First Last Prev Next    This bug is not in your last search results.
Bug 1132728 - (CVE-2019-2602) VUL-0: CVE-2019-2602: java-1_7_0-openjdk,java-1_8_0-openjdk,java-11-openjdk: flaw inside BigDecimal implementation (Component: Libraries)
(CVE-2019-2602)
VUL-0: CVE-2019-2602: java-1_7_0-openjdk,java-1_8_0-openjdk,java-11-openjdk: ...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-04-17 08:18 UTC by Alexander Bergmann
Modified: 2019-10-07 11:50 UTC (History)
0 users

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2019-04-17 08:18:30 UTC 
A flaw was found in the BigDecimal implementation in the Libraries component of OpenJDK.  An untrusted numeric value parsed by a Java application could the application to use an excessive amount of CPU time.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1665945
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html#AppendixJAVA
Comment 2 Swamp Workflow Management 2019-04-26 16:12:17 UTC 
SUSE-SU-2019:1052-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1132728,1132732
CVE References: CVE-2019-2602,CVE-2019-2684
Sources used:
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    java-11-openjdk-11.0.3.0-3.21.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 5 Swamp Workflow Management 2019-05-04 13:08:46 UTC 
openSUSE-SU-2019:1327-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1132728,1132732
CVE References: CVE-2019-2602,CVE-2019-2684
Sources used:
openSUSE Leap 15.0 (src):    java-11-openjdk-11.0.3.0-lp150.2.16.1
Comment 6 Swamp Workflow Management 2019-05-10 19:13:15 UTC 
SUSE-SU-2019:1211-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 1132728,1132729,1132732,1133135
CVE References: CVE-2018-3639,CVE-2019-2602,CVE-2019-2684,CVE-2019-2698
Sources used:
SUSE Linux Enterprise Module for Packagehub Subpackages 15 (src):    java-1_8_0-openjdk-1.8.0.212-3.19.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    java-1_8_0-openjdk-1.8.0.212-3.19.1
SUSE Linux Enterprise Module for Legacy Software 15 (src):    java-1_8_0-openjdk-1.8.0.212-3.19.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 7 Swamp Workflow Management 2019-05-13 16:13:12 UTC 
SUSE-SU-2019:1219-1: An update that fixes 7 vulnerabilities is now available.

Category: security (important)
Bug References: 1122293,1122299,1132728,1132729,1132732,1133135
CVE References: CVE-2018-11212,CVE-2018-3639,CVE-2019-2422,CVE-2019-2426,CVE-2019-2602,CVE-2019-2684,CVE-2019-2698
Sources used:
SUSE OpenStack Cloud 7 (src):    java-1_8_0-openjdk-1.8.0.212-27.32.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    java-1_8_0-openjdk-1.8.0.212-27.32.1
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    java-1_8_0-openjdk-1.8.0.212-27.32.1
SUSE Linux Enterprise Server 12-SP4 (src):    java-1_8_0-openjdk-1.8.0.212-27.32.1
SUSE Linux Enterprise Server 12-SP3 (src):    java-1_8_0-openjdk-1.8.0.212-27.32.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    java-1_8_0-openjdk-1.8.0.212-27.32.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    java-1_8_0-openjdk-1.8.0.212-27.32.1
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    java-1_8_0-openjdk-1.8.0.212-27.32.1
SUSE Linux Enterprise Desktop 12-SP4 (src):    java-1_8_0-openjdk-1.8.0.212-27.32.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    java-1_8_0-openjdk-1.8.0.212-27.32.1
SUSE Enterprise Storage 4 (src):    java-1_8_0-openjdk-1.8.0.212-27.32.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 8 Swamp Workflow Management 2019-05-22 01:11:36 UTC 
SUSE-SU-2019:14059-1: An update that fixes 5 vulnerabilities is now available.

Category: security (important)
Bug References: 1132728,1132729,1132732,1132734,1134718
CVE References: CVE-2019-10245,CVE-2019-2602,CVE-2019-2684,CVE-2019-2697,CVE-2019-2698
Sources used:
SUSE Linux Enterprise Server 11-SP4-LTSS (src):    java-1_7_1-ibm-1.7.1_sr4.45-26.40.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 9 Swamp Workflow Management 2019-05-22 01:12:41 UTC 
SUSE-SU-2019:1308-1: An update that fixes 5 vulnerabilities is now available.

Category: security (important)
Bug References: 1132728,1132729,1132732,1132734,1134718
CVE References: CVE-2019-10245,CVE-2019-2602,CVE-2019-2684,CVE-2019-2697,CVE-2019-2698
Sources used:
SUSE Linux Enterprise Module for Legacy Software 15 (src):    java-1_8_0-ibm-1.8.0_sr5.35-3.20.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 10 Swamp Workflow Management 2019-05-23 13:09:46 UTC 
openSUSE-SU-2019:1438-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 1132728,1132729,1132732,1133135
CVE References: CVE-2018-3639,CVE-2019-2602,CVE-2019-2684,CVE-2019-2698
Sources used:
openSUSE Leap 15.0 (src):    java-1_8_0-openjdk-1.8.0.212-lp150.2.16.1
Comment 11 Swamp Workflow Management 2019-05-23 13:12:05 UTC 
openSUSE-SU-2019:1439-1: An update that fixes 7 vulnerabilities is now available.

Category: security (important)
Bug References: 1122293,1122299,1132728,1132729,1132732,1133135
CVE References: CVE-2018-11212,CVE-2018-3639,CVE-2019-2422,CVE-2019-2426,CVE-2019-2602,CVE-2019-2684,CVE-2019-2698
Sources used:
openSUSE Leap 42.3 (src):    java-1_8_0-openjdk-1.8.0.212-34.1
Comment 12 Swamp Workflow Management 2019-05-31 13:26:22 UTC 
SUSE-SU-2019:1392-1: An update that fixes 6 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1122293,1122299,1132728,1132729,1132732,1134297
CVE References: CVE-2018-11212,CVE-2019-2422,CVE-2019-2426,CVE-2019-2602,CVE-2019-2684,CVE-2019-2698
Sources used:
SUSE OpenStack Cloud 7 (src):    java-1_7_0-openjdk-1.7.0.221-43.22.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    java-1_7_0-openjdk-1.7.0.221-43.22.1
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    java-1_7_0-openjdk-1.7.0.221-43.22.1
SUSE Linux Enterprise Server 12-SP4 (src):    java-1_7_0-openjdk-1.7.0.221-43.22.1
SUSE Linux Enterprise Server 12-SP3 (src):    java-1_7_0-openjdk-1.7.0.221-43.22.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    java-1_7_0-openjdk-1.7.0.221-43.22.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    java-1_7_0-openjdk-1.7.0.221-43.22.1
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    java-1_7_0-openjdk-1.7.0.221-43.22.1
SUSE Linux Enterprise Server 12-LTSS (src):    java-1_7_0-openjdk-1.7.0.221-43.22.1
SUSE Linux Enterprise Desktop 12-SP4 (src):    java-1_7_0-openjdk-1.7.0.221-43.22.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    java-1_7_0-openjdk-1.7.0.221-43.22.1
SUSE Enterprise Storage 4 (src):    java-1_7_0-openjdk-1.7.0.221-43.22.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 13 Swamp Workflow Management 2019-06-03 13:17:29 UTC 
openSUSE-SU-2019:1500-1: An update that fixes 6 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1122293,1122299,1132728,1132729,1132732,1134297
CVE References: CVE-2018-11212,CVE-2019-2422,CVE-2019-2426,CVE-2019-2602,CVE-2019-2684,CVE-2019-2698
Sources used:
openSUSE Leap 42.3 (src):    java-1_7_0-openjdk-1.7.0.221-57.1, java-1_7_0-openjdk-bootstrap-1.7.0.221-57.1
Comment 14 Swamp Workflow Management 2019-06-21 19:12:16 UTC 
SUSE-SU-2019:1644-1: An update that fixes 5 vulnerabilities is now available.

Category: security (important)
Bug References: 1132728,1132729,1132732,1132734,1134718
CVE References: CVE-2019-10245,CVE-2019-2602,CVE-2019-2684,CVE-2019-2697,CVE-2019-2698
Sources used:
SUSE OpenStack Cloud 7 (src):    java-1_8_0-ibm-1.8.0_sr5.35-30.50.1
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    java-1_8_0-ibm-1.8.0_sr5.35-30.50.1
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    java-1_8_0-ibm-1.8.0_sr5.35-30.50.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    java-1_8_0-ibm-1.8.0_sr5.35-30.50.1
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    java-1_8_0-ibm-1.8.0_sr5.35-30.50.1
SUSE Linux Enterprise Server 12-SP4 (src):    java-1_8_0-ibm-1.8.0_sr5.35-30.50.1
SUSE Linux Enterprise Server 12-SP3 (src):    java-1_8_0-ibm-1.8.0_sr5.35-30.50.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    java-1_8_0-ibm-1.8.0_sr5.35-30.50.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    java-1_8_0-ibm-1.8.0_sr5.35-30.50.1
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    java-1_8_0-ibm-1.8.0_sr5.35-30.50.1
SUSE Enterprise Storage 4 (src):    java-1_8_0-ibm-1.8.0_sr5.35-30.50.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 15 Swamp Workflow Management 2019-06-27 13:12:23 UTC 
SUSE-SU-2019:1308-2: An update that fixes 5 vulnerabilities is now available.

Category: security (important)
Bug References: 1132728,1132729,1132732,1132734,1134718
CVE References: CVE-2019-10245,CVE-2019-2602,CVE-2019-2684,CVE-2019-2697,CVE-2019-2698
Sources used:
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    java-1_8_0-ibm-1.8.0_sr5.35-3.20.1
SUSE Linux Enterprise Module for Legacy Software 15-SP1 (src):    java-1_8_0-ibm-1.8.0_sr5.35-3.20.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 16 Swamp Workflow Management 2019-07-01 16:11:50 UTC 
SUSE-SU-2019:1211-2: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 1132728,1132729,1132732,1133135
CVE References: CVE-2018-3639,CVE-2019-2602,CVE-2019-2684,CVE-2019-2698
Sources used:
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    java-1_8_0-openjdk-1.8.0.212-3.19.1
SUSE Linux Enterprise Module for Legacy Software 15-SP1 (src):    java-1_8_0-openjdk-1.8.0.212-3.19.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 18 Fridrich Strba 2019-10-07 09:59:18 UTC 
Has been released
Comment 19 Marcus Meissner 2019-10-07 11:50:38 UTC 
released
First Last Prev Next    This bug is not in your last search results.