Description: | Summary: The remote host is missing an update for the 'java-1_8_0-openjdk' package(s) announced via the SUSE-SU-2020:1686-1 advisory.
Vulnerability Insight: This update for java-1_8_0-openjdk to version jdk8u252 fixes the following issues:
CVE-2020-2754: Forward references to Nashorn (bsc#1169511)
CVE-2020-2755: Improve Nashorn matching (bsc#1169511)
CVE-2020-2756: Better mapping of serial ENUMs (bsc#1169511)
CVE-2020-2757: Less Blocking Array Queues (bsc#1169511)
CVE-2020-2773: Better signatures in XML (bsc#1169511)
CVE-2020-2781: Improve TLS session handling (bsc#1169511)
CVE-2020-2800: Better Headings for HTTP Servers (bsc#1169511)
CVE-2020-2803: Enhance buffering of byte buffers (bsc#1169511)
CVE-2020-2805: Enhance typing of methods (bsc#1169511)
CVE-2020-2830: Better Scanner conversions (bsc#1169511)
Affected Software/OS: 'java-1_8_0-openjdk' package(s) on HPE Helion Openstack 8, SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2, SUSE Linux Enterprise Server 12-SP3, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8.
Solution: Please install the updated package(s).
CVSS Score: 5.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
|