{"affected":[{"ecosystem_specific":{"binaries":[{"java-11-openjdk":"11.0.7.0-lp151.3.16.1","java-11-openjdk-accessibility":"11.0.7.0-lp151.3.16.1","java-11-openjdk-demo":"11.0.7.0-lp151.3.16.1","java-11-openjdk-devel":"11.0.7.0-lp151.3.16.1","java-11-openjdk-headless":"11.0.7.0-lp151.3.16.1","java-11-openjdk-javadoc":"11.0.7.0-lp151.3.16.1","java-11-openjdk-jmods":"11.0.7.0-lp151.3.16.1","java-11-openjdk-src":"11.0.7.0-lp151.3.16.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.1","name":"java-11-openjdk","purl":"pkg:rpm/opensuse/java-11-openjdk&distro=openSUSE%20Leap%2015.1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"11.0.7.0-lp151.3.16.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for java-11-openjdk fixes the following issues:\n\nJava was updated to jdk-11.0.7+10 (April 2020 CPU, bsc#1169511).\n\nSecurity issues fixed:\n\n- CVE-2020-2754: Fixed an incorrect handling of regular expressions that could have resulted in denial of service (bsc#1169511).\n- CVE-2020-2755: Fixed an incorrect handling of regular expressions that could have resulted in denial of service (bsc#1169511).\n- CVE-2020-2756: Fixed an incorrect handling of regular expressions that could have resulted in denial of service (bsc#1169511).\n- CVE-2020-2757: Fixed an object deserialization issue that could have resulted in denial of service via crafted serialized input (bsc#1169511).\n- CVE-2020-2767: Fixed an incorrect handling of certificate messages during TLS handshakes (bsc#1169511).\n- CVE-2020-2773: Fixed the incorrect handling of exceptions thrown by unmarshalKeyInfo() and unmarshalXMLSignature() (bsc#1169511).\n- CVE-2020-2778: Fixed the incorrect handling of SSLParameters in setAlgorithmConstraints(), which could have been abused to override the defined systems security policy and lead to the use of weak crypto algorithms (bsc#1169511).\n- CVE-2020-2781: Fixed the incorrect re-use of single null TLS sessions (bsc#1169511).\n- CVE-2020-2800: Fixed an HTTP header injection issue caused by mishandling of CR/LF in header values (bsc#1169511).\n- CVE-2020-2803: Fixed a boundary check and type check issue that could have led to a sandbox bypass (bsc#1169511).\n- CVE-2020-2805: Fixed a boundary check and type check issue that could have led to a sandbox bypass (bsc#1169511).\n- CVE-2020-2816: Fixed an incorrect handling of application data packets during TLS handshakes  (bsc#1169511).\n- CVE-2020-2830: Fixed an incorrect handling of regular expressions that could have resulted in denial of service (bsc#1169511).\n\nThis update was imported from the SUSE:SLE-15:Update update project.","id":"openSUSE-SU-2020:0757-1","modified":"2020-06-02T10:13:07Z","published":"2020-06-02T10:13:07Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SDEP4JPECWYIDSKVUAK7GXMXY4KKSX4F/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1167462"},{"type":"REPORT","url":"https://bugzilla.suse.com/1169511"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-2754"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-2755"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-2756"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-2757"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-2767"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-2773"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-2778"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-2781"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-2800"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-2803"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-2805"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-2816"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-2830"}],"related":["CVE-2020-2754","CVE-2020-2755","CVE-2020-2756","CVE-2020-2757","CVE-2020-2767","CVE-2020-2773","CVE-2020-2778","CVE-2020-2781","CVE-2020-2800","CVE-2020-2803","CVE-2020-2805","CVE-2020-2816","CVE-2020-2830"],"summary":"Security update for java-11-openjdk","upstream":["CVE-2020-2754","CVE-2020-2755","CVE-2020-2756","CVE-2020-2757","CVE-2020-2767","CVE-2020-2773","CVE-2020-2778","CVE-2020-2781","CVE-2020-2800","CVE-2020-2803","CVE-2020-2805","CVE-2020-2816","CVE-2020-2830"]}