{"affected":[{"ecosystem_specific":{"binaries":[{"java-1_8_0-openjdk":"1.8.0.222-3.24.2","java-1_8_0-openjdk-demo":"1.8.0.222-3.24.2","java-1_8_0-openjdk-devel":"1.8.0.222-3.24.2","java-1_8_0-openjdk-headless":"1.8.0.222-3.24.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Legacy 15","name":"java-1_8_0-openjdk","purl":"pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.8.0.222-3.24.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-1_8_0-openjdk":"1.8.0.222-3.24.2","java-1_8_0-openjdk-demo":"1.8.0.222-3.24.2","java-1_8_0-openjdk-devel":"1.8.0.222-3.24.2","java-1_8_0-openjdk-headless":"1.8.0.222-3.24.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Legacy 15 SP1","name":"java-1_8_0-openjdk","purl":"pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.8.0.222-3.24.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-1_8_0-openjdk-javadoc":"1.8.0.222-3.24.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Package Hub 15","name":"java-1_8_0-openjdk","purl":"pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.8.0.222-3.24.2"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for java-1_8_0-openjdk to version 8u222 fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-2745: Improved ECC Implementation (bsc#1141784).\n- CVE-2019-2762: Exceptional throw cases (bsc#1141782).\n- CVE-2019-2766: Improve file protocol handling (bsc#1141789).\n- CVE-2019-2769: Better copies of CopiesList (bsc#1141783).\n- CVE-2019-2786: More limited privilege usage (bsc#1141787).\n- CVE-2019-2816: Normalize normalization (bsc#1141785).\n- CVE-2019-2842: Extended AES support (bsc#1141786).\n- CVE-2019-7317: Improve PNG support (bsc#1141780).\n- Certificate validation improvements\n\nNon-security issue fixed:\n\n- Fixed an issue where the installation failed when the manpages are not present (bsc#1115375)\n\n","id":"SUSE-SU-2019:2021-1","modified":"2019-07-30T14:39:13Z","published":"2019-07-30T14:39:13Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2019/suse-su-20192021-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1115375"},{"type":"REPORT","url":"https://bugzilla.suse.com/1141780"},{"type":"REPORT","url":"https://bugzilla.suse.com/1141782"},{"type":"REPORT","url":"https://bugzilla.suse.com/1141783"},{"type":"REPORT","url":"https://bugzilla.suse.com/1141784"},{"type":"REPORT","url":"https://bugzilla.suse.com/1141785"},{"type":"REPORT","url":"https://bugzilla.suse.com/1141786"},{"type":"REPORT","url":"https://bugzilla.suse.com/1141787"},{"type":"REPORT","url":"https://bugzilla.suse.com/1141789"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-2745"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-2762"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-2766"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-2769"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-2786"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-2816"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-2842"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-7317"}],"related":["CVE-2019-2745","CVE-2019-2762","CVE-2019-2766","CVE-2019-2769","CVE-2019-2786","CVE-2019-2816","CVE-2019-2842","CVE-2019-7317"],"summary":"Security update for java-1_8_0-openjdk","upstream":["CVE-2019-2745","CVE-2019-2762","CVE-2019-2766","CVE-2019-2769","CVE-2019-2786","CVE-2019-2816","CVE-2019-2842","CVE-2019-7317"]}