{"affected":[{"ecosystem_specific":{"binaries":[{"java-1_8_0-ibm":"1.8.0_sr5.25-30.39.1","java-1_8_0-ibm-alsa":"1.8.0_sr5.25-30.39.1","java-1_8_0-ibm-devel":"1.8.0_sr5.25-30.39.1","java-1_8_0-ibm-plugin":"1.8.0_sr5.25-30.39.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP1","name":"java-1_8_0-ibm","purl":"pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.8.0_sr5.25-30.39.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"\njava-1_8_0-ibm was updated to Java 8.0 Service Refresh 5 Fix Pack 25 (bsc#1116574)\n\n* Class Libraries:\n\n  - IJ10934 CVE-2018-13785\n  - IJ10935 CVE-2018-3136\n  - IJ10895 CVE-2018-3139\n  - IJ10932 CVE-2018-3149\n  - IJ10894 CVE-2018-3180\n  - IJ10930 CVE-2018-3183\n  - IJ10933 CVE-2018-3214\n  - IJ09315 FLOATING POINT EXCEPTION FROM JAVA.TEXT.DECIMALFORMAT. FORMAT\n  - IJ09088 INTRODUCING A NEW PROPERTY FOR TURKEY TIMEZONE FOR PRODUCTS NOT IDENTIFYING TRT\n  - IJ10800 REMOVE EXPIRING ROOT CERTIFICATES IN IBM JDK’S CACERTS.\n  - IJ10566 SUPPORT EBCDIC CODE PAGE IBM-274 – BELGIUM EBCDIC\n\n* Java Virtual Machine\n\n  - IJ08730 APPLICATION SIGNAL HANDLER NOT INVOKED FOR SIGABRT\n  - IJ10453 ASSERTION FAILURE AT CLASSPATHITEM.CPP\n  - IJ09574 CLASSLOADER DEFINED THROUGH SYSTEM PROPERTY ‘JAVA.SYSTEM.CLASS.LOADE R’ IS NOT HONORED.\n  - IJ10931 CVE-2018-3169\n  - IJ10618 GPU SORT: UNSPECIFIED LAUNCH FAILURE\n  - IJ10619 INCORRECT ILLEGALARGUMENTEXCEPTION BECAUSE OBJECT IS NOT AN INSTANCE OF DECLARING CLASS ON REFLECTIVE INVOCATION\n  - IJ10135 JVM HUNG IN GARBAGECOLLECTORMXBEAN.G ETLASTGCINFO() API\n  - IJ10680 RECURRENT ABORTED SCAVENGE\n\n* ORB\n\n  - IX90187 CLIENTREQUESTIMPL.REINVO KE FAILS WITH JAVA.LANG.INDEXOUTOFBOUN DSEXCEPTION\n\n* Reliability and Serviceability\n\n  - IJ09600 DTFJ AND JDMPVIEW FAIL TO PARSE WIDE REGISTER VALUES\n\n* Security\n\n  - IJ10492 'EC KEYSIZE < 384' IS NOT HONORED USING THE 'JDK.TLS.DISABLEDALGORIT HMS' SECURITY PROPERTY\n  - IJ10310 ADD NULL CHECKING ON THE ENCRYPTION TYPES LIST TO CREDENTIALS.GETDEFAULTNA TIVECREDS() METHOD\n  - IJ10491 AES/GCM CIPHER – AAD NOT RESET TO UN-INIT STATE AFTER DOFINAL( ) AND INIT( )\n  - IJ08442 HTTP PUBLIC KEY PINNING FINGERPRINT,PROBLEM WITH CONVERTING TO JKS KEYSTORE\n  - IJ09107 IBMPKCS11IMPL CRYPTO PROVIDER – INTERMITTENT ERROR WITH SECP521R1 SIGNATURE ON Z/OS\n  - IJ10136 IBMPKCS11IMPL – INTERMITTENT ERROR WITH SECP521R1 SIG ON Z/OS AND Z/LINUX\n  - IJ08530 IBMPKCS11IMPL PROVIDER USES THE WRONG RSA CIPHER MECHANISM FOR THE RSA/ECB/PKCS1PADDING CIPHER\n  - IJ08723 JAAS THROWS A ‘ARRAY INDEX OUT OF RANGE’ EXCEPTION\n  - IJ08704 THE SECURITY PROPERTY ‘JDK.CERTPATH.DISABLEDAL GORITHMS’ IS MISTAKENLY BEING USED TO FILTER JAR SIGNING ALGORITHMS\n\n* z/OS Extentions\n\n  - PH03889 ADD SUPPORT FOR TRY-WITH-RESOURCES TO COM.IBM.JZOS.ENQUEUE\n  - PH03414 ROLLOVER FROM SYE TO SAE FOR ICSF REASON CODE 3059\n  - PH04008 ZERTJSSE – Z SYSTEMS ENCRYPTION READINESS TOOL (ZERT) NEW SUPPORT IN THE Z/OS JAVA SDK\n\nThis includes the update to Java 8.0 Service Refresh 5 Fix Pack 22:\n\n* Java Virtual Machine\n\n  - IJ09139 CUDA4J NOT AVAILABLE ON ALL PLATFORMS\n\n* JIT Compiler\n\n  - IJ09089 CRASH DURING COMPILATION IN USEREGISTER ON X86-32\n  - IJ08655 FLOATING POINT ERROR (SIGFPE) IN ZJ9SYM1 OR ANY VM/JIT MODULE ON AN INSTRUCTION FOLLOWING A VECTOR INSTRUCTION\n  - IJ08850 CRASH IN ARRAYLIST$ITR.NEXT()\n  - IJ09601 JVM CRASHES ON A SIGBUS SIGNAL WHEN ACCESSING A DIRECTBYTEBUFFER\n\n* z/OS Extentions\n\n  - PH02999 JZOS data management classes accept dataset names in code pages supported by z/OS system services\n  - PH01244 OUTPUT BUFFER TOO SHORT FOR GCM MODE ENCRYPTION USING IBMJCEHYBRID\n\nAlso the update to Java 8.0 Service Refresh 5 Fix Pack 21\n\n* Class Libraries\n\n  - IJ08569 JAVA.IO.IOEXCEPTION OCCURS WHEN A FILECHANNEL IS BIGGER THAN 2GB ON AIX PLATFORM\n  - IJ08570 JAVA.LANG.UNSATISFIEDLIN KERROR WITH JAVA OPTION -DSUN.JAVA2D.CMM=SUN.JAV A2D.CMM.KCMS.KCMSSERVICE PROVIDER ON AIX PLATFORM\n\n* Java Virtual Machine\n\n  - IJ08001 30% THROUGHPUT DROP FOR CERTAIN SYNCHRONIZATION WORKLOADS\n  - IJ07997 TRACEASSERT IN GARBAGE COLLECTOR(MEMORYSUBSPACE)\n\n* JIT Compiler\n\n  - IJ08503 ASSERTION IS HIT DUE TO UNEXPECTED STACK HEIGHT IN DEBUGGING MODE\n  - IJ08375 CRASH DURING HARDWARE GENERATED GUARDED STORAGE EVENT WITHIN A TRANSACTIONAL EXECUTION REGION WHEN RUNNING WITH -XGC:CONCURRENTS\n  - IJ08205 CRASH WHILE COMPILING\n  - IJ09575 INCORRECT RESULT WHEN USING JAVA.LANG.MATH.MIN OR MAX ON 31-BIT JVM\n  - IJ07886 INCORRECT CALUCATIONS WHEN USING NUMBERFORMAT.FORMAT() AND BIGDECIMAL.{FLOAT/DOUBLE }VALUE()\n","id":"SUSE-SU-2018:4064-2","modified":"2019-04-27T15:02:25Z","published":"2019-04-27T15:02:25Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2018/suse-su-20184064-2/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1116574"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-13785"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-3136"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-3139"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-3149"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-3169"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-3180"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-3183"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-3214"}],"related":["CVE-2018-13785","CVE-2018-3136","CVE-2018-3139","CVE-2018-3149","CVE-2018-3169","CVE-2018-3180","CVE-2018-3183","CVE-2018-3214"],"summary":"Security update for java-1_8_0-ibm","upstream":["CVE-2018-13785","CVE-2018-3136","CVE-2018-3139","CVE-2018-3149","CVE-2018-3169","CVE-2018-3180","CVE-2018-3183","CVE-2018-3214"]}