Security update for java-1_7_0-openjdk SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2020:3310-1 Final 1 1 2020-11-12T15:04:09Z current 2020-11-12T15:04:09Z 2020-11-12T15:04:09Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for java-1_7_0-openjdk This update for java-1_7_0-openjdk fixes the following issues: - Update to 2.6.24 - OpenJDK 7u281 (October 2020 CPU, bsc#1177943) * Security fixes + JDK-8233624: Enhance JNI linkage + JDK-8236862, CVE-2020-14779: Enhance support of Proxy class + JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts + JDK-8237995, CVE-2020-14782: Enhance certificate processing + JDK-8240124: Better VM Interning + JDK-8241114, CVE-2020-14792: Better range handling + JDK-8242680, CVE-2020-14796: Improved URI Support + JDK-8242685, CVE-2020-14797: Better Path Validation + JDK-8242695, CVE-2020-14798: Enhanced buffer support + JDK-8243302: Advanced class supports + JDK-8244136, CVE-2020-14803: Improved Buffer supports + JDK-8244479: Further constrain certificates + JDK-8244955: Additional Fix for JDK-8240124 + JDK-8245407: Enhance zoning of times + JDK-8245412: Better class definitions + JDK-8245417: Improve certificate chain handling + JDK-8248574: Improve jpeg processing + JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit + JDK-8253019: Enhanced JPEG decoding * Import of OpenJDK 7 u281 build 1 + JDK-8145096: Undefined behaviour in HotSpot + JDK-8215265: C2: range check elimination may allow illegal out of bound access * Backports + JDK-8250861, PR3812: Crash in MinINode::Ideal(PhaseGVN*, bool) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). HPE-Helion-OpenStack-8-2020-3310,SUSE-2020-3310,SUSE-OpenStack-Cloud-7-2020-3310,SUSE-OpenStack-Cloud-8-2020-3310,SUSE-OpenStack-Cloud-9-2020-3310,SUSE-OpenStack-Cloud-Crowbar-8-2020-3310,SUSE-OpenStack-Cloud-Crowbar-9-2020-3310,SUSE-SLE-SAP-12-SP2-2020-3310,SUSE-SLE-SAP-12-SP3-2020-3310,SUSE-SLE-SAP-12-SP4-2020-3310,SUSE-SLE-SERVER-12-SP2-2020-3310,SUSE-SLE-SERVER-12-SP2-BCL-2020-3310,SUSE-SLE-SERVER-12-SP3-2020-3310,SUSE-SLE-SERVER-12-SP3-BCL-2020-3310,SUSE-SLE-SERVER-12-SP4-LTSS-2020-3310,SUSE-SLE-SERVER-12-SP5-2020-3310,SUSE-Storage-5-2020-3310 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2020/suse-su-20203310-1/ Link for SUSE-SU-2020:3310-1 https://lists.suse.com/pipermail/sle-security-updates/2020-November/007769.html E-Mail link for SUSE-SU-2020:3310-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1177943 SUSE Bug 1177943 https://www.suse.com/security/cve/CVE-2020-14779/ SUSE CVE CVE-2020-14779 page https://www.suse.com/security/cve/CVE-2020-14781/ SUSE CVE CVE-2020-14781 page https://www.suse.com/security/cve/CVE-2020-14782/ SUSE CVE CVE-2020-14782 page https://www.suse.com/security/cve/CVE-2020-14792/ SUSE CVE CVE-2020-14792 page https://www.suse.com/security/cve/CVE-2020-14796/ SUSE CVE CVE-2020-14796 page https://www.suse.com/security/cve/CVE-2020-14797/ SUSE CVE CVE-2020-14797 page https://www.suse.com/security/cve/CVE-2020-14798/ SUSE CVE CVE-2020-14798 page https://www.suse.com/security/cve/CVE-2020-14803/ SUSE CVE CVE-2020-14803 page HPE Helion OpenStack 8 SUSE Enterprise Storage 5 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP4-LTSS SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP2 SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 java-1_7_0-openjdk-1.7.0.281-43.44.2 java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 java-1_7_0-openjdk-accessibility-1.7.0.281-43.44.2 java-1_7_0-openjdk-bootstrap-1.7.0.281-43.44.2 java-1_7_0-openjdk-bootstrap-devel-1.7.0.281-43.44.2 java-1_7_0-openjdk-bootstrap-headless-1.7.0.281-43.44.2 java-1_7_0-openjdk-javadoc-1.7.0.281-43.44.2 java-1_7_0-openjdk-src-1.7.0.281-43.44.2 java-1_7_0-openjdk-1.7.0.281-43.44.2 as a component of HPE Helion OpenStack 8 java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 as a component of HPE Helion OpenStack 8 java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 as a component of HPE Helion OpenStack 8 java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 as a component of HPE Helion OpenStack 8 java-1_7_0-openjdk-1.7.0.281-43.44.2 as a component of SUSE Enterprise Storage 5 java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 as a component of SUSE Enterprise Storage 5 java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 as a component of SUSE Enterprise Storage 5 java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 as a component of SUSE Enterprise Storage 5 java-1_7_0-openjdk-1.7.0.281-43.44.2 as a component of SUSE Linux Enterprise Server 12 SP2-BCL java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 as a component of SUSE Linux Enterprise Server 12 SP2-BCL java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 as a component of SUSE Linux Enterprise Server 12 SP2-BCL java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 as a component of SUSE Linux Enterprise Server 12 SP2-BCL java-1_7_0-openjdk-1.7.0.281-43.44.2 as a component of SUSE Linux Enterprise Server 12 SP2-LTSS java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 as a component of SUSE Linux Enterprise Server 12 SP2-LTSS java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 as a component of SUSE Linux Enterprise Server 12 SP2-LTSS java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 as a component of SUSE Linux Enterprise Server 12 SP2-LTSS java-1_7_0-openjdk-1.7.0.281-43.44.2 as a component of SUSE Linux Enterprise Server 12 SP3-BCL java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 as a component of SUSE Linux Enterprise Server 12 SP3-BCL java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 as a component of SUSE Linux Enterprise Server 12 SP3-BCL java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 as a component of SUSE Linux Enterprise Server 12 SP3-BCL java-1_7_0-openjdk-1.7.0.281-43.44.2 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS java-1_7_0-openjdk-1.7.0.281-43.44.2 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS java-1_7_0-openjdk-1.7.0.281-43.44.2 as a component of SUSE Linux Enterprise Server 12 SP5 java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 as a component of SUSE Linux Enterprise Server 12 SP5 java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 as a component of SUSE Linux Enterprise Server 12 SP5 java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 as a component of SUSE Linux Enterprise Server 12 SP5 java-1_7_0-openjdk-1.7.0.281-43.44.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 java-1_7_0-openjdk-1.7.0.281-43.44.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 java-1_7_0-openjdk-1.7.0.281-43.44.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 java-1_7_0-openjdk-1.7.0.281-43.44.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 java-1_7_0-openjdk-1.7.0.281-43.44.2 as a component of SUSE OpenStack Cloud 7 java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 as a component of SUSE OpenStack Cloud 7 java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 as a component of SUSE OpenStack Cloud 7 java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 as a component of SUSE OpenStack Cloud 7 java-1_7_0-openjdk-1.7.0.281-43.44.2 as a component of SUSE OpenStack Cloud 8 java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 as a component of SUSE OpenStack Cloud 8 java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 as a component of SUSE OpenStack Cloud 8 java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 as a component of SUSE OpenStack Cloud 8 java-1_7_0-openjdk-1.7.0.281-43.44.2 as a component of SUSE OpenStack Cloud 9 java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 as a component of SUSE OpenStack Cloud 9 java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 as a component of SUSE OpenStack Cloud 9 java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 as a component of SUSE OpenStack Cloud 9 java-1_7_0-openjdk-1.7.0.281-43.44.2 as a component of SUSE OpenStack Cloud Crowbar 8 java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 as a component of SUSE OpenStack Cloud Crowbar 8 java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 as a component of SUSE OpenStack Cloud Crowbar 8 java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 as a component of SUSE OpenStack Cloud Crowbar 8 java-1_7_0-openjdk-1.7.0.281-43.44.2 as a component of SUSE OpenStack Cloud Crowbar 9 java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 as a component of SUSE OpenStack Cloud Crowbar 9 java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 as a component of SUSE OpenStack Cloud Crowbar 9 java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 as a component of SUSE OpenStack Cloud Crowbar 9 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2020-14779 HPE Helion OpenStack 8:java-1_7_0-openjdk-1.7.0.281-43.44.2 HPE Helion OpenStack 8:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 HPE Helion OpenStack 8:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 HPE Helion OpenStack 8:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Enterprise Storage 5:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Enterprise Storage 5:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Enterprise Storage 5:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Enterprise Storage 5:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP2-BCL:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP2-BCL:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP2-BCL:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP2-BCL:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP2-LTSS:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP2-LTSS:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP2-LTSS:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP2-LTSS:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP3-BCL:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP3-BCL:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP3-BCL:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP3-BCL:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP3-LTSS:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP3-LTSS:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP3-LTSS:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP3-LTSS:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP5:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP5:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP5:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP5:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE OpenStack Cloud 7:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE OpenStack Cloud 7:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE OpenStack Cloud 7:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE OpenStack Cloud 7:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE OpenStack Cloud 8:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE OpenStack Cloud 8:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE OpenStack Cloud 8:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE OpenStack Cloud 8:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE OpenStack Cloud 9:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE OpenStack Cloud 9:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE OpenStack Cloud 9:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE OpenStack Cloud 9:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE OpenStack Cloud Crowbar 8:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE OpenStack Cloud Crowbar 8:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE OpenStack Cloud Crowbar 8:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE OpenStack Cloud Crowbar 8:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE OpenStack Cloud Crowbar 9:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE OpenStack Cloud Crowbar 9:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE OpenStack Cloud Crowbar 9:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE OpenStack Cloud Crowbar 9:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2020/suse-su-20203310-1/ https://www.suse.com/security/cve/CVE-2020-14779.html CVE-2020-14779 https://bugzilla.suse.com/1177943 SUSE Bug 1177943 https://bugzilla.suse.com/1180063 SUSE Bug 1180063 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). CVE-2020-14781 HPE Helion OpenStack 8:java-1_7_0-openjdk-1.7.0.281-43.44.2 HPE Helion OpenStack 8:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 HPE Helion OpenStack 8:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 HPE Helion OpenStack 8:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Enterprise Storage 5:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Enterprise Storage 5:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Enterprise Storage 5:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Enterprise Storage 5:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP2-BCL:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP2-BCL:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP2-BCL:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP2-BCL:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP2-LTSS:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP2-LTSS:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP2-LTSS:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP2-LTSS:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP3-BCL:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP3-BCL:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP3-BCL:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP3-BCL:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP3-LTSS:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP3-LTSS:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP3-LTSS:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP3-LTSS:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP5:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP5:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP5:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP5:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE OpenStack Cloud 7:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE OpenStack Cloud 7:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE OpenStack Cloud 7:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE OpenStack Cloud 7:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE OpenStack Cloud 8:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE OpenStack Cloud 8:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE OpenStack Cloud 8:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE OpenStack Cloud 8:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE OpenStack Cloud 9:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE OpenStack Cloud 9:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE OpenStack Cloud 9:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE OpenStack Cloud 9:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE OpenStack Cloud Crowbar 8:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE OpenStack Cloud Crowbar 8:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE OpenStack Cloud Crowbar 8:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE OpenStack Cloud Crowbar 8:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE OpenStack Cloud Crowbar 9:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE OpenStack Cloud Crowbar 9:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE OpenStack Cloud Crowbar 9:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE OpenStack Cloud Crowbar 9:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2020/suse-su-20203310-1/ https://www.suse.com/security/cve/CVE-2020-14781.html CVE-2020-14781 https://bugzilla.suse.com/1177943 SUSE Bug 1177943 https://bugzilla.suse.com/1180063 SUSE Bug 1180063 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). CVE-2020-14782 HPE Helion OpenStack 8:java-1_7_0-openjdk-1.7.0.281-43.44.2 HPE Helion OpenStack 8:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 HPE Helion OpenStack 8:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 HPE Helion OpenStack 8:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Enterprise Storage 5:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Enterprise Storage 5:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Enterprise Storage 5:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Enterprise Storage 5:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP2-BCL:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP2-BCL:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP2-BCL:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP2-BCL:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP2-LTSS:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP2-LTSS:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP2-LTSS:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP2-LTSS:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP3-BCL:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP3-BCL:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP3-BCL:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP3-BCL:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP3-LTSS:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP3-LTSS:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP3-LTSS:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP3-LTSS:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP5:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP5:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP5:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP5:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE OpenStack Cloud 7:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE OpenStack Cloud 7:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE OpenStack Cloud 7:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE OpenStack Cloud 7:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE OpenStack Cloud 8:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE OpenStack Cloud 8:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE OpenStack Cloud 8:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE OpenStack Cloud 8:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE OpenStack Cloud 9:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE OpenStack Cloud 9:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE OpenStack Cloud 9:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE OpenStack Cloud 9:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE OpenStack Cloud Crowbar 8:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE OpenStack Cloud Crowbar 8:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE OpenStack Cloud Crowbar 8:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE OpenStack Cloud Crowbar 8:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE OpenStack Cloud Crowbar 9:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE OpenStack Cloud Crowbar 9:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE OpenStack Cloud Crowbar 9:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE OpenStack Cloud Crowbar 9:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2020/suse-su-20203310-1/ https://www.suse.com/security/cve/CVE-2020-14782.html CVE-2020-14782 https://bugzilla.suse.com/1177943 SUSE Bug 1177943 https://bugzilla.suse.com/1180063 SUSE Bug 1180063 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N). CVE-2020-14792 HPE Helion OpenStack 8:java-1_7_0-openjdk-1.7.0.281-43.44.2 HPE Helion OpenStack 8:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 HPE Helion OpenStack 8:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 HPE Helion OpenStack 8:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Enterprise Storage 5:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Enterprise Storage 5:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Enterprise Storage 5:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Enterprise Storage 5:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP2-BCL:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP2-BCL:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP2-BCL:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP2-BCL:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP2-LTSS:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP2-LTSS:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP2-LTSS:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP2-LTSS:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP3-BCL:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP3-BCL:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP3-BCL:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP3-BCL:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP3-LTSS:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP3-LTSS:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP3-LTSS:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP3-LTSS:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP5:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP5:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP5:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP5:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE OpenStack Cloud 7:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE OpenStack Cloud 7:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE OpenStack Cloud 7:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE OpenStack Cloud 7:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE OpenStack Cloud 8:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE OpenStack Cloud 8:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE OpenStack Cloud 8:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE OpenStack Cloud 8:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE OpenStack Cloud 9:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE OpenStack Cloud 9:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE OpenStack Cloud 9:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE OpenStack Cloud 9:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE OpenStack Cloud Crowbar 8:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE OpenStack Cloud Crowbar 8:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE OpenStack Cloud Crowbar 8:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE OpenStack Cloud Crowbar 8:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE OpenStack Cloud Crowbar 9:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE OpenStack Cloud Crowbar 9:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE OpenStack Cloud Crowbar 9:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE OpenStack Cloud Crowbar 9:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 moderate 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2020/suse-su-20203310-1/ https://www.suse.com/security/cve/CVE-2020-14792.html CVE-2020-14792 https://bugzilla.suse.com/1177943 SUSE Bug 1177943 https://bugzilla.suse.com/1180063 SUSE Bug 1180063 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). CVE-2020-14796 HPE Helion OpenStack 8:java-1_7_0-openjdk-1.7.0.281-43.44.2 HPE Helion OpenStack 8:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 HPE Helion OpenStack 8:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 HPE Helion OpenStack 8:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Enterprise Storage 5:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Enterprise Storage 5:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Enterprise Storage 5:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Enterprise Storage 5:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP2-BCL:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP2-BCL:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP2-BCL:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP2-BCL:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP2-LTSS:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP2-LTSS:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP2-LTSS:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP2-LTSS:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP3-BCL:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP3-BCL:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP3-BCL:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP3-BCL:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP3-LTSS:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP3-LTSS:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP3-LTSS:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP3-LTSS:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP5:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP5:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP5:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP5:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE OpenStack Cloud 7:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE OpenStack Cloud 7:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE OpenStack Cloud 7:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE OpenStack Cloud 7:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE OpenStack Cloud 8:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE OpenStack Cloud 8:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE OpenStack Cloud 8:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE OpenStack Cloud 8:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE OpenStack Cloud 9:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE OpenStack Cloud 9:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE OpenStack Cloud 9:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE OpenStack Cloud 9:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE OpenStack Cloud Crowbar 8:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE OpenStack Cloud Crowbar 8:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE OpenStack Cloud Crowbar 8:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE OpenStack Cloud Crowbar 8:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE OpenStack Cloud Crowbar 9:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE OpenStack Cloud Crowbar 9:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE OpenStack Cloud Crowbar 9:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE OpenStack Cloud Crowbar 9:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 moderate 2.6 AV:N/AC:H/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2020/suse-su-20203310-1/ https://www.suse.com/security/cve/CVE-2020-14796.html CVE-2020-14796 https://bugzilla.suse.com/1177943 SUSE Bug 1177943 https://bugzilla.suse.com/1180063 SUSE Bug 1180063 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). CVE-2020-14797 HPE Helion OpenStack 8:java-1_7_0-openjdk-1.7.0.281-43.44.2 HPE Helion OpenStack 8:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 HPE Helion OpenStack 8:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 HPE Helion OpenStack 8:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Enterprise Storage 5:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Enterprise Storage 5:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Enterprise Storage 5:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Enterprise Storage 5:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP2-BCL:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP2-BCL:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP2-BCL:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP2-BCL:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP2-LTSS:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP2-LTSS:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP2-LTSS:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP2-LTSS:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP3-BCL:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP3-BCL:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP3-BCL:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP3-BCL:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP3-LTSS:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP3-LTSS:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP3-LTSS:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP3-LTSS:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP5:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP5:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP5:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP5:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE OpenStack Cloud 7:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE OpenStack Cloud 7:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE OpenStack Cloud 7:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE OpenStack Cloud 7:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE OpenStack Cloud 8:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE OpenStack Cloud 8:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE OpenStack Cloud 8:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE OpenStack Cloud 8:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE OpenStack Cloud 9:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE OpenStack Cloud 9:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE OpenStack Cloud 9:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE OpenStack Cloud 9:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE OpenStack Cloud Crowbar 8:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE OpenStack Cloud Crowbar 8:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE OpenStack Cloud Crowbar 8:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE OpenStack Cloud Crowbar 8:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE OpenStack Cloud Crowbar 9:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE OpenStack Cloud Crowbar 9:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE OpenStack Cloud Crowbar 9:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE OpenStack Cloud Crowbar 9:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2020/suse-su-20203310-1/ https://www.suse.com/security/cve/CVE-2020-14797.html CVE-2020-14797 https://bugzilla.suse.com/1177943 SUSE Bug 1177943 https://bugzilla.suse.com/1180063 SUSE Bug 1180063 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N). CVE-2020-14798 HPE Helion OpenStack 8:java-1_7_0-openjdk-1.7.0.281-43.44.2 HPE Helion OpenStack 8:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 HPE Helion OpenStack 8:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 HPE Helion OpenStack 8:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Enterprise Storage 5:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Enterprise Storage 5:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Enterprise Storage 5:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Enterprise Storage 5:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP2-BCL:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP2-BCL:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP2-BCL:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP2-BCL:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP2-LTSS:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP2-LTSS:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP2-LTSS:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP2-LTSS:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP3-BCL:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP3-BCL:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP3-BCL:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP3-BCL:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP3-LTSS:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP3-LTSS:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP3-LTSS:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP3-LTSS:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP5:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP5:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP5:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP5:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE OpenStack Cloud 7:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE OpenStack Cloud 7:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE OpenStack Cloud 7:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE OpenStack Cloud 7:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE OpenStack Cloud 8:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE OpenStack Cloud 8:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE OpenStack Cloud 8:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE OpenStack Cloud 8:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE OpenStack Cloud 9:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE OpenStack Cloud 9:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE OpenStack Cloud 9:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE OpenStack Cloud 9:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE OpenStack Cloud Crowbar 8:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE OpenStack Cloud Crowbar 8:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE OpenStack Cloud Crowbar 8:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE OpenStack Cloud Crowbar 8:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE OpenStack Cloud Crowbar 9:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE OpenStack Cloud Crowbar 9:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE OpenStack Cloud Crowbar 9:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE OpenStack Cloud Crowbar 9:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 moderate 2.6 AV:N/AC:H/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2020/suse-su-20203310-1/ https://www.suse.com/security/cve/CVE-2020-14798.html CVE-2020-14798 https://bugzilla.suse.com/1177943 SUSE Bug 1177943 https://bugzilla.suse.com/1180063 SUSE Bug 1180063 Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). CVE-2020-14803 HPE Helion OpenStack 8:java-1_7_0-openjdk-1.7.0.281-43.44.2 HPE Helion OpenStack 8:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 HPE Helion OpenStack 8:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 HPE Helion OpenStack 8:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Enterprise Storage 5:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Enterprise Storage 5:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Enterprise Storage 5:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Enterprise Storage 5:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP2-BCL:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP2-BCL:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP2-BCL:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP2-BCL:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP2-LTSS:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP2-LTSS:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP2-LTSS:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP2-LTSS:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP3-BCL:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP3-BCL:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP3-BCL:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP3-BCL:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP3-LTSS:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP3-LTSS:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP3-LTSS:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP3-LTSS:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP5:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP5:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP5:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server 12 SP5:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE OpenStack Cloud 7:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE OpenStack Cloud 7:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE OpenStack Cloud 7:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE OpenStack Cloud 7:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE OpenStack Cloud 8:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE OpenStack Cloud 8:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE OpenStack Cloud 8:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE OpenStack Cloud 8:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE OpenStack Cloud 9:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE OpenStack Cloud 9:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE OpenStack Cloud 9:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE OpenStack Cloud 9:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE OpenStack Cloud Crowbar 8:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE OpenStack Cloud Crowbar 8:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE OpenStack Cloud Crowbar 8:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE OpenStack Cloud Crowbar 8:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 SUSE OpenStack Cloud Crowbar 9:java-1_7_0-openjdk-1.7.0.281-43.44.2 SUSE OpenStack Cloud Crowbar 9:java-1_7_0-openjdk-demo-1.7.0.281-43.44.2 SUSE OpenStack Cloud Crowbar 9:java-1_7_0-openjdk-devel-1.7.0.281-43.44.2 SUSE OpenStack Cloud Crowbar 9:java-1_7_0-openjdk-headless-1.7.0.281-43.44.2 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2020/suse-su-20203310-1/ https://www.suse.com/security/cve/CVE-2020-14803.html CVE-2020-14803 https://bugzilla.suse.com/1177943 SUSE Bug 1177943 https://bugzilla.suse.com/1181239 SUSE Bug 1181239 https://bugzilla.suse.com/1182186 SUSE Bug 1182186