java-1_8_0-openj9-1.8.0.292-3.2 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10875 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z java-1_8_0-openj9-1.8.0.292-3.2 on GA media These are all security issues fixed in the java-1_8_0-openj9-1.8.0.292-3.2 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10875 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:10875 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2020-14556/ SUSE CVE CVE-2020-14556 page https://www.suse.com/security/cve/CVE-2020-14579/ SUSE CVE CVE-2020-14579 page https://www.suse.com/security/cve/CVE-2020-14593/ SUSE CVE CVE-2020-14593 page https://www.suse.com/security/cve/CVE-2020-14781/ SUSE CVE CVE-2020-14781 page https://www.suse.com/security/cve/CVE-2020-14796/ SUSE CVE CVE-2020-14796 page https://www.suse.com/security/cve/CVE-2020-14803/ SUSE CVE CVE-2020-14803 page https://www.suse.com/security/cve/CVE-2020-2754/ SUSE CVE CVE-2020-2754 page https://www.suse.com/security/cve/CVE-2020-2757/ SUSE CVE CVE-2020-2757 page https://www.suse.com/security/cve/CVE-2020-2803/ SUSE CVE CVE-2020-2803 page openSUSE Tumbleweed java-1_8_0-openj9-1.8.0.292-3.2 java-1_8_0-openj9-accessibility-1.8.0.292-3.2 java-1_8_0-openj9-demo-1.8.0.292-3.2 java-1_8_0-openj9-devel-1.8.0.292-3.2 java-1_8_0-openj9-headless-1.8.0.292-3.2 java-1_8_0-openj9-javadoc-1.8.0.292-3.2 java-1_8_0-openj9-src-1.8.0.292-3.2 java-1_8_0-openj9-1.8.0.292-3.2 as a component of openSUSE Tumbleweed java-1_8_0-openj9-accessibility-1.8.0.292-3.2 as a component of openSUSE Tumbleweed java-1_8_0-openj9-demo-1.8.0.292-3.2 as a component of openSUSE Tumbleweed java-1_8_0-openj9-devel-1.8.0.292-3.2 as a component of openSUSE Tumbleweed java-1_8_0-openj9-headless-1.8.0.292-3.2 as a component of openSUSE Tumbleweed java-1_8_0-openj9-javadoc-1.8.0.292-3.2 as a component of openSUSE Tumbleweed java-1_8_0-openj9-src-1.8.0.292-3.2 as a component of openSUSE Tumbleweed Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). CVE-2020-14556 openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.292-3.2 openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.292-3.2 openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.292-3.2 openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.292-3.2 openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.292-3.2 openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.292-3.2 openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.292-3.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-14556.html CVE-2020-14556 https://bugzilla.suse.com/1174157 SUSE Bug 1174157 https://bugzilla.suse.com/1175259 SUSE Bug 1175259 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2020-14579 openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.292-3.2 openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.292-3.2 openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.292-3.2 openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.292-3.2 openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.292-3.2 openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.292-3.2 openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.292-3.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-14579.html CVE-2020-14579 https://bugzilla.suse.com/1174157 SUSE Bug 1174157 https://bugzilla.suse.com/1175259 SUSE Bug 1175259 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N). CVE-2020-14593 openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.292-3.2 openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.292-3.2 openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.292-3.2 openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.292-3.2 openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.292-3.2 openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.292-3.2 openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.292-3.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-14593.html CVE-2020-14593 https://bugzilla.suse.com/1174157 SUSE Bug 1174157 https://bugzilla.suse.com/1175259 SUSE Bug 1175259 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). CVE-2020-14781 openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.292-3.2 openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.292-3.2 openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.292-3.2 openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.292-3.2 openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.292-3.2 openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.292-3.2 openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.292-3.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-14781.html CVE-2020-14781 https://bugzilla.suse.com/1177943 SUSE Bug 1177943 https://bugzilla.suse.com/1180063 SUSE Bug 1180063 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). CVE-2020-14796 openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.292-3.2 openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.292-3.2 openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.292-3.2 openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.292-3.2 openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.292-3.2 openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.292-3.2 openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.292-3.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-14796.html CVE-2020-14796 https://bugzilla.suse.com/1177943 SUSE Bug 1177943 https://bugzilla.suse.com/1180063 SUSE Bug 1180063 Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). CVE-2020-14803 openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.292-3.2 openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.292-3.2 openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.292-3.2 openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.292-3.2 openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.292-3.2 openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.292-3.2 openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.292-3.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-14803.html CVE-2020-14803 https://bugzilla.suse.com/1177943 SUSE Bug 1177943 https://bugzilla.suse.com/1181239 SUSE Bug 1181239 https://bugzilla.suse.com/1182186 SUSE Bug 1182186 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2020-2754 openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.292-3.2 openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.292-3.2 openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.292-3.2 openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.292-3.2 openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.292-3.2 openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.292-3.2 openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.292-3.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-2754.html CVE-2020-2754 https://bugzilla.suse.com/1169511 SUSE Bug 1169511 https://bugzilla.suse.com/1172277 SUSE Bug 1172277 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2020-2757 openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.292-3.2 openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.292-3.2 openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.292-3.2 openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.292-3.2 openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.292-3.2 openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.292-3.2 openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.292-3.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-2757.html CVE-2020-2757 https://bugzilla.suse.com/1169511 SUSE Bug 1169511 https://bugzilla.suse.com/1172277 SUSE Bug 1172277 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). CVE-2020-2803 openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.292-3.2 openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.292-3.2 openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.292-3.2 openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.292-3.2 openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.292-3.2 openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.292-3.2 openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.292-3.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-2803.html CVE-2020-2803 https://bugzilla.suse.com/1169511 SUSE Bug 1169511 https://bugzilla.suse.com/1172277 SUSE Bug 1172277