1.8.0_sr5.30-30.46.1 SUSE Linux Enterprise Software Development Kit 12-SP3 (src): java-1_8_0-ibm-1.8.0_sr5.30-30.46.1 SUSE Linux Enterprise Server for SAP 12-SP2 (src): java-1_8_0-ibm-1.8.0_sr5.30-30.46.1 SUSE Linux Enterprise Server for SAP 12-SP1 (src): java-1_8_0-ibm-1.8.0_sr5.30-30.46.1 SUSE Linux Enterprise Server 12-SP4 (src): java-1_8_0-ibm-1.8.0_sr5.30-30.46.1 SUSE Linux Enterprise Server 12-SP3 (src): java-1_8_0-ibm-1.8.0_sr5.30-30.46.1 SUSE Linux Enterprise Server 12-SP2-LTSS (src): java-1_8_0-ibm-1.8.0_sr5.30-30.46.1 SUSE Linux Enterprise Server 12-SP2-BCL (src): java-1_8_0-ibm-1.8.0_sr5.30-30.46.1 SUSE Linux Enterprise Server 12-SP1-LTSS (src): java-1_8_0-ibm-1.8.0_sr5.30-30.46.1 SUSE Enterprise Storage 4 (src): java-1_8_0-ibm-1.8.0_sr5.30-30.46.1
Done