Security update for java-1_8_0-openjdk SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2018:0663-1 Final 1 1 2018-03-12T12:18:36Z current 2018-03-12T12:18:36Z 2018-03-12T12:18:36Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for java-1_8_0-openjdk This update for java-1_8_0-openjdk fixes the following issues: Security issues fix in jdk8u161 (icedtea 3.7.0)(bsc#1076366): - CVE-2018-2579: Improve key keying case - CVE-2018-2582: Better interface invocations - CVE-2018-2588: Improve LDAP logins - CVE-2018-2599: Improve reliability of DNS lookups - CVE-2018-2602: Improve usage messages - CVE-2018-2603: Improve PKCS usage - CVE-2018-2618: Stricter key generation - CVE-2018-2629: Improve GSS handling - CVE-2018-2633: Improve LDAP lookup robustness - CVE-2018-2634: Improve property negotiations - CVE-2018-2637: Improve JMX supportive features - CVE-2018-2641: Improve GTK initialization - CVE-2018-2663: More refactoring for deserialization cases - CVE-2018-2677: More refactoring for client deserialization cases - CVE-2018-2678: More refactoring for naming deserialization cases The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-OpenStack-Cloud-6-2018-449,SUSE-SLE-DESKTOP-12-SP2-2018-449,SUSE-SLE-DESKTOP-12-SP3-2018-449,SUSE-SLE-RPI-12-SP2-2018-449,SUSE-SLE-SAP-12-SP1-2018-449,SUSE-SLE-SERVER-12-SP1-2018-449,SUSE-SLE-SERVER-12-SP2-2018-449,SUSE-SLE-SERVER-12-SP3-2018-449 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2018/suse-su-20180663-1/ Link for SUSE-SU-2018:0663-1 https://lists.opensuse.org/opensuse-security-announce/2018-03/msg00032.html E-Mail link for SUSE-SU-2018:0663-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1076366 SUSE Bug 1076366 https://www.suse.com/security/cve/CVE-2018-2579/ SUSE CVE CVE-2018-2579 page https://www.suse.com/security/cve/CVE-2018-2582/ SUSE CVE CVE-2018-2582 page https://www.suse.com/security/cve/CVE-2018-2588/ SUSE CVE CVE-2018-2588 page https://www.suse.com/security/cve/CVE-2018-2599/ SUSE CVE CVE-2018-2599 page https://www.suse.com/security/cve/CVE-2018-2602/ SUSE CVE CVE-2018-2602 page https://www.suse.com/security/cve/CVE-2018-2603/ SUSE CVE CVE-2018-2603 page https://www.suse.com/security/cve/CVE-2018-2618/ SUSE CVE CVE-2018-2618 page https://www.suse.com/security/cve/CVE-2018-2629/ SUSE CVE CVE-2018-2629 page https://www.suse.com/security/cve/CVE-2018-2633/ SUSE CVE CVE-2018-2633 page https://www.suse.com/security/cve/CVE-2018-2634/ SUSE CVE CVE-2018-2634 page https://www.suse.com/security/cve/CVE-2018-2637/ SUSE CVE CVE-2018-2637 page https://www.suse.com/security/cve/CVE-2018-2641/ SUSE CVE CVE-2018-2641 page https://www.suse.com/security/cve/CVE-2018-2663/ SUSE CVE CVE-2018-2663 page https://www.suse.com/security/cve/CVE-2018-2677/ SUSE CVE CVE-2018-2677 page https://www.suse.com/security/cve/CVE-2018-2678/ SUSE CVE CVE-2018-2678 page SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 SUSE Linux Enterprise Server for SAP Applications 12 SP1 SUSE Linux Enterprise Server for SAP Applications 12 SP2 SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE OpenStack Cloud 6 java-1_8_0-openjdk-1.8.0.161-27.13.1 java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 java-1_8_0-openjdk-1.8.0.161-27.13.1 as a component of SUSE Linux Enterprise Desktop 12 SP2 java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 as a component of SUSE Linux Enterprise Desktop 12 SP2 java-1_8_0-openjdk-1.8.0.161-27.13.1 as a component of SUSE Linux Enterprise Desktop 12 SP3 java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 as a component of SUSE Linux Enterprise Desktop 12 SP3 java-1_8_0-openjdk-1.8.0.161-27.13.1 as a component of SUSE Linux Enterprise Server 12 SP1-LTSS java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 as a component of SUSE Linux Enterprise Server 12 SP1-LTSS java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 as a component of SUSE Linux Enterprise Server 12 SP1-LTSS java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 as a component of SUSE Linux Enterprise Server 12 SP1-LTSS java-1_8_0-openjdk-1.8.0.161-27.13.1 as a component of SUSE Linux Enterprise Server 12 SP2 java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 as a component of SUSE Linux Enterprise Server 12 SP2 java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 as a component of SUSE Linux Enterprise Server 12 SP2 java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 as a component of SUSE Linux Enterprise Server 12 SP2 java-1_8_0-openjdk-1.8.0.161-27.13.1 as a component of SUSE Linux Enterprise Server 12 SP3 java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 as a component of SUSE Linux Enterprise Server 12 SP3 java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 as a component of SUSE Linux Enterprise Server 12 SP3 java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 as a component of SUSE Linux Enterprise Server 12 SP3 java-1_8_0-openjdk-1.8.0.161-27.13.1 as a component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 as a component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 as a component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 as a component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 java-1_8_0-openjdk-1.8.0.161-27.13.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 java-1_8_0-openjdk-1.8.0.161-27.13.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 java-1_8_0-openjdk-1.8.0.161-27.13.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 java-1_8_0-openjdk-1.8.0.161-27.13.1 as a component of SUSE OpenStack Cloud 6 java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 as a component of SUSE OpenStack Cloud 6 java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 as a component of SUSE OpenStack Cloud 6 java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 as a component of SUSE OpenStack Cloud 6 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). CVE-2018-2579 SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Desktop 12 SP3:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Desktop 12 SP3:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP1-LTSS:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP1-LTSS:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP1-LTSS:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP1-LTSS:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP3:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP3:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP3:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP3:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE OpenStack Cloud 6:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE OpenStack Cloud 6:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE OpenStack Cloud 6:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE OpenStack Cloud 6:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180663-1/ https://www.suse.com/security/cve/CVE-2018-2579.html CVE-2018-2579 https://bugzilla.suse.com/1076366 SUSE Bug 1076366 https://bugzilla.suse.com/1082810 SUSE Bug 1082810 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 8u152 and 9.0.1; Java SE Embedded: 8u151. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N). CVE-2018-2582 SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Desktop 12 SP3:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Desktop 12 SP3:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP1-LTSS:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP1-LTSS:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP1-LTSS:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP1-LTSS:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP3:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP3:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP3:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP3:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE OpenStack Cloud 6:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE OpenStack Cloud 6:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE OpenStack Cloud 6:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE OpenStack Cloud 6:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180663-1/ https://www.suse.com/security/cve/CVE-2018-2582.html CVE-2018-2582 https://bugzilla.suse.com/1076366 SUSE Bug 1076366 https://bugzilla.suse.com/1082810 SUSE Bug 1082810 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: LDAP). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). CVE-2018-2588 SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Desktop 12 SP3:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Desktop 12 SP3:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP1-LTSS:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP1-LTSS:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP1-LTSS:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP1-LTSS:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP3:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP3:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP3:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP3:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE OpenStack Cloud 6:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE OpenStack Cloud 6:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE OpenStack Cloud 6:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE OpenStack Cloud 6:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180663-1/ https://www.suse.com/security/cve/CVE-2018-2588.html CVE-2018-2588 https://bugzilla.suse.com/1076366 SUSE Bug 1076366 https://bugzilla.suse.com/1082810 SUSE Bug 1082810 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L). CVE-2018-2599 SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Desktop 12 SP3:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Desktop 12 SP3:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP1-LTSS:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP1-LTSS:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP1-LTSS:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP1-LTSS:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP3:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP3:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP3:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP3:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE OpenStack Cloud 6:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE OpenStack Cloud 6:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE OpenStack Cloud 6:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE OpenStack Cloud 6:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180663-1/ https://www.suse.com/security/cve/CVE-2018-2599.html CVE-2018-2599 https://bugzilla.suse.com/1076366 SUSE Bug 1076366 https://bugzilla.suse.com/1082810 SUSE Bug 1082810 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: I18n). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded executes to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L). CVE-2018-2602 SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Desktop 12 SP3:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Desktop 12 SP3:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP1-LTSS:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP1-LTSS:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP1-LTSS:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP1-LTSS:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP3:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP3:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP3:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP3:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE OpenStack Cloud 6:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE OpenStack Cloud 6:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE OpenStack Cloud 6:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE OpenStack Cloud 6:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180663-1/ https://www.suse.com/security/cve/CVE-2018-2602.html CVE-2018-2602 https://bugzilla.suse.com/1076366 SUSE Bug 1076366 https://bugzilla.suse.com/1082810 SUSE Bug 1082810 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2018-2603 SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Desktop 12 SP3:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Desktop 12 SP3:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP1-LTSS:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP1-LTSS:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP1-LTSS:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP1-LTSS:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP3:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP3:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP3:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP3:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE OpenStack Cloud 6:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE OpenStack Cloud 6:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE OpenStack Cloud 6:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE OpenStack Cloud 6:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180663-1/ https://www.suse.com/security/cve/CVE-2018-2603.html CVE-2018-2603 https://bugzilla.suse.com/1076366 SUSE Bug 1076366 https://bugzilla.suse.com/1082810 SUSE Bug 1082810 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). CVE-2018-2618 SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Desktop 12 SP3:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Desktop 12 SP3:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP1-LTSS:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP1-LTSS:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP1-LTSS:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP1-LTSS:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP3:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP3:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP3:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP3:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE OpenStack Cloud 6:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE OpenStack Cloud 6:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE OpenStack Cloud 6:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE OpenStack Cloud 6:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180663-1/ https://www.suse.com/security/cve/CVE-2018-2618.html CVE-2018-2618 https://bugzilla.suse.com/1076366 SUSE Bug 1076366 https://bugzilla.suse.com/1082810 SUSE Bug 1082810 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JGSS). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N). CVE-2018-2629 SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Desktop 12 SP3:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Desktop 12 SP3:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP1-LTSS:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP1-LTSS:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP1-LTSS:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP1-LTSS:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP3:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP3:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP3:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP3:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE OpenStack Cloud 6:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE OpenStack Cloud 6:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE OpenStack Cloud 6:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE OpenStack Cloud 6:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180663-1/ https://www.suse.com/security/cve/CVE-2018-2629.html CVE-2018-2629 https://bugzilla.suse.com/1076366 SUSE Bug 1076366 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). CVE-2018-2633 SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Desktop 12 SP3:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Desktop 12 SP3:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP1-LTSS:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP1-LTSS:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP1-LTSS:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP1-LTSS:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP3:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP3:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP3:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP3:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE OpenStack Cloud 6:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE OpenStack Cloud 6:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE OpenStack Cloud 6:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE OpenStack Cloud 6:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180663-1/ https://www.suse.com/security/cve/CVE-2018-2633.html CVE-2018-2633 https://bugzilla.suse.com/1076366 SUSE Bug 1076366 https://bugzilla.suse.com/1082810 SUSE Bug 1082810 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JGSS). Supported versions that are affected are Java SE: 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N). CVE-2018-2634 SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Desktop 12 SP3:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Desktop 12 SP3:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP1-LTSS:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP1-LTSS:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP1-LTSS:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP1-LTSS:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP3:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP3:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP3:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP3:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE OpenStack Cloud 6:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE OpenStack Cloud 6:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE OpenStack Cloud 6:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE OpenStack Cloud 6:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180663-1/ https://www.suse.com/security/cve/CVE-2018-2634.html CVE-2018-2634 https://bugzilla.suse.com/1076366 SUSE Bug 1076366 https://bugzilla.suse.com/1082810 SUSE Bug 1082810 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N). CVE-2018-2637 SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Desktop 12 SP3:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Desktop 12 SP3:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP1-LTSS:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP1-LTSS:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP1-LTSS:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP1-LTSS:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP3:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP3:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP3:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP3:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE OpenStack Cloud 6:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE OpenStack Cloud 6:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE OpenStack Cloud 6:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE OpenStack Cloud 6:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180663-1/ https://www.suse.com/security/cve/CVE-2018-2637.html CVE-2018-2637 https://bugzilla.suse.com/1076366 SUSE Bug 1076366 https://bugzilla.suse.com/1082810 SUSE Bug 1082810 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N). CVE-2018-2641 SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Desktop 12 SP3:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Desktop 12 SP3:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP1-LTSS:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP1-LTSS:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP1-LTSS:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP1-LTSS:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP3:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP3:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP3:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP3:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE OpenStack Cloud 6:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE OpenStack Cloud 6:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE OpenStack Cloud 6:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE OpenStack Cloud 6:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180663-1/ https://www.suse.com/security/cve/CVE-2018-2641.html CVE-2018-2641 https://bugzilla.suse.com/1076366 SUSE Bug 1076366 https://bugzilla.suse.com/1082810 SUSE Bug 1082810 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L). CVE-2018-2663 SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Desktop 12 SP3:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Desktop 12 SP3:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP1-LTSS:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP1-LTSS:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP1-LTSS:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP1-LTSS:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP3:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP3:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP3:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP3:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE OpenStack Cloud 6:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE OpenStack Cloud 6:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE OpenStack Cloud 6:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE OpenStack Cloud 6:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180663-1/ https://www.suse.com/security/cve/CVE-2018-2663.html CVE-2018-2663 https://bugzilla.suse.com/1076366 SUSE Bug 1076366 https://bugzilla.suse.com/1082810 SUSE Bug 1082810 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L). CVE-2018-2677 SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Desktop 12 SP3:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Desktop 12 SP3:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP1-LTSS:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP1-LTSS:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP1-LTSS:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP1-LTSS:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP3:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP3:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP3:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP3:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE OpenStack Cloud 6:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE OpenStack Cloud 6:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE OpenStack Cloud 6:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE OpenStack Cloud 6:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180663-1/ https://www.suse.com/security/cve/CVE-2018-2677.html CVE-2018-2677 https://bugzilla.suse.com/1076366 SUSE Bug 1076366 https://bugzilla.suse.com/1082810 SUSE Bug 1082810 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L). CVE-2018-2678 SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Desktop 12 SP3:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Desktop 12 SP3:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP1-LTSS:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP1-LTSS:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP1-LTSS:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP1-LTSS:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP3:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP3:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP3:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server 12 SP3:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 SUSE OpenStack Cloud 6:java-1_8_0-openjdk-1.8.0.161-27.13.1 SUSE OpenStack Cloud 6:java-1_8_0-openjdk-demo-1.8.0.161-27.13.1 SUSE OpenStack Cloud 6:java-1_8_0-openjdk-devel-1.8.0.161-27.13.1 SUSE OpenStack Cloud 6:java-1_8_0-openjdk-headless-1.8.0.161-27.13.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180663-1/ https://www.suse.com/security/cve/CVE-2018-2678.html CVE-2018-2678 https://bugzilla.suse.com/1076366 SUSE Bug 1076366 https://bugzilla.suse.com/1082810 SUSE Bug 1082810