Security update for java-1_8_0-openjdk SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2021:1989-1 Final 1 1 2021-06-17T07:51:59Z current 2021-06-17T07:51:59Z 2021-06-17T07:51:59Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for java-1_8_0-openjdk This update for java-1_8_0-openjdk fixes the following issues: - Update to version jdk8u292 (icedtea 3.19.0). - CVE-2021-2161: Fixed incomplete enforcement of JAR signing disabled algorithms (bsc#1185055). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Container containers/apache-tomcat:9-openjdk8-2021-1989,Image tomcat_15_6-2021-1989,SUSE-2021-1989,SUSE-SLE-Module-Legacy-15-SP2-2021-1989,SUSE-SLE-Module-Legacy-15-SP3-2021-1989,SUSE-SLE-Product-SLES-15-2021-1989,SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1989,SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1989,SUSE-SLE-Product-SLES_SAP-15-2021-1989,SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1989,SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1989,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1989,SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1989,SUSE-Storage-6-2021-1989 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2021/suse-su-20211989-1/ Link for SUSE-SU-2021:1989-1 https://lists.suse.com/pipermail/sle-security-updates/2021-June/009025.html E-Mail link for SUSE-SU-2021:1989-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1185055 SUSE Bug 1185055 https://www.suse.com/security/cve/CVE-2021-2163/ SUSE CVE CVE-2021-2163 page Container containers/apache-tomcat:9-openjdk8 Image tomcat_15_6 SUSE Enterprise Storage 6 SUSE Linux Enterprise Module for Legacy 15 SP2 SUSE Linux Enterprise Module for Legacy 15 SP3 SUSE Linux Enterprise Server 15 SP1-BCL SUSE Linux Enterprise Server 15 SP1-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15 SP1 SUSE Manager Proxy 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Server 4.0 java-1_8_0-openjdk-1.8.0.292-3.52.1 java-1_8_0-openjdk-headless-1.8.0.292-3.52.1 java-1_8_0-openjdk-accessibility-1.8.0.292-3.52.1 java-1_8_0-openjdk-demo-1.8.0.292-3.52.1 java-1_8_0-openjdk-devel-1.8.0.292-3.52.1 java-1_8_0-openjdk-javadoc-1.8.0.292-3.52.1 java-1_8_0-openjdk-src-1.8.0.292-3.52.1 java-1_8_0-openjdk-1.8.0.292-3.52.1 as a component of Container containers/apache-tomcat:9-openjdk8 java-1_8_0-openjdk-headless-1.8.0.292-3.52.1 as a component of Container containers/apache-tomcat:9-openjdk8 java-1_8_0-openjdk-1.8.0.292-3.52.1 as a component of Image tomcat_15_6 java-1_8_0-openjdk-headless-1.8.0.292-3.52.1 as a component of Image tomcat_15_6 java-1_8_0-openjdk-1.8.0.292-3.52.1 as a component of SUSE Enterprise Storage 6 java-1_8_0-openjdk-demo-1.8.0.292-3.52.1 as a component of SUSE Enterprise Storage 6 java-1_8_0-openjdk-devel-1.8.0.292-3.52.1 as a component of SUSE Enterprise Storage 6 java-1_8_0-openjdk-headless-1.8.0.292-3.52.1 as a component of SUSE Enterprise Storage 6 java-1_8_0-openjdk-1.8.0.292-3.52.1 as a component of SUSE Linux Enterprise Module for Legacy 15 SP2 java-1_8_0-openjdk-demo-1.8.0.292-3.52.1 as a component of SUSE Linux Enterprise Module for Legacy 15 SP2 java-1_8_0-openjdk-devel-1.8.0.292-3.52.1 as a component of SUSE Linux Enterprise Module for Legacy 15 SP2 java-1_8_0-openjdk-headless-1.8.0.292-3.52.1 as a component of SUSE Linux Enterprise Module for Legacy 15 SP2 java-1_8_0-openjdk-1.8.0.292-3.52.1 as a component of SUSE Linux Enterprise Module for Legacy 15 SP3 java-1_8_0-openjdk-demo-1.8.0.292-3.52.1 as a component of SUSE Linux Enterprise Module for Legacy 15 SP3 java-1_8_0-openjdk-devel-1.8.0.292-3.52.1 as a component of SUSE Linux Enterprise Module for Legacy 15 SP3 java-1_8_0-openjdk-headless-1.8.0.292-3.52.1 as a component of SUSE Linux Enterprise Module for Legacy 15 SP3 java-1_8_0-openjdk-1.8.0.292-3.52.1 as a component of SUSE Linux Enterprise Server 15 SP1-BCL java-1_8_0-openjdk-demo-1.8.0.292-3.52.1 as a component of SUSE Linux Enterprise Server 15 SP1-BCL java-1_8_0-openjdk-devel-1.8.0.292-3.52.1 as a component of SUSE Linux Enterprise Server 15 SP1-BCL java-1_8_0-openjdk-headless-1.8.0.292-3.52.1 as a component of SUSE Linux Enterprise Server 15 SP1-BCL java-1_8_0-openjdk-1.8.0.292-3.52.1 as a component of SUSE Linux Enterprise Server 15 SP1-LTSS java-1_8_0-openjdk-demo-1.8.0.292-3.52.1 as a component of SUSE Linux Enterprise Server 15 SP1-LTSS java-1_8_0-openjdk-devel-1.8.0.292-3.52.1 as a component of SUSE Linux Enterprise Server 15 SP1-LTSS java-1_8_0-openjdk-headless-1.8.0.292-3.52.1 as a component of SUSE Linux Enterprise Server 15 SP1-LTSS java-1_8_0-openjdk-1.8.0.292-3.52.1 as a component of SUSE Linux Enterprise Server 15-LTSS java-1_8_0-openjdk-demo-1.8.0.292-3.52.1 as a component of SUSE Linux Enterprise Server 15-LTSS java-1_8_0-openjdk-devel-1.8.0.292-3.52.1 as a component of SUSE Linux Enterprise Server 15-LTSS java-1_8_0-openjdk-headless-1.8.0.292-3.52.1 as a component of SUSE Linux Enterprise Server 15-LTSS java-1_8_0-openjdk-1.8.0.292-3.52.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 java-1_8_0-openjdk-demo-1.8.0.292-3.52.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 java-1_8_0-openjdk-devel-1.8.0.292-3.52.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 java-1_8_0-openjdk-headless-1.8.0.292-3.52.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 java-1_8_0-openjdk-1.8.0.292-3.52.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP1 java-1_8_0-openjdk-demo-1.8.0.292-3.52.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP1 java-1_8_0-openjdk-devel-1.8.0.292-3.52.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP1 java-1_8_0-openjdk-headless-1.8.0.292-3.52.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP1 java-1_8_0-openjdk-1.8.0.292-3.52.1 as a component of SUSE Manager Proxy 4.0 java-1_8_0-openjdk-demo-1.8.0.292-3.52.1 as a component of SUSE Manager Proxy 4.0 java-1_8_0-openjdk-devel-1.8.0.292-3.52.1 as a component of SUSE Manager Proxy 4.0 java-1_8_0-openjdk-headless-1.8.0.292-3.52.1 as a component of SUSE Manager Proxy 4.0 java-1_8_0-openjdk-1.8.0.292-3.52.1 as a component of SUSE Manager Retail Branch Server 4.0 java-1_8_0-openjdk-demo-1.8.0.292-3.52.1 as a component of SUSE Manager Retail Branch Server 4.0 java-1_8_0-openjdk-devel-1.8.0.292-3.52.1 as a component of SUSE Manager Retail Branch Server 4.0 java-1_8_0-openjdk-headless-1.8.0.292-3.52.1 as a component of SUSE Manager Retail Branch Server 4.0 java-1_8_0-openjdk-1.8.0.292-3.52.1 as a component of SUSE Manager Server 4.0 java-1_8_0-openjdk-demo-1.8.0.292-3.52.1 as a component of SUSE Manager Server 4.0 java-1_8_0-openjdk-devel-1.8.0.292-3.52.1 as a component of SUSE Manager Server 4.0 java-1_8_0-openjdk-headless-1.8.0.292-3.52.1 as a component of SUSE Manager Server 4.0 Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N). CVE-2021-2163 Container containers/apache-tomcat:9-openjdk8:java-1_8_0-openjdk-1.8.0.292-3.52.1 Container containers/apache-tomcat:9-openjdk8:java-1_8_0-openjdk-headless-1.8.0.292-3.52.1 Image tomcat_15_6:java-1_8_0-openjdk-1.8.0.292-3.52.1 Image tomcat_15_6:java-1_8_0-openjdk-headless-1.8.0.292-3.52.1 SUSE Enterprise Storage 6:java-1_8_0-openjdk-1.8.0.292-3.52.1 SUSE Enterprise Storage 6:java-1_8_0-openjdk-demo-1.8.0.292-3.52.1 SUSE Enterprise Storage 6:java-1_8_0-openjdk-devel-1.8.0.292-3.52.1 SUSE Enterprise Storage 6:java-1_8_0-openjdk-headless-1.8.0.292-3.52.1 SUSE Linux Enterprise Module for Legacy 15 SP2:java-1_8_0-openjdk-1.8.0.292-3.52.1 SUSE Linux Enterprise Module for Legacy 15 SP2:java-1_8_0-openjdk-demo-1.8.0.292-3.52.1 SUSE Linux Enterprise Module for Legacy 15 SP2:java-1_8_0-openjdk-devel-1.8.0.292-3.52.1 SUSE Linux Enterprise Module for Legacy 15 SP2:java-1_8_0-openjdk-headless-1.8.0.292-3.52.1 SUSE Linux Enterprise Module for Legacy 15 SP3:java-1_8_0-openjdk-1.8.0.292-3.52.1 SUSE Linux Enterprise Module for Legacy 15 SP3:java-1_8_0-openjdk-demo-1.8.0.292-3.52.1 SUSE Linux Enterprise Module for Legacy 15 SP3:java-1_8_0-openjdk-devel-1.8.0.292-3.52.1 SUSE Linux Enterprise Module for Legacy 15 SP3:java-1_8_0-openjdk-headless-1.8.0.292-3.52.1 SUSE Linux Enterprise Server 15 SP1-BCL:java-1_8_0-openjdk-1.8.0.292-3.52.1 SUSE Linux Enterprise Server 15 SP1-BCL:java-1_8_0-openjdk-demo-1.8.0.292-3.52.1 SUSE Linux Enterprise Server 15 SP1-BCL:java-1_8_0-openjdk-devel-1.8.0.292-3.52.1 SUSE Linux Enterprise Server 15 SP1-BCL:java-1_8_0-openjdk-headless-1.8.0.292-3.52.1 SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-openjdk-1.8.0.292-3.52.1 SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-openjdk-demo-1.8.0.292-3.52.1 SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-openjdk-devel-1.8.0.292-3.52.1 SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-openjdk-headless-1.8.0.292-3.52.1 SUSE Linux Enterprise Server 15-LTSS:java-1_8_0-openjdk-1.8.0.292-3.52.1 SUSE Linux Enterprise Server 15-LTSS:java-1_8_0-openjdk-demo-1.8.0.292-3.52.1 SUSE Linux Enterprise Server 15-LTSS:java-1_8_0-openjdk-devel-1.8.0.292-3.52.1 SUSE Linux Enterprise Server 15-LTSS:java-1_8_0-openjdk-headless-1.8.0.292-3.52.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-openjdk-1.8.0.292-3.52.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-openjdk-demo-1.8.0.292-3.52.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-openjdk-devel-1.8.0.292-3.52.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-openjdk-headless-1.8.0.292-3.52.1 SUSE Linux Enterprise Server for SAP Applications 15:java-1_8_0-openjdk-1.8.0.292-3.52.1 SUSE Linux Enterprise Server for SAP Applications 15:java-1_8_0-openjdk-demo-1.8.0.292-3.52.1 SUSE Linux Enterprise Server for SAP Applications 15:java-1_8_0-openjdk-devel-1.8.0.292-3.52.1 SUSE Linux Enterprise Server for SAP Applications 15:java-1_8_0-openjdk-headless-1.8.0.292-3.52.1 SUSE Manager Proxy 4.0:java-1_8_0-openjdk-1.8.0.292-3.52.1 SUSE Manager Proxy 4.0:java-1_8_0-openjdk-demo-1.8.0.292-3.52.1 SUSE Manager Proxy 4.0:java-1_8_0-openjdk-devel-1.8.0.292-3.52.1 SUSE Manager Proxy 4.0:java-1_8_0-openjdk-headless-1.8.0.292-3.52.1 SUSE Manager Retail Branch Server 4.0:java-1_8_0-openjdk-1.8.0.292-3.52.1 SUSE Manager Retail Branch Server 4.0:java-1_8_0-openjdk-demo-1.8.0.292-3.52.1 SUSE Manager Retail Branch Server 4.0:java-1_8_0-openjdk-devel-1.8.0.292-3.52.1 SUSE Manager Retail Branch Server 4.0:java-1_8_0-openjdk-headless-1.8.0.292-3.52.1 SUSE Manager Server 4.0:java-1_8_0-openjdk-1.8.0.292-3.52.1 SUSE Manager Server 4.0:java-1_8_0-openjdk-demo-1.8.0.292-3.52.1 SUSE Manager Server 4.0:java-1_8_0-openjdk-devel-1.8.0.292-3.52.1 SUSE Manager Server 4.0:java-1_8_0-openjdk-headless-1.8.0.292-3.52.1 moderate 2.6 AV:N/AC:H/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20211989-1/ https://www.suse.com/security/cve/CVE-2021-2163.html CVE-2021-2163 https://bugzilla.suse.com/1185055 SUSE Bug 1185055