Bug 1162972 - VUL-0: java-1_7_0-ibm, java-1_7_1-ibm, java-1_8_0-ibm: IBM Security Update January 2020
VUL-0: java-1_7_0-ibm, java-1_7_1-ibm, java-1_8_0-ibm: IBM Security Update Ja...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
All SLES 15
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/252535/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2020-02-06 11:13 UTC by Pedro Monreal Gonzalez
Modified: 2020-05-12 18:48 UTC (History)
5 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Pedro Monreal Gonzalez 2020-02-06 11:13:33 UTC
* 8.0 Service Refresh 6 Fix Pack 5, java-1_8_0-ibm:
  https://developer.ibm.com/javasdk/support/fixes/sdk8/#SR6FP5

  CVE-2020-2659 CVE-2020-2604 CVE-2020-2593 CVE-2020-2583 CVE-2019-4732

* 7.1 Service Refresh 4 Fix Pack 60, java-1_7_1-ibm:
  https://developer.ibm.com/javasdk/support/fixes/sdk7r1/#SR4FP60

  CVE-2020-2659 CVE-2020-2604 CVE-2020-2593 CVE-2020-2583


* 7.0 Service Refresh 10 Fix Pack 50, java-1_7_0-ibm:
  https://developer.ibm.com/javasdk/support/fixes/sdk7/#SR10FP60

  CVE-2020-2659 CVE-2020-2604 CVE-2020-2593 CVE-2020-2583
Comment 2 Pedro Monreal Gonzalez 2020-02-07 13:39:08 UTC
(In reply to Pedro Monreal Gonzalez from comment #0)
> * 7.0 Service Refresh 10 Fix Pack 50, java-1_7_0-ibm:

This should be ... Fix Pack 60.
Comment 5 Swamp Workflow Management 2020-02-20 14:12:30 UTC
SUSE-SU-2020:14286-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 1160968,1162972
CVE References: CVE-2020-2583,CVE-2020-2593,CVE-2020-2604,CVE-2020-2659
Sources used:
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    java-1_7_0-ibm-1.7.0_sr10.60-65.48.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 6 Swamp Workflow Management 2020-02-21 17:12:24 UTC
SUSE-SU-2020:14287-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 1160968,1162972
CVE References: CVE-2020-2583,CVE-2020-2593,CVE-2020-2604,CVE-2020-2659
Sources used:
SUSE Linux Enterprise Server 11-SP4-LTSS (src):    java-1_7_1-ibm-1.7.1_sr4.60-26.50.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 7 Swamp Workflow Management 2020-02-25 14:15:07 UTC
SUSE-SU-2020:0466-1: An update that fixes 5 vulnerabilities is now available.

Category: security (important)
Bug References: 1160968,1162972
CVE References: CVE-2019-4732,CVE-2020-2583,CVE-2020-2593,CVE-2020-2604,CVE-2020-2659
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    java-1_8_0-ibm-1.8.0_sr6.5-3.33.2
SUSE Linux Enterprise Server 15-LTSS (src):    java-1_8_0-ibm-1.8.0_sr6.5-3.33.2
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    java-1_8_0-ibm-1.8.0_sr6.5-3.33.2
SUSE Linux Enterprise Module for Legacy Software 15-SP1 (src):    java-1_8_0-ibm-1.8.0_sr6.5-3.33.2
SUSE Linux Enterprise Module for Legacy Software 15 (src):    java-1_8_0-ibm-1.8.0_sr6.5-3.33.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 8 Swamp Workflow Management 2020-02-25 14:23:36 UTC
SUSE-SU-2020:0456-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 1160968,1162972
CVE References: CVE-2020-2583,CVE-2020-2593,CVE-2020-2604,CVE-2020-2659
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    java-1_7_1-ibm-1.7.1_sr4.60-38.47.1
SUSE OpenStack Cloud 8 (src):    java-1_7_1-ibm-1.7.1_sr4.60-38.47.1
SUSE OpenStack Cloud 7 (src):    java-1_7_1-ibm-1.7.1_sr4.60-38.47.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    java-1_7_1-ibm-1.7.1_sr4.60-38.47.1
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    java-1_7_1-ibm-1.7.1_sr4.60-38.47.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    java-1_7_1-ibm-1.7.1_sr4.60-38.47.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    java-1_7_1-ibm-1.7.1_sr4.60-38.47.1
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    java-1_7_1-ibm-1.7.1_sr4.60-38.47.1
SUSE Linux Enterprise Server 12-SP5 (src):    java-1_7_1-ibm-1.7.1_sr4.60-38.47.1
SUSE Linux Enterprise Server 12-SP4 (src):    java-1_7_1-ibm-1.7.1_sr4.60-38.47.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    java-1_7_1-ibm-1.7.1_sr4.60-38.47.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    java-1_7_1-ibm-1.7.1_sr4.60-38.47.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    java-1_7_1-ibm-1.7.1_sr4.60-38.47.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    java-1_7_1-ibm-1.7.1_sr4.60-38.47.1
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    java-1_7_1-ibm-1.7.1_sr4.60-38.47.1
SUSE Enterprise Storage 5 (src):    java-1_7_1-ibm-1.7.1_sr4.60-38.47.1
HPE Helion Openstack 8 (src):    java-1_7_1-ibm-1.7.1_sr4.60-38.47.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 9 Swamp Workflow Management 2020-02-28 14:38:28 UTC
SUSE-SU-2020:0528-1: An update that fixes 5 vulnerabilities is now available.

Category: security (important)
Bug References: 1160968,1162972
CVE References: CVE-2019-4732,CVE-2020-2583,CVE-2020-2593,CVE-2020-2604,CVE-2020-2659
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    java-1_8_0-ibm-1.8.0_sr6.5-30.63.1
SUSE OpenStack Cloud 8 (src):    java-1_8_0-ibm-1.8.0_sr6.5-30.63.1
SUSE OpenStack Cloud 7 (src):    java-1_8_0-ibm-1.8.0_sr6.5-30.63.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    java-1_8_0-ibm-1.8.0_sr6.5-30.63.1
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    java-1_8_0-ibm-1.8.0_sr6.5-30.63.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    java-1_8_0-ibm-1.8.0_sr6.5-30.63.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    java-1_8_0-ibm-1.8.0_sr6.5-30.63.1
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    java-1_8_0-ibm-1.8.0_sr6.5-30.63.1
SUSE Linux Enterprise Server 12-SP5 (src):    java-1_8_0-ibm-1.8.0_sr6.5-30.63.1
SUSE Linux Enterprise Server 12-SP4 (src):    java-1_8_0-ibm-1.8.0_sr6.5-30.63.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    java-1_8_0-ibm-1.8.0_sr6.5-30.63.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    java-1_8_0-ibm-1.8.0_sr6.5-30.63.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    java-1_8_0-ibm-1.8.0_sr6.5-30.63.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    java-1_8_0-ibm-1.8.0_sr6.5-30.63.1
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    java-1_8_0-ibm-1.8.0_sr6.5-30.63.1
SUSE Enterprise Storage 5 (src):    java-1_8_0-ibm-1.8.0_sr6.5-30.63.1
HPE Helion Openstack 8 (src):    java-1_8_0-ibm-1.8.0_sr6.5-30.63.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 10 Alexandros Toptsoglou 2020-04-29 13:48:13 UTC
Done