Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-7317 (GCVE-0-2019-7317)
Vulnerability from cvelistv5 – Published: 2019-02-04 07:00 – Updated: 2026-05-28 18:24
VLAI
EPSS
Summary
png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.
Severity
5.3 (Medium)
CWE
- n/a
Assigner
References
42 references
Date Public
2019-02-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:46:45.928Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20190417 [slackware-security] libpng (SSA:2019-107-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Apr/30"
},
{
"name": "DSA-4435",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4435"
},
{
"name": "20190429 [SECURITY] [DSA 4435-1] libpng1.6 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Apr/36"
},
{
"name": "USN-3962-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3962-1/"
},
{
"name": "USN-3991-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3991-1/"
},
{
"name": "20190522 [slackware-security] mozilla-firefox (SSA:2019-141-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/May/56"
},
{
"name": "20190523 [SECURITY] [DSA 4448-1] firefox-esr security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/May/59"
},
{
"name": "DSA-4448",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4448"
},
{
"name": "[debian-lts-announce] 20190523 [SECURITY] [DLA 1800-1] firefox-esr security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00032.html"
},
{
"name": "RHSA-2019:1265",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1265"
},
{
"name": "RHSA-2019:1267",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1267"
},
{
"name": "RHSA-2019:1269",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1269"
},
{
"name": "DSA-4451",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4451"
},
{
"name": "20190527 [SECURITY] [DSA 4451-1] thunderbird security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/May/67"
},
{
"name": "[debian-lts-announce] 20190527 [SECURITY] [DLA 1806-1] thunderbird security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html"
},
{
"name": "USN-3997-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3997-1/"
},
{
"name": "openSUSE-SU-2019:1484",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html"
},
{
"name": "RHSA-2019:1310",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1310"
},
{
"name": "RHSA-2019:1308",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1308"
},
{
"name": "RHSA-2019:1309",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1309"
},
{
"name": "openSUSE-SU-2019:1534",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html"
},
{
"name": "openSUSE-SU-2019:1664",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html"
},
{
"name": "108098",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108098"
},
{
"name": "USN-4080-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4080-1/"
},
{
"name": "USN-4083-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4083-1/"
},
{
"name": "GLSA-201908-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201908-02"
},
{
"name": "RHSA-2019:2494",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2494"
},
{
"name": "RHSA-2019:2495",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2495"
},
{
"name": "openSUSE-SU-2019:1916",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html"
},
{
"name": "openSUSE-SU-2019:1912",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html"
},
{
"name": "RHSA-2019:2585",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2585"
},
{
"name": "RHSA-2019:2590",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2590"
},
{
"name": "RHSA-2019:2592",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2592"
},
{
"name": "RHSA-2019:2737",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2737"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/glennrp/libpng/issues/275"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190719-0005/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03977en_us"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2019-7317",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-28T18:24:04.122794Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T18:24:45.126Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-02-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-20T10:38:36.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20190417 [slackware-security] libpng (SSA:2019-107-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Apr/30"
},
{
"name": "DSA-4435",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4435"
},
{
"name": "20190429 [SECURITY] [DSA 4435-1] libpng1.6 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Apr/36"
},
{
"name": "USN-3962-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3962-1/"
},
{
"name": "USN-3991-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3991-1/"
},
{
"name": "20190522 [slackware-security] mozilla-firefox (SSA:2019-141-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/May/56"
},
{
"name": "20190523 [SECURITY] [DSA 4448-1] firefox-esr security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/May/59"
},
{
"name": "DSA-4448",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4448"
},
{
"name": "[debian-lts-announce] 20190523 [SECURITY] [DLA 1800-1] firefox-esr security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00032.html"
},
{
"name": "RHSA-2019:1265",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1265"
},
{
"name": "RHSA-2019:1267",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1267"
},
{
"name": "RHSA-2019:1269",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1269"
},
{
"name": "DSA-4451",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4451"
},
{
"name": "20190527 [SECURITY] [DSA 4451-1] thunderbird security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/May/67"
},
{
"name": "[debian-lts-announce] 20190527 [SECURITY] [DLA 1806-1] thunderbird security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html"
},
{
"name": "USN-3997-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3997-1/"
},
{
"name": "openSUSE-SU-2019:1484",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html"
},
{
"name": "RHSA-2019:1310",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1310"
},
{
"name": "RHSA-2019:1308",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1308"
},
{
"name": "RHSA-2019:1309",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1309"
},
{
"name": "openSUSE-SU-2019:1534",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html"
},
{
"name": "openSUSE-SU-2019:1664",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html"
},
{
"name": "108098",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108098"
},
{
"name": "USN-4080-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4080-1/"
},
{
"name": "USN-4083-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4083-1/"
},
{
"name": "GLSA-201908-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201908-02"
},
{
"name": "RHSA-2019:2494",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2494"
},
{
"name": "RHSA-2019:2495",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2495"
},
{
"name": "openSUSE-SU-2019:1916",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html"
},
{
"name": "openSUSE-SU-2019:1912",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html"
},
{
"name": "RHSA-2019:2585",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2585"
},
{
"name": "RHSA-2019:2590",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2590"
},
{
"name": "RHSA-2019:2592",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2592"
},
{
"name": "RHSA-2019:2737",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2737"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/glennrp/libpng/issues/275"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190719-0005/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03977en_us"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7317",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190417 [slackware-security] libpng (SSA:2019-107-01)",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Apr/30"
},
{
"name": "DSA-4435",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4435"
},
{
"name": "20190429 [SECURITY] [DSA 4435-1] libpng1.6 security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Apr/36"
},
{
"name": "USN-3962-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3962-1/"
},
{
"name": "USN-3991-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3991-1/"
},
{
"name": "20190522 [slackware-security] mozilla-firefox (SSA:2019-141-01)",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/May/56"
},
{
"name": "20190523 [SECURITY] [DSA 4448-1] firefox-esr security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/May/59"
},
{
"name": "DSA-4448",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4448"
},
{
"name": "[debian-lts-announce] 20190523 [SECURITY] [DLA 1800-1] firefox-esr security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00032.html"
},
{
"name": "RHSA-2019:1265",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1265"
},
{
"name": "RHSA-2019:1267",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1267"
},
{
"name": "RHSA-2019:1269",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1269"
},
{
"name": "DSA-4451",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4451"
},
{
"name": "20190527 [SECURITY] [DSA 4451-1] thunderbird security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/May/67"
},
{
"name": "[debian-lts-announce] 20190527 [SECURITY] [DLA 1806-1] thunderbird security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html"
},
{
"name": "USN-3997-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3997-1/"
},
{
"name": "openSUSE-SU-2019:1484",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html"
},
{
"name": "RHSA-2019:1310",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1310"
},
{
"name": "RHSA-2019:1308",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1308"
},
{
"name": "RHSA-2019:1309",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1309"
},
{
"name": "openSUSE-SU-2019:1534",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html"
},
{
"name": "openSUSE-SU-2019:1664",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html"
},
{
"name": "108098",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108098"
},
{
"name": "USN-4080-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4080-1/"
},
{
"name": "USN-4083-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4083-1/"
},
{
"name": "GLSA-201908-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201908-02"
},
{
"name": "RHSA-2019:2494",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2494"
},
{
"name": "RHSA-2019:2495",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2495"
},
{
"name": "openSUSE-SU-2019:1916",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html"
},
{
"name": "openSUSE-SU-2019:1912",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html"
},
{
"name": "RHSA-2019:2585",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2585"
},
{
"name": "RHSA-2019:2590",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2590"
},
{
"name": "RHSA-2019:2592",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2592"
},
{
"name": "RHSA-2019:2737",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2737"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803"
},
{
"name": "https://github.com/glennrp/libpng/issues/275",
"refsource": "MISC",
"url": "https://github.com/glennrp/libpng/issues/275"
},
{
"name": "http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190719-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190719-0005/"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03977en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03977en_us"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-7317",
"datePublished": "2019-02-04T07:00:00.000Z",
"dateReserved": "2019-02-04T00:00:00.000Z",
"dateUpdated": "2026-05-28T18:24:45.126Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2019-7317",
"date": "2026-05-29",
"epss": "0.00565",
"percentile": "0.68734"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2019-7317\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-02-04T08:29:00.447\",\"lastModified\":\"2026-05-28T19:16:35.503\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n png_image_free en el archivo png.c en libpng versiones 1.6.x anteriores a 1.6.37, presenta un uso de la memoria previamente liberada porque la funci\u00f3n png_image_free_function es llamada bajo png_safe_execute.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:N/I:N/A:P\",\"baseScore\":2.6,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":4.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.6.0\",\"versionEndExcluding\":\"1.6.37\",\"matchCriteriaId\":\"078AA00A-515F-493E-A53E-FE1937FA8018\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"712507AC-DAB8-4FFE-9426-08282919411F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*\",\"matchCriteriaId\":\"7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07C312A0-CD2C-4B9C-B064-6409B25C278F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD783B0C-9246-47D9-A937-6144FE8BFF0F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.2.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C21D62F-F3DD-4E9E-B644-07CCC49F3D53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:java_se:7u221:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3999BDC1-BA77-4DBE-8041-D993BA9FF04D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:java_se:8u212:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2B2677D-6B48-45A2-8567-AB6DB9FF1B45\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdk:11.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EAF3DD5E-1A96-4285-84BA-EB5E31EF2516\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdk:12.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"32318CC6-B8C4-4429-BB8B-134DC202A27E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.0.23\",\"matchCriteriaId\":\"0185E85D-2C64-4D77-BC1D-A20165D5078E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hp:xp7_command_view:*:*:*:*:advanced:*:*:*\",\"versionEndExcluding\":\"8.7.0-00\",\"matchCriteriaId\":\"6B07BDE2-FE50-4C0E-9C73-6AA6C1D6C060\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hpe:xp7_command_view_advanced_edition_suite:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.7.0-00\",\"matchCriteriaId\":\"BE33C1F1-DED8-424C-8942-E1A48A9EBA05\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97D4FFCF-5309-43B6-9FD5-680C6D535A7F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:thunderbird:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF583CDC-DE9E-45AB-9861-CB203BFA8862\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1E78106-58E6-4D59-990F-75DA575BFAD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B620311B-34A3-48A6-82DF-6F078D7A4493\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:opensuse:package_hub:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B8B0B75-0DF2-4B5C-BC81-2F8E172AEE4E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CBC8B78D-1131-4F21-919D-8AC79A410FB9\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*\",\"versionEndExcluding\":\"9.6\",\"matchCriteriaId\":\"60429DC5-C403-41D1-9DDF-30782D012DF6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*\",\"versionEndExcluding\":\"9.6\",\"matchCriteriaId\":\"95571D2E-5C83-484C-A44F-AC36972C67D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:active_iq_unified_manager:9.6:*:*:*:*:vmware_vsphere:*:*\",\"matchCriteriaId\":\"3AF659DD-C4AE-4DDC-B50B-327A717EFC74\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:active_iq_unified_manager:9.6:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"40E21C6E-AEDF-43E8-AA80-629C77D24DF7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C2089EE-5D7F-47EC-8EA5-0F69790564C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:e-series_santricity_management:-:*:*:*:*:vcenter:*:*\",\"matchCriteriaId\":\"BADA4949-F766-4092-A6BC-1B85B5FB60FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:e-series_santricity_storage_manager:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.53\",\"matchCriteriaId\":\"1FC01AF8-4A4B-4FC4-B07F-1193FEFF5A47\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:e-series_santricity_unified_manager:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.2\",\"matchCriteriaId\":\"8557ED41-5B30-47C8-A556-6C1F6E8E227B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:e-series_santricity_web_services:*:*:*:*:*:web_services_proxy:*:*\",\"versionEndExcluding\":\"4.0\",\"matchCriteriaId\":\"C7E42333-853D-4938-90EB-2A6653476357\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_insight:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.3.9\",\"matchCriteriaId\":\"82DC1F62-0DA2-4BB8-9AFE-4BC4366205F5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_workflow_automation:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.1\",\"matchCriteriaId\":\"2798786F-A818-4C52-BC20-0A69DB49D16A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FFE0A9D2-9A49-4BF6-BC6F-8249162D8334\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:snapmanager:*:*:*:*:*:oracle:*:*\",\"versionEndExcluding\":\"3.4.2\",\"matchCriteriaId\":\"41436638-0B88-4823-8208-81C01F2CA6A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:snapmanager:*:*:*:*:*:sap:*:*\",\"versionEndExcluding\":\"3.4.2\",\"matchCriteriaId\":\"910F5303-1F70-44E3-A951-567447BC46FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:snapmanager:3.4.2:p1:*:*:*:oracle:*:*\",\"matchCriteriaId\":\"1925AC26-45D4-46D5-ACDD-91E5A90977B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:snapmanager:3.4.2:p1:*:*:*:sap:*:*\",\"matchCriteriaId\":\"9DC6435A-8369-4D18-A6EE-84E73D6AA84D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:steelstore:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0DF5449D-22D2-48B4-8F50-57B43DCB15B9\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4F86C3C-B99C-44C6-97D7-163DC3F59687\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33C068A4-3780-4EAB-A937-6082DF847564\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5291B60-AB52-4830-8E1A-8048A471902C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"566507B6-AC95-47F7-A3FB-C6F414E45F51\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"87C21FE1-EA5C-498F-9C6C-D05F91A88217\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25C8B513-76C1-4184-A253-CB32F04A05BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1CDCFF34-6F1D-45A1-BE37-6A0E17B04801\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B4A684C7-88FD-43C4-9BDB-AE337FCBD0AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"47811209-5CE5-4375-8391-B0A7F6A0E420\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"634C23AC-AC9C-43F4-BED8-1C720816D5E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"37CE1DC7-72C5-483C-8921-0B462C8284D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5ED5807-55B7-47C5-97A6-03233F4FBC3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"825ECE2D-E232-46E0-A047-074B34DB1E97\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/108098\",\"source\":\"cve@mitre.org\",\"tags\":[\"Not Applicable\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1265\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1267\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1269\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1308\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1309\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1310\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2494\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2495\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2585\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2590\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2592\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2737\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/glennrp/libpng/issues/275\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/05/msg00032.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://seclists.org/bugtraq/2019/Apr/30\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://seclists.org/bugtraq/2019/Apr/36\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://seclists.org/bugtraq/2019/May/56\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://seclists.org/bugtraq/2019/May/59\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://seclists.org/bugtraq/2019/May/67\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201908-02\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20190719-0005/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03977en_us\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3962-1/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3991-1/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3997-1/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4080-1/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4083-1/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2019/dsa-4435\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2019/dsa-4448\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2019/dsa-4451\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuApr2021.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2021.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/108098\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1265\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1267\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1269\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1308\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1309\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1310\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2494\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2495\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2585\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2590\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2592\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2737\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/glennrp/libpng/issues/275\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/05/msg00032.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://seclists.org/bugtraq/2019/Apr/30\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://seclists.org/bugtraq/2019/Apr/36\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://seclists.org/bugtraq/2019/May/56\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://seclists.org/bugtraq/2019/May/59\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://seclists.org/bugtraq/2019/May/67\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201908-02\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20190719-0005/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03977en_us\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3962-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3991-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3997-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4080-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4083-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2019/dsa-4435\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2019/dsa-4448\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2019/dsa-4451\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuApr2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://seclists.org/bugtraq/2019/Apr/30\", \"name\": \"20190417 [slackware-security] libpng (SSA:2019-107-01)\", \"tags\": [\"mailing-list\", \"x_refsource_BUGTRAQ\", \"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2019/dsa-4435\", \"name\": \"DSA-4435\", \"tags\": [\"vendor-advisory\", \"x_refsource_DEBIAN\", \"x_transferred\"]}, {\"url\": \"https://seclists.org/bugtraq/2019/Apr/36\", \"name\": \"20190429 [SECURITY] [DSA 4435-1] libpng1.6 security update\", \"tags\": [\"mailing-list\", \"x_refsource_BUGTRAQ\", \"x_transferred\"]}, {\"url\": \"https://usn.ubuntu.com/3962-1/\", \"name\": \"USN-3962-1\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\", \"x_transferred\"]}, {\"url\": \"https://usn.ubuntu.com/3991-1/\", \"name\": \"USN-3991-1\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\", \"x_transferred\"]}, {\"url\": \"https://seclists.org/bugtraq/2019/May/56\", \"name\": \"20190522 [slackware-security] mozilla-firefox (SSA:2019-141-01)\", \"tags\": [\"mailing-list\", \"x_refsource_BUGTRAQ\", \"x_transferred\"]}, {\"url\": \"https://seclists.org/bugtraq/2019/May/59\", \"name\": \"20190523 [SECURITY] [DSA 4448-1] firefox-esr security update\", \"tags\": [\"mailing-list\", \"x_refsource_BUGTRAQ\", \"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2019/dsa-4448\", \"name\": \"DSA-4448\", \"tags\": [\"vendor-advisory\", \"x_refsource_DEBIAN\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/05/msg00032.html\", \"name\": \"[debian-lts-announce] 20190523 [SECURITY] [DLA 1800-1] firefox-esr security update\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1265\", \"name\": \"RHSA-2019:1265\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1267\", \"name\": \"RHSA-2019:1267\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1269\", \"name\": \"RHSA-2019:1269\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2019/dsa-4451\", \"name\": \"DSA-4451\", \"tags\": [\"vendor-advisory\", \"x_refsource_DEBIAN\", \"x_transferred\"]}, {\"url\": \"https://seclists.org/bugtraq/2019/May/67\", \"name\": \"20190527 [SECURITY] [DSA 4451-1] thunderbird security update\", \"tags\": [\"mailing-list\", \"x_refsource_BUGTRAQ\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html\", \"name\": \"[debian-lts-announce] 20190527 [SECURITY] [DLA 1806-1] thunderbird security update\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://usn.ubuntu.com/3997-1/\", \"name\": \"USN-3997-1\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html\", \"name\": \"openSUSE-SU-2019:1484\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1310\", \"name\": \"RHSA-2019:1310\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1308\", \"name\": \"RHSA-2019:1308\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1309\", \"name\": \"RHSA-2019:1309\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html\", \"name\": \"openSUSE-SU-2019:1534\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html\", \"name\": \"openSUSE-SU-2019:1664\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\", \"x_transferred\"]}, {\"url\": \"http://www.securityfocus.com/bid/108098\", \"name\": \"108098\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\", \"x_transferred\"]}, {\"url\": \"https://usn.ubuntu.com/4080-1/\", \"name\": \"USN-4080-1\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\", \"x_transferred\"]}, {\"url\": \"https://usn.ubuntu.com/4083-1/\", \"name\": \"USN-4083-1\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\", \"x_transferred\"]}, {\"url\": \"https://security.gentoo.org/glsa/201908-02\", \"name\": \"GLSA-201908-02\", \"tags\": [\"vendor-advisory\", \"x_refsource_GENTOO\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2494\", \"name\": \"RHSA-2019:2494\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2495\", \"name\": \"RHSA-2019:2495\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html\", \"name\": \"openSUSE-SU-2019:1916\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html\", \"name\": \"openSUSE-SU-2019:1912\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2585\", \"name\": \"RHSA-2019:2585\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2590\", \"name\": \"RHSA-2019:2590\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2592\", \"name\": \"RHSA-2019:2592\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2737\", \"name\": \"RHSA-2019:2737\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuApr2021.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/glennrp/libpng/issues/275\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20190719-0005/\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03977en_us\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2021.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T20:46:45.928Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2019-7317\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-28T18:24:04.122794Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-416\", \"description\": \"CWE-416 Use After Free\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-28T18:24:38.239Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"datePublic\": \"2019-02-04T00:00:00.000Z\", \"references\": [{\"url\": \"https://seclists.org/bugtraq/2019/Apr/30\", \"name\": \"20190417 [slackware-security] libpng (SSA:2019-107-01)\", \"tags\": [\"mailing-list\", \"x_refsource_BUGTRAQ\"]}, {\"url\": \"https://www.debian.org/security/2019/dsa-4435\", \"name\": \"DSA-4435\", \"tags\": [\"vendor-advisory\", \"x_refsource_DEBIAN\"]}, {\"url\": \"https://seclists.org/bugtraq/2019/Apr/36\", \"name\": \"20190429 [SECURITY] [DSA 4435-1] libpng1.6 security update\", \"tags\": [\"mailing-list\", \"x_refsource_BUGTRAQ\"]}, {\"url\": \"https://usn.ubuntu.com/3962-1/\", \"name\": \"USN-3962-1\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\"]}, {\"url\": \"https://usn.ubuntu.com/3991-1/\", \"name\": \"USN-3991-1\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\"]}, {\"url\": \"https://seclists.org/bugtraq/2019/May/56\", \"name\": \"20190522 [slackware-security] mozilla-firefox (SSA:2019-141-01)\", \"tags\": [\"mailing-list\", \"x_refsource_BUGTRAQ\"]}, {\"url\": \"https://seclists.org/bugtraq/2019/May/59\", \"name\": \"20190523 [SECURITY] [DSA 4448-1] firefox-esr security update\", \"tags\": [\"mailing-list\", \"x_refsource_BUGTRAQ\"]}, {\"url\": \"https://www.debian.org/security/2019/dsa-4448\", \"name\": \"DSA-4448\", \"tags\": [\"vendor-advisory\", \"x_refsource_DEBIAN\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/05/msg00032.html\", \"name\": \"[debian-lts-announce] 20190523 [SECURITY] [DLA 1800-1] firefox-esr security update\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1265\", \"name\": \"RHSA-2019:1265\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1267\", \"name\": \"RHSA-2019:1267\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1269\", \"name\": \"RHSA-2019:1269\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://www.debian.org/security/2019/dsa-4451\", \"name\": \"DSA-4451\", \"tags\": [\"vendor-advisory\", \"x_refsource_DEBIAN\"]}, {\"url\": \"https://seclists.org/bugtraq/2019/May/67\", \"name\": \"20190527 [SECURITY] [DSA 4451-1] thunderbird security update\", \"tags\": [\"mailing-list\", \"x_refsource_BUGTRAQ\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html\", \"name\": \"[debian-lts-announce] 20190527 [SECURITY] [DLA 1806-1] thunderbird security update\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://usn.ubuntu.com/3997-1/\", \"name\": \"USN-3997-1\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html\", \"name\": \"openSUSE-SU-2019:1484\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1310\", \"name\": \"RHSA-2019:1310\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1308\", \"name\": \"RHSA-2019:1308\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1309\", \"name\": \"RHSA-2019:1309\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html\", \"name\": \"openSUSE-SU-2019:1534\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html\", \"name\": \"openSUSE-SU-2019:1664\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\"]}, {\"url\": \"http://www.securityfocus.com/bid/108098\", \"name\": \"108098\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\"]}, {\"url\": \"https://usn.ubuntu.com/4080-1/\", \"name\": \"USN-4080-1\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\"]}, {\"url\": \"https://usn.ubuntu.com/4083-1/\", \"name\": \"USN-4083-1\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\"]}, {\"url\": \"https://security.gentoo.org/glsa/201908-02\", \"name\": \"GLSA-201908-02\", \"tags\": [\"vendor-advisory\", \"x_refsource_GENTOO\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2494\", \"name\": \"RHSA-2019:2494\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2495\", \"name\": \"RHSA-2019:2495\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html\", \"name\": \"openSUSE-SU-2019:1916\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html\", \"name\": \"openSUSE-SU-2019:1912\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2585\", \"name\": \"RHSA-2019:2585\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2590\", \"name\": \"RHSA-2019:2590\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2592\", \"name\": \"RHSA-2019:2592\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2737\", \"name\": \"RHSA-2019:2737\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuApr2021.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/glennrp/libpng/issues/275\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20190719-0005/\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03977en_us\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2021.html\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2021-10-20T10:38:36.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}, \"product_name\": \"n/a\"}]}, \"vendor_name\": \"n/a\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://seclists.org/bugtraq/2019/Apr/30\", \"name\": \"20190417 [slackware-security] libpng (SSA:2019-107-01)\", \"refsource\": \"BUGTRAQ\"}, {\"url\": \"https://www.debian.org/security/2019/dsa-4435\", \"name\": \"DSA-4435\", \"refsource\": \"DEBIAN\"}, {\"url\": \"https://seclists.org/bugtraq/2019/Apr/36\", \"name\": \"20190429 [SECURITY] [DSA 4435-1] libpng1.6 security update\", \"refsource\": \"BUGTRAQ\"}, {\"url\": \"https://usn.ubuntu.com/3962-1/\", \"name\": \"USN-3962-1\", \"refsource\": \"UBUNTU\"}, {\"url\": \"https://usn.ubuntu.com/3991-1/\", \"name\": \"USN-3991-1\", \"refsource\": \"UBUNTU\"}, {\"url\": \"https://seclists.org/bugtraq/2019/May/56\", \"name\": \"20190522 [slackware-security] mozilla-firefox (SSA:2019-141-01)\", \"refsource\": \"BUGTRAQ\"}, {\"url\": \"https://seclists.org/bugtraq/2019/May/59\", \"name\": \"20190523 [SECURITY] [DSA 4448-1] firefox-esr security update\", \"refsource\": \"BUGTRAQ\"}, {\"url\": \"https://www.debian.org/security/2019/dsa-4448\", \"name\": \"DSA-4448\", \"refsource\": \"DEBIAN\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/05/msg00032.html\", \"name\": \"[debian-lts-announce] 20190523 [SECURITY] [DLA 1800-1] firefox-esr security update\", \"refsource\": \"MLIST\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1265\", \"name\": \"RHSA-2019:1265\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1267\", \"name\": \"RHSA-2019:1267\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1269\", \"name\": \"RHSA-2019:1269\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://www.debian.org/security/2019/dsa-4451\", \"name\": \"DSA-4451\", \"refsource\": \"DEBIAN\"}, {\"url\": \"https://seclists.org/bugtraq/2019/May/67\", \"name\": \"20190527 [SECURITY] [DSA 4451-1] thunderbird security update\", \"refsource\": \"BUGTRAQ\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html\", \"name\": \"[debian-lts-announce] 20190527 [SECURITY] [DLA 1806-1] thunderbird security update\", \"refsource\": \"MLIST\"}, {\"url\": \"https://usn.ubuntu.com/3997-1/\", \"name\": \"USN-3997-1\", \"refsource\": \"UBUNTU\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html\", \"name\": \"openSUSE-SU-2019:1484\", \"refsource\": \"SUSE\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1310\", \"name\": \"RHSA-2019:1310\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1308\", \"name\": \"RHSA-2019:1308\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1309\", \"name\": \"RHSA-2019:1309\", \"refsource\": \"REDHAT\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html\", \"name\": \"openSUSE-SU-2019:1534\", \"refsource\": \"SUSE\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html\", \"name\": \"openSUSE-SU-2019:1664\", \"refsource\": \"SUSE\"}, {\"url\": \"http://www.securityfocus.com/bid/108098\", \"name\": \"108098\", \"refsource\": \"BID\"}, {\"url\": \"https://usn.ubuntu.com/4080-1/\", \"name\": \"USN-4080-1\", \"refsource\": \"UBUNTU\"}, {\"url\": \"https://usn.ubuntu.com/4083-1/\", \"name\": \"USN-4083-1\", \"refsource\": \"UBUNTU\"}, {\"url\": \"https://security.gentoo.org/glsa/201908-02\", \"name\": \"GLSA-201908-02\", \"refsource\": \"GENTOO\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2494\", \"name\": \"RHSA-2019:2494\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2495\", \"name\": \"RHSA-2019:2495\", \"refsource\": \"REDHAT\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html\", \"name\": \"openSUSE-SU-2019:1916\", \"refsource\": \"SUSE\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html\", \"name\": \"openSUSE-SU-2019:1912\", \"refsource\": \"SUSE\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2585\", \"name\": \"RHSA-2019:2585\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2590\", \"name\": \"RHSA-2019:2590\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2592\", \"name\": \"RHSA-2019:2592\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2737\", \"name\": \"RHSA-2019:2737\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\", \"name\": \"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\", \"refsource\": \"MISC\"}, {\"url\": \"https://www.oracle.com/security-alerts/cpuApr2021.html\", \"name\": \"https://www.oracle.com/security-alerts/cpuApr2021.html\", \"refsource\": \"MISC\"}, {\"url\": \"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803\", \"name\": \"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803\", \"refsource\": \"MISC\"}, {\"url\": \"https://github.com/glennrp/libpng/issues/275\", \"name\": \"https://github.com/glennrp/libpng/issues/275\", \"refsource\": \"MISC\"}, {\"url\": \"http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html\", \"name\": \"http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html\", \"refsource\": \"MISC\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20190719-0005/\", \"name\": \"https://security.netapp.com/advisory/ntap-20190719-0005/\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03977en_us\", \"name\": \"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03977en_us\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2021.html\", \"name\": \"https://www.oracle.com/security-alerts/cpuoct2021.html\", \"refsource\": \"MISC\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"n/a\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2019-7317\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"cve@mitre.org\"}}}}",
"cveMetadata": "{\"cveId\": \"CVE-2019-7317\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-28T18:24:45.126Z\", \"dateReserved\": \"2019-02-04T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2019-02-04T07:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Title
libpng 'png_image_free'函数内存错误引用漏洞
Description
libpng是一个可对PNG图形文件实现创建、读写等操作的PNG参考库。
libpng 1.6.36版本中的png.c文件的'png_image_free'函数存在内存错误引用漏洞。攻击者可借助特制的文件利用该漏洞造成拒绝服务。
Severity
中
Formal description
目前厂商暂未发布修复措施解决此安全问题,建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法: http://www.libpng.org/
Reference
https://seclists.org/bugtraq/2019/Apr/30
Impacted products
| Name | libpng libpng 1.6.36 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2019-7317"
}
},
"description": "libpng\u662f\u4e00\u4e2a\u53ef\u5bf9PNG\u56fe\u5f62\u6587\u4ef6\u5b9e\u73b0\u521b\u5efa\u3001\u8bfb\u5199\u7b49\u64cd\u4f5c\u7684PNG\u53c2\u8003\u5e93\u3002\n\nlibpng 1.6.36\u7248\u672c\u4e2d\u7684png.c\u6587\u4ef6\u7684\u0027png_image_free\u0027\u51fd\u6570\u5b58\u5728\u5185\u5b58\u9519\u8bef\u5f15\u7528\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u6587\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002",
"discovererName": "unknwon",
"formalWay": "\u76ee\u524d\u5382\u5546\u6682\u672a\u53d1\u5e03\u4fee\u590d\u63aa\u65bd\u89e3\u51b3\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u6216\u53c2\u8003\u7f51\u5740\u4ee5\u83b7\u53d6\u89e3\u51b3\u529e\u6cd5\uff1a\r\nhttp://www.libpng.org/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2019-11838",
"openTime": "2019-04-22",
"products": {
"product": "libpng libpng 1.6.36"
},
"referenceLink": "https://seclists.org/bugtraq/2019/Apr/30",
"serverity": "\u4e2d",
"submitTime": "2019-04-22",
"title": "libpng \u0027png_image_free\u0027\u51fd\u6570\u5185\u5b58\u9519\u8bef\u5f15\u7528\u6f0f\u6d1e"
}
FKIE_CVE-2019-7317
Vulnerability from fkie_nvd - Published: 2019-02-04 08:29 - Updated: 2026-05-28 19:16
Severity
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
"matchCriteriaId": "078AA00A-515F-493E-A53E-FE1937FA8018",
"versionEndExcluding": "1.6.37",
"versionStartIncluding": "1.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:*:*:*:*",
"matchCriteriaId": "712507AC-DAB8-4FFE-9426-08282919411F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9C21D62F-F3DD-4E9E-B644-07CCC49F3D53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:java_se:7u221:*:*:*:*:*:*:*",
"matchCriteriaId": "3999BDC1-BA77-4DBE-8041-D993BA9FF04D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:java_se:8u212:*:*:*:*:*:*:*",
"matchCriteriaId": "C2B2677D-6B48-45A2-8567-AB6DB9FF1B45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:11.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EAF3DD5E-1A96-4285-84BA-EB5E31EF2516",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:12.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "32318CC6-B8C4-4429-BB8B-134DC202A27E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0185E85D-2C64-4D77-BC1D-A20165D5078E",
"versionEndExcluding": "8.0.23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:xp7_command_view:*:*:*:*:advanced:*:*:*",
"matchCriteriaId": "6B07BDE2-FE50-4C0E-9C73-6AA6C1D6C060",
"versionEndExcluding": "8.7.0-00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hpe:xp7_command_view_advanced_edition_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE33C1F1-DED8-424C-8942-E1A48A9EBA05",
"versionEndExcluding": "8.7.0-00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97D4FFCF-5309-43B6-9FD5-680C6D535A7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF583CDC-DE9E-45AB-9861-CB203BFA8862",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opensuse:package_hub:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7B8B0B75-0DF2-4B5C-BC81-2F8E172AEE4E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CBC8B78D-1131-4F21-919D-8AC79A410FB9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "60429DC5-C403-41D1-9DDF-30782D012DF6",
"versionEndExcluding": "9.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "95571D2E-5C83-484C-A44F-AC36972C67D1",
"versionEndExcluding": "9.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:9.6:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3AF659DD-C4AE-4DDC-B50B-327A717EFC74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:9.6:*:*:*:*:windows:*:*",
"matchCriteriaId": "40E21C6E-AEDF-43E8-AA80-629C77D24DF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_management:-:*:*:*:*:vcenter:*:*",
"matchCriteriaId": "BADA4949-F766-4092-A6BC-1B85B5FB60FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1FC01AF8-4A4B-4FC4-B07F-1193FEFF5A47",
"versionEndExcluding": "11.53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_unified_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8557ED41-5B30-47C8-A556-6C1F6E8E227B",
"versionEndExcluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:*:*:*:*:*:web_services_proxy:*:*",
"matchCriteriaId": "C7E42333-853D-4938-90EB-2A6653476357",
"versionEndExcluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_insight:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82DC1F62-0DA2-4BB8-9AFE-4BC4366205F5",
"versionEndExcluding": "7.3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2798786F-A818-4C52-BC20-0A69DB49D16A",
"versionEndExcluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapmanager:*:*:*:*:*:oracle:*:*",
"matchCriteriaId": "41436638-0B88-4823-8208-81C01F2CA6A6",
"versionEndExcluding": "3.4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapmanager:*:*:*:*:*:sap:*:*",
"matchCriteriaId": "910F5303-1F70-44E3-A951-567447BC46FF",
"versionEndExcluding": "3.4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapmanager:3.4.2:p1:*:*:*:oracle:*:*",
"matchCriteriaId": "1925AC26-45D4-46D5-ACDD-91E5A90977B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapmanager:3.4.2:p1:*:*:*:sap:*:*",
"matchCriteriaId": "9DC6435A-8369-4D18-A6EE-84E73D6AA84D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:steelstore:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0DF5449D-22D2-48B4-8F50-57B43DCB15B9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D5291B60-AB52-4830-8E1A-8048A471902C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "566507B6-AC95-47F7-A3FB-C6F414E45F51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "87C21FE1-EA5C-498F-9C6C-D05F91A88217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "25C8B513-76C1-4184-A253-CB32F04A05BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1CDCFF34-6F1D-45A1-BE37-6A0E17B04801",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4A684C7-88FD-43C4-9BDB-AE337FCBD0AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "47811209-5CE5-4375-8391-B0A7F6A0E420",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "634C23AC-AC9C-43F4-BED8-1C720816D5E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "37CE1DC7-72C5-483C-8921-0B462C8284D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute."
},
{
"lang": "es",
"value": "La funci\u00f3n png_image_free en el archivo png.c en libpng versiones 1.6.x anteriores a 1.6.37, presenta un uso de la memoria previamente liberada porque la funci\u00f3n png_image_free_function es llamada bajo png_safe_execute."
}
],
"id": "CVE-2019-7317",
"lastModified": "2026-05-28T19:16:35.503",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2019-02-04T08:29:00.447",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108098"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1265"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1267"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1269"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1308"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1309"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1310"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2494"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2495"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2585"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2590"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2592"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2737"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/glennrp/libpng/issues/275"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00032.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Apr/30"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Apr/36"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/May/56"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/May/59"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/May/67"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201908-02"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190719-0005/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03977en_us"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3962-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3991-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3997-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4080-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4083-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4435"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4448"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4451"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108098"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1265"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1267"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1269"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1308"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1309"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1310"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2494"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2495"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2585"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2590"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2592"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2737"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/glennrp/libpng/issues/275"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00032.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Apr/30"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Apr/36"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/May/56"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/May/59"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/May/67"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201908-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190719-0005/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03977en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3962-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3991-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3997-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4080-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4083-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4435"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4448"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4451"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
GHSA-M96G-X499-P5F9
Vulnerability from github – Published: 2022-04-30 00:02 – Updated: 2022-04-30 00:02
VLAI
Details
png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.
Severity
5.3 (Medium)
{
"affected": [],
"aliases": [
"CVE-2019-7317"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-02-04T08:29:00Z",
"severity": "MODERATE"
},
"details": "png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.",
"id": "GHSA-m96g-x499-p5f9",
"modified": "2022-04-30T00:02:15Z",
"published": "2022-04-30T00:02:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7317"
},
{
"type": "WEB",
"url": "https://github.com/glennrp/libpng/issues/275"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2019/May/56"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2019/May/59"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2019/May/67"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201908-02"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20190719-0005"
},
{
"type": "WEB",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03977en_us"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3962-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3991-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3997-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4080-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4083-1"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2019/dsa-4435"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2019/dsa-4448"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2019/dsa-4451"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:1265"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:1267"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:1269"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:1308"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:1309"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:1310"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2494"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2495"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2585"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2590"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2592"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2737"
},
{
"type": "WEB",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00032.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2019/Apr/30"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2019/Apr/36"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/108098"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2019-7317
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-7317",
"description": "png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.",
"id": "GSD-2019-7317",
"references": [
"https://www.suse.com/security/cve/CVE-2019-7317.html",
"https://www.debian.org/security/2019/dsa-4451",
"https://www.debian.org/security/2019/dsa-4448",
"https://www.debian.org/security/2019/dsa-4435",
"https://access.redhat.com/errata/RHSA-2019:2737",
"https://access.redhat.com/errata/RHSA-2019:2592",
"https://access.redhat.com/errata/RHSA-2019:2590",
"https://access.redhat.com/errata/RHSA-2019:2585",
"https://access.redhat.com/errata/RHSA-2019:2495",
"https://access.redhat.com/errata/RHSA-2019:2494",
"https://access.redhat.com/errata/RHSA-2019:1310",
"https://access.redhat.com/errata/RHSA-2019:1309",
"https://access.redhat.com/errata/RHSA-2019:1308",
"https://access.redhat.com/errata/RHSA-2019:1269",
"https://access.redhat.com/errata/RHSA-2019:1267",
"https://access.redhat.com/errata/RHSA-2019:1265",
"https://ubuntu.com/security/CVE-2019-7317",
"https://advisories.mageia.org/CVE-2019-7317.html",
"https://security.archlinux.org/CVE-2019-7317",
"https://linux.oracle.com/cve/CVE-2019-7317.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-7317"
],
"details": "png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.",
"id": "GSD-2019-7317",
"modified": "2023-12-13T01:23:46.319339Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7317",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190417 [slackware-security] libpng (SSA:2019-107-01)",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Apr/30"
},
{
"name": "DSA-4435",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4435"
},
{
"name": "20190429 [SECURITY] [DSA 4435-1] libpng1.6 security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Apr/36"
},
{
"name": "USN-3962-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3962-1/"
},
{
"name": "USN-3991-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3991-1/"
},
{
"name": "20190522 [slackware-security] mozilla-firefox (SSA:2019-141-01)",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/May/56"
},
{
"name": "20190523 [SECURITY] [DSA 4448-1] firefox-esr security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/May/59"
},
{
"name": "DSA-4448",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4448"
},
{
"name": "[debian-lts-announce] 20190523 [SECURITY] [DLA 1800-1] firefox-esr security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00032.html"
},
{
"name": "RHSA-2019:1265",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1265"
},
{
"name": "RHSA-2019:1267",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1267"
},
{
"name": "RHSA-2019:1269",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1269"
},
{
"name": "DSA-4451",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4451"
},
{
"name": "20190527 [SECURITY] [DSA 4451-1] thunderbird security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/May/67"
},
{
"name": "[debian-lts-announce] 20190527 [SECURITY] [DLA 1806-1] thunderbird security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html"
},
{
"name": "USN-3997-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3997-1/"
},
{
"name": "openSUSE-SU-2019:1484",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html"
},
{
"name": "RHSA-2019:1310",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1310"
},
{
"name": "RHSA-2019:1308",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1308"
},
{
"name": "RHSA-2019:1309",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1309"
},
{
"name": "openSUSE-SU-2019:1534",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html"
},
{
"name": "openSUSE-SU-2019:1664",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html"
},
{
"name": "108098",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108098"
},
{
"name": "USN-4080-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4080-1/"
},
{
"name": "USN-4083-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4083-1/"
},
{
"name": "GLSA-201908-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201908-02"
},
{
"name": "RHSA-2019:2494",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2494"
},
{
"name": "RHSA-2019:2495",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2495"
},
{
"name": "openSUSE-SU-2019:1916",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html"
},
{
"name": "openSUSE-SU-2019:1912",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html"
},
{
"name": "RHSA-2019:2585",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2585"
},
{
"name": "RHSA-2019:2590",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2590"
},
{
"name": "RHSA-2019:2592",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2592"
},
{
"name": "RHSA-2019:2737",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2737"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803"
},
{
"name": "https://github.com/glennrp/libpng/issues/275",
"refsource": "MISC",
"url": "https://github.com/glennrp/libpng/issues/275"
},
{
"name": "http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190719-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190719-0005/"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03977en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03977en_us"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "[1.6.36]",
"affected_versions": "Version 1.6.36",
"cvss_v2": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"cvss_v3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-416",
"CWE-937"
],
"date": "2021-10-20",
"description": "png_image_free in png.c in libpng has a use-after-free because png_image_free_function is called under png_safe_execute.",
"fixed_versions": [],
"identifier": "CVE-2019-7317",
"identifiers": [
"CVE-2019-7317"
],
"not_impacted": "",
"package_slug": "nuget/libpng",
"pubdate": "2019-02-04",
"solution": "Unfortunately, there is no solution available yet.",
"title": "Use After Free",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2019-7317"
],
"uuid": "f57a9f10-e03e-4592-ab59-50301b5df9e4"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.6.37",
"versionStartIncluding": "1.6.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:jdk:11.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jdk:12.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:java_se:8u212:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:java_se:7u221:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.0.23",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.2.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:hpe:xp7_command_view_advanced_edition_suite:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.7.0-00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hp:xp7_command_view:*:*:*:*:advanced:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.7.0-00",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:opensuse:package_hub:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:steelstore:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:e-series_santricity_management:-:*:*:*:*:vcenter:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:snapmanager:*:*:*:*:*:sap:*:*",
"cpe_name": [],
"versionEndExcluding": "3.4.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:snapmanager:*:*:*:*:*:oracle:*:*",
"cpe_name": [],
"versionEndExcluding": "3.4.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:snapmanager:3.4.2:p1:*:*:*:sap:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:snapmanager:3.4.2:p1:*:*:*:oracle:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:9.6:*:*:*:*:vmware_vsphere:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
"cpe_name": [],
"versionEndExcluding": "9.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
"cpe_name": [],
"versionEndExcluding": "9.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:9.6:*:*:*:*:windows:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.53",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:e-series_santricity_unified_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:e-series_santricity_web_services:*:*:*:*:*:web_services_proxy:*:*",
"cpe_name": [],
"versionEndExcluding": "4.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_insight:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.3.9",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_workflow_automation:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7317"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/glennrp/libpng/issues/275",
"refsource": "MISC",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/glennrp/libpng/issues/275"
},
{
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803"
},
{
"name": "20190417 [slackware-security] libpng (SSA:2019-107-01)",
"refsource": "BUGTRAQ",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Apr/30"
},
{
"name": "http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html",
"refsource": "MISC",
"tags": [
"VDB Entry",
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html"
},
{
"name": "DSA-4435",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4435"
},
{
"name": "20190429 [SECURITY] [DSA 4435-1] libpng1.6 security update",
"refsource": "BUGTRAQ",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Apr/36"
},
{
"name": "USN-3962-1",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3962-1/"
},
{
"name": "USN-3991-1",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3991-1/"
},
{
"name": "20190522 [slackware-security] mozilla-firefox (SSA:2019-141-01)",
"refsource": "BUGTRAQ",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/May/56"
},
{
"name": "20190523 [SECURITY] [DSA 4448-1] firefox-esr security update",
"refsource": "BUGTRAQ",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/May/59"
},
{
"name": "DSA-4448",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4448"
},
{
"name": "[debian-lts-announce] 20190523 [SECURITY] [DLA 1800-1] firefox-esr security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00032.html"
},
{
"name": "RHSA-2019:1265",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1265"
},
{
"name": "RHSA-2019:1269",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1269"
},
{
"name": "RHSA-2019:1267",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1267"
},
{
"name": "DSA-4451",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4451"
},
{
"name": "20190527 [SECURITY] [DSA 4451-1] thunderbird security update",
"refsource": "BUGTRAQ",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/May/67"
},
{
"name": "[debian-lts-announce] 20190527 [SECURITY] [DLA 1806-1] thunderbird security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html"
},
{
"name": "USN-3997-1",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3997-1/"
},
{
"name": "openSUSE-SU-2019:1484",
"refsource": "SUSE",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html"
},
{
"name": "RHSA-2019:1310",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1310"
},
{
"name": "RHSA-2019:1309",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1309"
},
{
"name": "RHSA-2019:1308",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1308"
},
{
"name": "openSUSE-SU-2019:1534",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html"
},
{
"name": "openSUSE-SU-2019:1664",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html"
},
{
"name": "108098",
"refsource": "BID",
"tags": [
"Not Applicable",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108098"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190719-0005/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190719-0005/"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"name": "USN-4080-1",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4080-1/"
},
{
"name": "USN-4083-1",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4083-1/"
},
{
"name": "GLSA-201908-02",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201908-02"
},
{
"name": "RHSA-2019:2494",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2494"
},
{
"name": "RHSA-2019:2495",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2495"
},
{
"name": "openSUSE-SU-2019:1912",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html"
},
{
"name": "openSUSE-SU-2019:1916",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html"
},
{
"name": "RHSA-2019:2585",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2585"
},
{
"name": "RHSA-2019:2590",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2590"
},
{
"name": "RHSA-2019:2592",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2592"
},
{
"name": "RHSA-2019:2737",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2737"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03977en_us",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03977en_us"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6
}
},
"lastModifiedDate": "2022-05-23T15:02Z",
"publishedDate": "2019-02-04T08:29Z"
}
}
}
MSRC_CVE-2019-7317
Vulnerability from csaf_microsoft - Published: 2019-02-02 00:00 - Updated: 2025-03-14 00:00Summary
png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
5.3 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 16826-16817 | — | ||
| Unresolved product id: 16826-17084 | — |
References
4 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2019/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2019/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2019-7317 png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2019/msrc_cve-2019-7317.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.",
"tracking": {
"current_release_date": "2025-03-14T00:00:00.000Z",
"generator": {
"date": "2025-12-27T22:52:52.350Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2019-7317",
"initial_release_date": "2019-02-02T00:00:00.000Z",
"revision_history": [
{
"date": "2025-03-14T00:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "16817"
}
},
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 fltk 1.3.8-1",
"product": {
"name": "\u003cazl3 fltk 1.3.8-1",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "azl3 fltk 1.3.8-1",
"product": {
"name": "azl3 fltk 1.3.8-1",
"product_id": "16826"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 fltk 1.3.8-1",
"product": {
"name": "\u003cazl3 fltk 1.3.8-1",
"product_id": "2"
}
},
{
"category": "product_version",
"name": "azl3 fltk 1.3.8-1",
"product": {
"name": "azl3 fltk 1.3.8-1",
"product_id": "16826"
}
}
],
"category": "product_name",
"name": "fltk"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 fltk 1.3.8-1 as a component of Azure Linux 3.0",
"product_id": "16817-1"
},
"product_reference": "1",
"relates_to_product_reference": "16817"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 fltk 1.3.8-1 as a component of Azure Linux 3.0",
"product_id": "16826-16817"
},
"product_reference": "16826",
"relates_to_product_reference": "16817"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 fltk 1.3.8-1 as a component of Azure Linux 3.0",
"product_id": "17084-2"
},
"product_reference": "2",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 fltk 1.3.8-1 as a component of Azure Linux 3.0",
"product_id": "16826-17084"
},
"product_reference": "16826",
"relates_to_product_reference": "17084"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-7317",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "general",
"text": "mitre",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"16826-16817",
"16826-17084"
],
"known_affected": [
"16817-1",
"17084-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2019-7317 png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2019/msrc_cve-2019-7317.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-14T00:00:00.000Z",
"details": "1.3.8-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"16817-1",
"17084-2"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalsScore": 0.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"16817-1",
"17084-2"
]
}
],
"title": "png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute."
}
]
}
OPENSUSE-SU-2019:1530-1
Vulnerability from csaf_opensuse - Published: 2019-06-07 15:14 - Updated: 2019-06-07 15:14Summary
Security update for libpng16
Severity
Low
Notes
Title of the patch: Security update for libpng16
Description of the patch: This update for libpng16 fixes the following issues:
Security issues fixed:
- CVE-2019-7317: Fixed a use-after-free vulnerability, triggered when
png_image_free() was called under png_safe_execute (bsc#1124211).
- CVE-2018-13785: Fixed a wrong calculation of row_factor in the
png_check_chunk_length function in pngrutil.c, which could haved triggered
and integer overflow and result in an divide-by-zero while processing a
crafted PNG file, leading to a denial of service (bsc#1100687)
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames: openSUSE-2019-1530
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:libpng16-16-1.6.34-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libpng16-16-1.6.34-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libpng16-16-32bit-1.6.34-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libpng16-compat-devel-1.6.34-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libpng16-compat-devel-1.6.34-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libpng16-compat-devel-32bit-1.6.34-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libpng16-devel-1.6.34-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libpng16-devel-1.6.34-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libpng16-devel-32bit-1.6.34-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libpng16-tools-1.6.34-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libpng16-tools-1.6.34-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpng16-16-1.6.34-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpng16-16-1.6.34-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpng16-16-32bit-1.6.34-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpng16-compat-devel-1.6.34-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpng16-compat-devel-1.6.34-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpng16-compat-devel-32bit-1.6.34-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpng16-devel-1.6.34-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpng16-devel-1.6.34-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpng16-devel-32bit-1.6.34-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpng16-tools-1.6.34-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpng16-tools-1.6.34-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
5.5 (Medium)
Affected products
Recommended
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:libpng16-16-1.6.34-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libpng16-16-1.6.34-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libpng16-16-32bit-1.6.34-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libpng16-compat-devel-1.6.34-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libpng16-compat-devel-1.6.34-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libpng16-compat-devel-32bit-1.6.34-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libpng16-devel-1.6.34-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libpng16-devel-1.6.34-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libpng16-devel-32bit-1.6.34-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libpng16-tools-1.6.34-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libpng16-tools-1.6.34-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpng16-16-1.6.34-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpng16-16-1.6.34-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpng16-16-32bit-1.6.34-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpng16-compat-devel-1.6.34-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpng16-compat-devel-1.6.34-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpng16-compat-devel-32bit-1.6.34-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpng16-devel-1.6.34-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpng16-devel-1.6.34-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpng16-devel-32bit-1.6.34-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpng16-tools-1.6.34-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libpng16-tools-1.6.34-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
19 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for libpng16",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for libpng16 fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-7317: Fixed a use-after-free vulnerability, triggered when \n png_image_free() was called under png_safe_execute (bsc#1124211).\n- CVE-2018-13785: Fixed a wrong calculation of row_factor in the\n png_check_chunk_length function in pngrutil.c, which could haved triggered\n and integer overflow and result in an divide-by-zero while processing a\n crafted PNG file, leading to a denial of service (bsc#1100687)\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-1530",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_1530-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:1530-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/Q4HM5QQMXWECPZMLHD5SAWL5ZKD2JZWL/#Q4HM5QQMXWECPZMLHD5SAWL5ZKD2JZWL"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:1530-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/Q4HM5QQMXWECPZMLHD5SAWL5ZKD2JZWL/#Q4HM5QQMXWECPZMLHD5SAWL5ZKD2JZWL"
},
{
"category": "self",
"summary": "SUSE Bug 1100687",
"url": "https://bugzilla.suse.com/1100687"
},
{
"category": "self",
"summary": "SUSE Bug 1121624",
"url": "https://bugzilla.suse.com/1121624"
},
{
"category": "self",
"summary": "SUSE Bug 1124211",
"url": "https://bugzilla.suse.com/1124211"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-13785 page",
"url": "https://www.suse.com/security/cve/CVE-2018-13785/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-7317 page",
"url": "https://www.suse.com/security/cve/CVE-2019-7317/"
}
],
"title": "Security update for libpng16",
"tracking": {
"current_release_date": "2019-06-07T15:14:56Z",
"generator": {
"date": "2019-06-07T15:14:56Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:1530-1",
"initial_release_date": "2019-06-07T15:14:56Z",
"revision_history": [
{
"date": "2019-06-07T15:14:56Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libpng16-16-1.6.34-lp151.3.3.1.i586",
"product": {
"name": "libpng16-16-1.6.34-lp151.3.3.1.i586",
"product_id": "libpng16-16-1.6.34-lp151.3.3.1.i586"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-1.6.34-lp151.3.3.1.i586",
"product": {
"name": "libpng16-compat-devel-1.6.34-lp151.3.3.1.i586",
"product_id": "libpng16-compat-devel-1.6.34-lp151.3.3.1.i586"
}
},
{
"category": "product_version",
"name": "libpng16-devel-1.6.34-lp151.3.3.1.i586",
"product": {
"name": "libpng16-devel-1.6.34-lp151.3.3.1.i586",
"product_id": "libpng16-devel-1.6.34-lp151.3.3.1.i586"
}
},
{
"category": "product_version",
"name": "libpng16-tools-1.6.34-lp151.3.3.1.i586",
"product": {
"name": "libpng16-tools-1.6.34-lp151.3.3.1.i586",
"product_id": "libpng16-tools-1.6.34-lp151.3.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng16-16-1.6.34-lp151.3.3.1.x86_64",
"product": {
"name": "libpng16-16-1.6.34-lp151.3.3.1.x86_64",
"product_id": "libpng16-16-1.6.34-lp151.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpng16-16-32bit-1.6.34-lp151.3.3.1.x86_64",
"product": {
"name": "libpng16-16-32bit-1.6.34-lp151.3.3.1.x86_64",
"product_id": "libpng16-16-32bit-1.6.34-lp151.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-1.6.34-lp151.3.3.1.x86_64",
"product": {
"name": "libpng16-compat-devel-1.6.34-lp151.3.3.1.x86_64",
"product_id": "libpng16-compat-devel-1.6.34-lp151.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-32bit-1.6.34-lp151.3.3.1.x86_64",
"product": {
"name": "libpng16-compat-devel-32bit-1.6.34-lp151.3.3.1.x86_64",
"product_id": "libpng16-compat-devel-32bit-1.6.34-lp151.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpng16-devel-1.6.34-lp151.3.3.1.x86_64",
"product": {
"name": "libpng16-devel-1.6.34-lp151.3.3.1.x86_64",
"product_id": "libpng16-devel-1.6.34-lp151.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpng16-devel-32bit-1.6.34-lp151.3.3.1.x86_64",
"product": {
"name": "libpng16-devel-32bit-1.6.34-lp151.3.3.1.x86_64",
"product_id": "libpng16-devel-32bit-1.6.34-lp151.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpng16-tools-1.6.34-lp151.3.3.1.x86_64",
"product": {
"name": "libpng16-tools-1.6.34-lp151.3.3.1.x86_64",
"product_id": "libpng16-tools-1.6.34-lp151.3.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.0",
"product": {
"name": "openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.0"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.34-lp151.3.3.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libpng16-16-1.6.34-lp151.3.3.1.i586"
},
"product_reference": "libpng16-16-1.6.34-lp151.3.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.34-lp151.3.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libpng16-16-1.6.34-lp151.3.3.1.x86_64"
},
"product_reference": "libpng16-16-1.6.34-lp151.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-32bit-1.6.34-lp151.3.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libpng16-16-32bit-1.6.34-lp151.3.3.1.x86_64"
},
"product_reference": "libpng16-16-32bit-1.6.34-lp151.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.34-lp151.3.3.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libpng16-compat-devel-1.6.34-lp151.3.3.1.i586"
},
"product_reference": "libpng16-compat-devel-1.6.34-lp151.3.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.34-lp151.3.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libpng16-compat-devel-1.6.34-lp151.3.3.1.x86_64"
},
"product_reference": "libpng16-compat-devel-1.6.34-lp151.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-32bit-1.6.34-lp151.3.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libpng16-compat-devel-32bit-1.6.34-lp151.3.3.1.x86_64"
},
"product_reference": "libpng16-compat-devel-32bit-1.6.34-lp151.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.34-lp151.3.3.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libpng16-devel-1.6.34-lp151.3.3.1.i586"
},
"product_reference": "libpng16-devel-1.6.34-lp151.3.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.34-lp151.3.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libpng16-devel-1.6.34-lp151.3.3.1.x86_64"
},
"product_reference": "libpng16-devel-1.6.34-lp151.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-32bit-1.6.34-lp151.3.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libpng16-devel-32bit-1.6.34-lp151.3.3.1.x86_64"
},
"product_reference": "libpng16-devel-32bit-1.6.34-lp151.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-tools-1.6.34-lp151.3.3.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libpng16-tools-1.6.34-lp151.3.3.1.i586"
},
"product_reference": "libpng16-tools-1.6.34-lp151.3.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-tools-1.6.34-lp151.3.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libpng16-tools-1.6.34-lp151.3.3.1.x86_64"
},
"product_reference": "libpng16-tools-1.6.34-lp151.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.34-lp151.3.3.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libpng16-16-1.6.34-lp151.3.3.1.i586"
},
"product_reference": "libpng16-16-1.6.34-lp151.3.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.34-lp151.3.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libpng16-16-1.6.34-lp151.3.3.1.x86_64"
},
"product_reference": "libpng16-16-1.6.34-lp151.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-32bit-1.6.34-lp151.3.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libpng16-16-32bit-1.6.34-lp151.3.3.1.x86_64"
},
"product_reference": "libpng16-16-32bit-1.6.34-lp151.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.34-lp151.3.3.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libpng16-compat-devel-1.6.34-lp151.3.3.1.i586"
},
"product_reference": "libpng16-compat-devel-1.6.34-lp151.3.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.34-lp151.3.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libpng16-compat-devel-1.6.34-lp151.3.3.1.x86_64"
},
"product_reference": "libpng16-compat-devel-1.6.34-lp151.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-32bit-1.6.34-lp151.3.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libpng16-compat-devel-32bit-1.6.34-lp151.3.3.1.x86_64"
},
"product_reference": "libpng16-compat-devel-32bit-1.6.34-lp151.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.34-lp151.3.3.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libpng16-devel-1.6.34-lp151.3.3.1.i586"
},
"product_reference": "libpng16-devel-1.6.34-lp151.3.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.34-lp151.3.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libpng16-devel-1.6.34-lp151.3.3.1.x86_64"
},
"product_reference": "libpng16-devel-1.6.34-lp151.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-32bit-1.6.34-lp151.3.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libpng16-devel-32bit-1.6.34-lp151.3.3.1.x86_64"
},
"product_reference": "libpng16-devel-32bit-1.6.34-lp151.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-tools-1.6.34-lp151.3.3.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libpng16-tools-1.6.34-lp151.3.3.1.i586"
},
"product_reference": "libpng16-tools-1.6.34-lp151.3.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-tools-1.6.34-lp151.3.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libpng16-tools-1.6.34-lp151.3.3.1.x86_64"
},
"product_reference": "libpng16-tools-1.6.34-lp151.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-13785",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-13785"
}
],
"notes": [
{
"category": "general",
"text": "In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libpng16-16-1.6.34-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libpng16-16-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libpng16-16-32bit-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libpng16-compat-devel-1.6.34-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libpng16-compat-devel-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libpng16-compat-devel-32bit-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libpng16-devel-1.6.34-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libpng16-devel-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libpng16-devel-32bit-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libpng16-tools-1.6.34-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libpng16-tools-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libpng16-16-1.6.34-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libpng16-16-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libpng16-16-32bit-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libpng16-compat-devel-1.6.34-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libpng16-compat-devel-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libpng16-compat-devel-32bit-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libpng16-devel-1.6.34-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libpng16-devel-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libpng16-devel-32bit-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libpng16-tools-1.6.34-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libpng16-tools-1.6.34-lp151.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-13785",
"url": "https://www.suse.com/security/cve/CVE-2018-13785"
},
{
"category": "external",
"summary": "SUSE Bug 1100687 for CVE-2018-13785",
"url": "https://bugzilla.suse.com/1100687"
},
{
"category": "external",
"summary": "SUSE Bug 1112153 for CVE-2018-13785",
"url": "https://bugzilla.suse.com/1112153"
},
{
"category": "external",
"summary": "SUSE Bug 1116574 for CVE-2018-13785",
"url": "https://bugzilla.suse.com/1116574"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libpng16-16-1.6.34-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libpng16-16-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libpng16-16-32bit-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libpng16-compat-devel-1.6.34-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libpng16-compat-devel-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libpng16-compat-devel-32bit-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libpng16-devel-1.6.34-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libpng16-devel-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libpng16-devel-32bit-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libpng16-tools-1.6.34-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libpng16-tools-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libpng16-16-1.6.34-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libpng16-16-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libpng16-16-32bit-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libpng16-compat-devel-1.6.34-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libpng16-compat-devel-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libpng16-compat-devel-32bit-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libpng16-devel-1.6.34-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libpng16-devel-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libpng16-devel-32bit-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libpng16-tools-1.6.34-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libpng16-tools-1.6.34-lp151.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:libpng16-16-1.6.34-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libpng16-16-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libpng16-16-32bit-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libpng16-compat-devel-1.6.34-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libpng16-compat-devel-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libpng16-compat-devel-32bit-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libpng16-devel-1.6.34-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libpng16-devel-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libpng16-devel-32bit-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libpng16-tools-1.6.34-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libpng16-tools-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libpng16-16-1.6.34-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libpng16-16-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libpng16-16-32bit-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libpng16-compat-devel-1.6.34-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libpng16-compat-devel-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libpng16-compat-devel-32bit-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libpng16-devel-1.6.34-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libpng16-devel-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libpng16-devel-32bit-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libpng16-tools-1.6.34-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libpng16-tools-1.6.34-lp151.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-07T15:14:56Z",
"details": "low"
}
],
"title": "CVE-2018-13785"
},
{
"cve": "CVE-2019-7317",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-7317"
}
],
"notes": [
{
"category": "general",
"text": "png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libpng16-16-1.6.34-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libpng16-16-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libpng16-16-32bit-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libpng16-compat-devel-1.6.34-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libpng16-compat-devel-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libpng16-compat-devel-32bit-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libpng16-devel-1.6.34-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libpng16-devel-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libpng16-devel-32bit-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libpng16-tools-1.6.34-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libpng16-tools-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libpng16-16-1.6.34-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libpng16-16-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libpng16-16-32bit-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libpng16-compat-devel-1.6.34-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libpng16-compat-devel-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libpng16-compat-devel-32bit-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libpng16-devel-1.6.34-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libpng16-devel-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libpng16-devel-32bit-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libpng16-tools-1.6.34-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libpng16-tools-1.6.34-lp151.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-7317",
"url": "https://www.suse.com/security/cve/CVE-2019-7317"
},
{
"category": "external",
"summary": "SUSE Bug 1124211 for CVE-2019-7317",
"url": "https://bugzilla.suse.com/1124211"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-7317",
"url": "https://bugzilla.suse.com/1135824"
},
{
"category": "external",
"summary": "SUSE Bug 1141780 for CVE-2019-7317",
"url": "https://bugzilla.suse.com/1141780"
},
{
"category": "external",
"summary": "SUSE Bug 1147021 for CVE-2019-7317",
"url": "https://bugzilla.suse.com/1147021"
},
{
"category": "external",
"summary": "SUSE Bug 1165297 for CVE-2019-7317",
"url": "https://bugzilla.suse.com/1165297"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libpng16-16-1.6.34-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libpng16-16-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libpng16-16-32bit-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libpng16-compat-devel-1.6.34-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libpng16-compat-devel-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libpng16-compat-devel-32bit-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libpng16-devel-1.6.34-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libpng16-devel-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libpng16-devel-32bit-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libpng16-tools-1.6.34-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libpng16-tools-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libpng16-16-1.6.34-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libpng16-16-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libpng16-16-32bit-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libpng16-compat-devel-1.6.34-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libpng16-compat-devel-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libpng16-compat-devel-32bit-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libpng16-devel-1.6.34-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libpng16-devel-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libpng16-devel-32bit-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libpng16-tools-1.6.34-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libpng16-tools-1.6.34-lp151.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:libpng16-16-1.6.34-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libpng16-16-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libpng16-16-32bit-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libpng16-compat-devel-1.6.34-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libpng16-compat-devel-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libpng16-compat-devel-32bit-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libpng16-devel-1.6.34-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libpng16-devel-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libpng16-devel-32bit-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libpng16-tools-1.6.34-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libpng16-tools-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libpng16-16-1.6.34-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libpng16-16-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libpng16-16-32bit-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libpng16-compat-devel-1.6.34-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libpng16-compat-devel-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libpng16-compat-devel-32bit-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libpng16-devel-1.6.34-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libpng16-devel-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libpng16-devel-32bit-1.6.34-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libpng16-tools-1.6.34-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libpng16-tools-1.6.34-lp151.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-07T15:14:56Z",
"details": "moderate"
}
],
"title": "CVE-2019-7317"
}
]
}
OPENSUSE-SU-2019:1534-1
Vulnerability from csaf_opensuse - Published: 2019-06-10 09:32 - Updated: 2019-06-10 09:32Summary
Security update for MozillaFirefox
Severity
Important
Notes
Title of the patch: Security update for MozillaFirefox
Description of the patch: This update for MozillaFirefox fixes the following issues:
MozillaFirefox was updated to 60.7.0esr (boo#1135824 MFSA 2019-14):
* CVE-2018-18511: Cross-origin theft of images with ImageBitmapRenderingContext
* CVE-2019-11691: Use-after-free in XMLHttpRequest
* CVE-2019-11692: Use-after-free removing listeners in the event listener manager
* CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux
* CVE-2019-11694: (Windows only) Uninitialized memory memory leakage in Windows sandbox
* CVE-2019-11698: Theft of user history data through drag and drop of hyperlinks to and from bookmarks
* CVE-2019-5798: Out-of-bounds read in Skia
* CVE-2019-7317: Use-after-free in png_image_free of libpng library
* CVE-2019-9797: Cross-origin theft of images with createImageBitmap
* CVE-2019-9800: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7
* CVE-2019-9815: Disable hyperthreading on content JavaScript threads on macOS
* CVE-2019-9816: Type confusion with object groups and UnboxedObjects
* CVE-2019-9817: Stealing of cross-domain images using canvas
* CVE-2019-9818: (Windows only) Use-after-free in crash generation server
* CVE-2019-9819: Compartment mismatch with fetch API
* CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell
* CVE-2019-9821: Use-after-free in AssertWorkerThread
Patchnames: openSUSE-2019-1534
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.3 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
64 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for MozillaFirefox",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for MozillaFirefox fixes the following issues:\n\nMozillaFirefox was updated to 60.7.0esr (boo#1135824 MFSA 2019-14):\n\n* CVE-2018-18511: Cross-origin theft of images with ImageBitmapRenderingContext\n* CVE-2019-11691: Use-after-free in XMLHttpRequest\n* CVE-2019-11692: Use-after-free removing listeners in the event listener manager\n* CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux\n* CVE-2019-11694: (Windows only) Uninitialized memory memory leakage in Windows sandbox\n* CVE-2019-11698: Theft of user history data through drag and drop of hyperlinks to and from bookmarks\n* CVE-2019-5798: Out-of-bounds read in Skia\n* CVE-2019-7317: Use-after-free in png_image_free of libpng library\n* CVE-2019-9797: Cross-origin theft of images with createImageBitmap\n* CVE-2019-9800: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7\n* CVE-2019-9815: Disable hyperthreading on content JavaScript threads on macOS\n* CVE-2019-9816: Type confusion with object groups and UnboxedObjects\n* CVE-2019-9817: Stealing of cross-domain images using canvas\n* CVE-2019-9818: (Windows only) Use-after-free in crash generation server\n* CVE-2019-9819: Compartment mismatch with fetch API\n* CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell\n* CVE-2019-9821: Use-after-free in AssertWorkerThread\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-1534",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_1534-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:1534-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YRJRSOQJ2HUXLMXMB5IAGC7CGYVG6MJ7/#YRJRSOQJ2HUXLMXMB5IAGC7CGYVG6MJ7"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:1534-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YRJRSOQJ2HUXLMXMB5IAGC7CGYVG6MJ7/#YRJRSOQJ2HUXLMXMB5IAGC7CGYVG6MJ7"
},
{
"category": "self",
"summary": "SUSE Bug 1135824",
"url": "https://bugzilla.suse.com/1135824"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18511 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18511/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11691 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11691/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11692 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11692/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11693 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11693/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11694 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11694/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11698 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11698/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5798 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5798/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-7317 page",
"url": "https://www.suse.com/security/cve/CVE-2019-7317/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9797 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9797/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9800 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9800/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9815 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9815/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9816 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9816/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9817 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9817/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9818 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9818/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9819 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9819/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9820 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9820/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9821 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9821/"
}
],
"title": "Security update for MozillaFirefox",
"tracking": {
"current_release_date": "2019-06-10T09:32:29Z",
"generator": {
"date": "2019-06-10T09:32:29Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:1534-1",
"initial_release_date": "2019-06-10T09:32:29Z",
"revision_history": [
{
"date": "2019-06-10T09:32:29Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"product": {
"name": "MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"product_id": "MozillaFirefox-60.7.0-lp150.3.54.5.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"product": {
"name": "MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"product_id": "MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"product": {
"name": "MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"product_id": "MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"product": {
"name": "MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"product_id": "MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"product": {
"name": "MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"product_id": "MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64",
"product": {
"name": "MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64",
"product_id": "MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.0",
"product": {
"name": "openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.7.0-lp150.3.54.5.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64"
},
"product_reference": "MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64"
},
"product_reference": "MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64"
},
"product_reference": "MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64"
},
"product_reference": "MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
},
"product_reference": "MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-18511",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18511"
}
],
"notes": [
{
"category": "general",
"text": "Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. *Note: This only affects Firefox 65. Previous versions are unaffected.*. This vulnerability affects Firefox \u003c 65.0.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18511",
"url": "https://www.suse.com/security/cve/CVE-2018-18511"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18511",
"url": "https://bugzilla.suse.com/1125330"
},
{
"category": "external",
"summary": "SUSE Bug 1125396 for CVE-2018-18511",
"url": "https://bugzilla.suse.com/1125396"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2018-18511",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-10T09:32:29Z",
"details": "moderate"
}
],
"title": "CVE-2018-18511"
},
{
"cve": "CVE-2019-11691",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11691"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur when working with XMLHttpRequest (XHR) in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60.7, Firefox \u003c 67, and Firefox ESR \u003c 60.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11691",
"url": "https://www.suse.com/security/cve/CVE-2019-11691"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-11691",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-10T09:32:29Z",
"details": "important"
}
],
"title": "CVE-2019-11691"
},
{
"cve": "CVE-2019-11692",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11692"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur when listeners are removed from the event listener manager while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60.7, Firefox \u003c 67, and Firefox ESR \u003c 60.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11692",
"url": "https://www.suse.com/security/cve/CVE-2019-11692"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-11692",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-10T09:32:29Z",
"details": "important"
}
],
"title": "CVE-2019-11692"
},
{
"cve": "CVE-2019-11693",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11693"
}
],
"notes": [
{
"category": "general",
"text": "The bufferdata function in WebGL is vulnerable to a buffer overflow with specific graphics drivers on Linux. This could result in malicious content freezing a tab or triggering a potentially exploitable crash. *Note: this issue only occurs on Linux. Other operating systems are unaffected.*. This vulnerability affects Thunderbird \u003c 60.7, Firefox \u003c 67, and Firefox ESR \u003c 60.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11693",
"url": "https://www.suse.com/security/cve/CVE-2019-11693"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-11693",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-10T09:32:29Z",
"details": "important"
}
],
"title": "CVE-2019-11693"
},
{
"cve": "CVE-2019-11694",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11694"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability exists in the Windows sandbox where an uninitialized value in memory can be leaked to a renderer from a broker when making a call to access an otherwise unavailable file. This results in the potential leaking of information stored at that memory location. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird \u003c 60.7, Firefox \u003c 67, and Firefox ESR \u003c 60.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11694",
"url": "https://www.suse.com/security/cve/CVE-2019-11694"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-11694",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-10T09:32:29Z",
"details": "important"
}
],
"title": "CVE-2019-11694"
},
{
"cve": "CVE-2019-11698",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11698"
}
],
"notes": [
{
"category": "general",
"text": "If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user\u0027s browser history can be run and transmitted to the content page via drop event data. This allows for the theft of browser history by a malicious site. This vulnerability affects Thunderbird \u003c 60.7, Firefox \u003c 67, and Firefox ESR \u003c 60.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11698",
"url": "https://www.suse.com/security/cve/CVE-2019-11698"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-11698",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-10T09:32:29Z",
"details": "important"
}
],
"title": "CVE-2019-11698"
},
{
"cve": "CVE-2019-5798",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5798"
}
],
"notes": [
{
"category": "general",
"text": "Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5798",
"url": "https://www.suse.com/security/cve/CVE-2019-5798"
},
{
"category": "external",
"summary": "SUSE Bug 1129059 for CVE-2019-5798",
"url": "https://bugzilla.suse.com/1129059"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-5798",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-10T09:32:29Z",
"details": "moderate"
}
],
"title": "CVE-2019-5798"
},
{
"cve": "CVE-2019-7317",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-7317"
}
],
"notes": [
{
"category": "general",
"text": "png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-7317",
"url": "https://www.suse.com/security/cve/CVE-2019-7317"
},
{
"category": "external",
"summary": "SUSE Bug 1124211 for CVE-2019-7317",
"url": "https://bugzilla.suse.com/1124211"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-7317",
"url": "https://bugzilla.suse.com/1135824"
},
{
"category": "external",
"summary": "SUSE Bug 1141780 for CVE-2019-7317",
"url": "https://bugzilla.suse.com/1141780"
},
{
"category": "external",
"summary": "SUSE Bug 1147021 for CVE-2019-7317",
"url": "https://bugzilla.suse.com/1147021"
},
{
"category": "external",
"summary": "SUSE Bug 1165297 for CVE-2019-7317",
"url": "https://bugzilla.suse.com/1165297"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-10T09:32:29Z",
"details": "moderate"
}
],
"title": "CVE-2019-7317"
},
{
"cve": "CVE-2019-9797",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9797"
}
],
"notes": [
{
"category": "general",
"text": "Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element. This vulnerability affects Firefox \u003c 66.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9797",
"url": "https://www.suse.com/security/cve/CVE-2019-9797"
},
{
"category": "external",
"summary": "SUSE Bug 1129821 for CVE-2019-9797",
"url": "https://bugzilla.suse.com/1129821"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-9797",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-10T09:32:29Z",
"details": "important"
}
],
"title": "CVE-2019-9797"
},
{
"cve": "CVE-2019-9800",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9800"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox 66, Firefox ESR 60.6, and Thunderbird 60.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 60.7, Firefox \u003c 67, and Firefox ESR \u003c 60.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9800",
"url": "https://www.suse.com/security/cve/CVE-2019-9800"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-9800",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-10T09:32:29Z",
"details": "important"
}
],
"title": "CVE-2019-9800"
},
{
"cve": "CVE-2019-9815",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9815"
}
],
"notes": [
{
"category": "general",
"text": "If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main thread and any worker threads. *Note: users need to update to macOS 10.14.5 in order to take advantage of this change.*. This vulnerability affects Thunderbird \u003c 60.7, Firefox \u003c 67, and Firefox ESR \u003c 60.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9815",
"url": "https://www.suse.com/security/cve/CVE-2019-9815"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-9815",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-10T09:32:29Z",
"details": "important"
}
],
"title": "CVE-2019-9815"
},
{
"cve": "CVE-2019-9816",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9816"
}
],
"notes": [
{
"category": "general",
"text": "A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. *Note: this vulnerability has only been demonstrated with UnboxedObjects, which are disabled by default on all supported releases.*. This vulnerability affects Thunderbird \u003c 60.7, Firefox \u003c 67, and Firefox ESR \u003c 60.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9816",
"url": "https://www.suse.com/security/cve/CVE-2019-9816"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-9816",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-10T09:32:29Z",
"details": "important"
}
],
"title": "CVE-2019-9816"
},
{
"cve": "CVE-2019-9817",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9817"
}
],
"notes": [
{
"category": "general",
"text": "Images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy. This vulnerability affects Thunderbird \u003c 60.7, Firefox \u003c 67, and Firefox ESR \u003c 60.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9817",
"url": "https://www.suse.com/security/cve/CVE-2019-9817"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-9817",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-10T09:32:29Z",
"details": "important"
}
],
"title": "CVE-2019-9817"
},
{
"cve": "CVE-2019-9818",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9818"
}
],
"notes": [
{
"category": "general",
"text": "A race condition is present in the crash generation server used to generate data for the crash reporter. This issue can lead to a use-after-free in the main process, resulting in a potentially exploitable crash and a sandbox escape. *Note: this vulnerability only affects Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird \u003c 60.7, Firefox \u003c 67, and Firefox ESR \u003c 60.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9818",
"url": "https://www.suse.com/security/cve/CVE-2019-9818"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-9818",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-10T09:32:29Z",
"details": "important"
}
],
"title": "CVE-2019-9818"
},
{
"cve": "CVE-2019-9819",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9819"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60.7, Firefox \u003c 67, and Firefox ESR \u003c 60.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9819",
"url": "https://www.suse.com/security/cve/CVE-2019-9819"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-9819",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-10T09:32:29Z",
"details": "important"
}
],
"title": "CVE-2019-9819"
},
{
"cve": "CVE-2019-9820",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9820"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60.7, Firefox \u003c 67, and Firefox ESR \u003c 60.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9820",
"url": "https://www.suse.com/security/cve/CVE-2019-9820"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-9820",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-10T09:32:29Z",
"details": "important"
}
],
"title": "CVE-2019-9820"
},
{
"cve": "CVE-2019-9821",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9821"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur in AssertWorkerThread due to a race condition with shared workers. This results in a potentially exploitable crash. This vulnerability affects Firefox \u003c 67.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9821",
"url": "https://www.suse.com/security/cve/CVE-2019-9821"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-9821",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-10T09:32:29Z",
"details": "important"
}
],
"title": "CVE-2019-9821"
}
]
}
OPENSUSE-SU-2019:1664-1
Vulnerability from csaf_opensuse - Published: 2019-06-28 08:42 - Updated: 2019-06-28 08:42Summary
Security update for MozillaThunderbird
Severity
Important
Notes
Title of the patch: Security update for MozillaThunderbird
Description of the patch: This update for MozillaThunderbird fixes the following issues:
Mozilla Thunderbird was updated to 60.7.2 / MFSA 2019-20 (boo#1138872):
* CVE-2019-11707: Type confusion in Array.pop
* CVE-2019-11708: sandbox escape using Prompt:Open
Mozilla Thunderbird was updated to 60.7.1 / MFSA 2019-17 (boo#1137595):
* CVE-2019-11703: Heap buffer overflow in icalparser.c
* CVE-2019-11704: Heap buffer overflow in icalvalue.c
* CVE-2019-11705: Stack buffer overflow in icalrecur.c
* CVE-2019-11706: Type confusion in icalproperty.c
Also fixed: No prompt for smartcard PIN when S/MIME signing is used
Mozilla Thunderbird was updated to 60.7.0 / MFSA 2019-15 (boo#1135824):
* Attachment pane of Write window no longer focussed when attaching
files using a keyboard shortcut
* CVE-2019-9815: Disable hyperthreading on content JavaScript threads on macOS
* CVE-2019-9816: Type confusion with object groups and UnboxedObjects
* CVE-2019-9817: Stealing of cross-domain images using canvas
* CVE-2019-9818 (Windows only): Use-after-free in crash generation server
* CVE-2019-9819: Compartment mismatch with fetch API
* CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell
* CVE-2019-11691: Use-after-free in XMLHttpRequest
* CVE-2019-11692: Use-after-free removing listeners in the event listener manager
* CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux
* CVE-2019-7317: Use-after-free in png_image_free of libpng library
* CVE-2019-9797: Cross-origin theft of images with createImageBitmap
* CVE-2018-18511: Cross-origin theft of images with ImageBitmapRenderingContext
* CVE-2019-11694: Uninitialized memory memory leakage in Windows sandbox
* CVE-2019-11698: Theft of user history data through drag and drop of hyperlinks to and from bookmarks
* CVE-2019-5798: Out-of-bounds read in Skia
* CVE-2019-9800: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7
- Disable building with LTO (boo#1133267).
Patchnames: openSUSE-2019-1664
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
9.8 (Critical)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
9.8 (Critical)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
9.8 (Critical)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
10 (Critical)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
83 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for MozillaThunderbird",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for MozillaThunderbird fixes the following issues:\n\nMozilla Thunderbird was updated to 60.7.2 / MFSA 2019-20 (boo#1138872):\n * CVE-2019-11707: Type confusion in Array.pop\n * CVE-2019-11708: sandbox escape using Prompt:Open\n\nMozilla Thunderbird was updated to 60.7.1 / MFSA 2019-17 (boo#1137595):\n* CVE-2019-11703: Heap buffer overflow in icalparser.c\n* CVE-2019-11704: Heap buffer overflow in icalvalue.c\n* CVE-2019-11705: Stack buffer overflow in icalrecur.c\n* CVE-2019-11706: Type confusion in icalproperty.c\n\nAlso fixed: No prompt for smartcard PIN when S/MIME signing is used\n\nMozilla Thunderbird was updated to 60.7.0 / MFSA 2019-15 (boo#1135824):\n\n* Attachment pane of Write window no longer focussed when attaching\n files using a keyboard shortcut\n\n* CVE-2019-9815: Disable hyperthreading on content JavaScript threads on macOS\n* CVE-2019-9816: Type confusion with object groups and UnboxedObjects\n* CVE-2019-9817: Stealing of cross-domain images using canvas\n* CVE-2019-9818 (Windows only): Use-after-free in crash generation server\n* CVE-2019-9819: Compartment mismatch with fetch API\n* CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell\n* CVE-2019-11691: Use-after-free in XMLHttpRequest\n* CVE-2019-11692: Use-after-free removing listeners in the event listener manager\n* CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux\n* CVE-2019-7317: Use-after-free in png_image_free of libpng library\n* CVE-2019-9797: Cross-origin theft of images with createImageBitmap\n* CVE-2018-18511: Cross-origin theft of images with ImageBitmapRenderingContext\n* CVE-2019-11694: Uninitialized memory memory leakage in Windows sandbox\n* CVE-2019-11698: Theft of user history data through drag and drop of hyperlinks to and from bookmarks\n* CVE-2019-5798: Out-of-bounds read in Skia\n* CVE-2019-9800: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7\n\n- Disable building with LTO (boo#1133267).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-1664",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_1664-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:1664-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZFVBHHF6WMJDJB73NZDWFFGS6D23TB67/#ZFVBHHF6WMJDJB73NZDWFFGS6D23TB67"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:1664-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZFVBHHF6WMJDJB73NZDWFFGS6D23TB67/#ZFVBHHF6WMJDJB73NZDWFFGS6D23TB67"
},
{
"category": "self",
"summary": "SUSE Bug 1130694",
"url": "https://bugzilla.suse.com/1130694"
},
{
"category": "self",
"summary": "SUSE Bug 1133267",
"url": "https://bugzilla.suse.com/1133267"
},
{
"category": "self",
"summary": "SUSE Bug 1135824",
"url": "https://bugzilla.suse.com/1135824"
},
{
"category": "self",
"summary": "SUSE Bug 1137595",
"url": "https://bugzilla.suse.com/1137595"
},
{
"category": "self",
"summary": "SUSE Bug 1138872",
"url": "https://bugzilla.suse.com/1138872"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18511 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18511/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11691 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11691/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11692 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11692/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11693 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11693/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11694 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11694/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11698 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11698/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11703 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11703/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11704 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11704/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11705 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11705/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11706 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11706/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11707 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11707/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11708 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11708/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5798 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5798/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-7317 page",
"url": "https://www.suse.com/security/cve/CVE-2019-7317/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9797 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9797/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9800 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9800/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9815 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9815/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9816 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9816/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9817 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9817/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9818 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9818/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9819 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9819/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9820 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9820/"
}
],
"title": "Security update for MozillaThunderbird",
"tracking": {
"current_release_date": "2019-06-28T08:42:30Z",
"generator": {
"date": "2019-06-28T08:42:30Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:1664-1",
"initial_release_date": "2019-06-28T08:42:30Z",
"revision_history": [
{
"date": "2019-06-28T08:42:30Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "MozillaThunderbird-60.7.2-85.1.x86_64",
"product": {
"name": "MozillaThunderbird-60.7.2-85.1.x86_64",
"product_id": "MozillaThunderbird-60.7.2-85.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64",
"product": {
"name": "MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64",
"product_id": "MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-common-60.7.2-85.1.x86_64",
"product": {
"name": "MozillaThunderbird-translations-common-60.7.2-85.1.x86_64",
"product_id": "MozillaThunderbird-translations-common-60.7.2-85.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-other-60.7.2-85.1.x86_64",
"product": {
"name": "MozillaThunderbird-translations-other-60.7.2-85.1.x86_64",
"product_id": "MozillaThunderbird-translations-other-60.7.2-85.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 12",
"product": {
"name": "SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:12"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-60.7.2-85.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64"
},
"product_reference": "MozillaThunderbird-60.7.2-85.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64"
},
"product_reference": "MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-common-60.7.2-85.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64"
},
"product_reference": "MozillaThunderbird-translations-common-60.7.2-85.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-other-60.7.2-85.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64"
},
"product_reference": "MozillaThunderbird-translations-other-60.7.2-85.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-18511",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18511"
}
],
"notes": [
{
"category": "general",
"text": "Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. *Note: This only affects Firefox 65. Previous versions are unaffected.*. This vulnerability affects Firefox \u003c 65.0.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18511",
"url": "https://www.suse.com/security/cve/CVE-2018-18511"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18511",
"url": "https://bugzilla.suse.com/1125330"
},
{
"category": "external",
"summary": "SUSE Bug 1125396 for CVE-2018-18511",
"url": "https://bugzilla.suse.com/1125396"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2018-18511",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-28T08:42:30Z",
"details": "moderate"
}
],
"title": "CVE-2018-18511"
},
{
"cve": "CVE-2019-11691",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11691"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur when working with XMLHttpRequest (XHR) in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60.7, Firefox \u003c 67, and Firefox ESR \u003c 60.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11691",
"url": "https://www.suse.com/security/cve/CVE-2019-11691"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-11691",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-28T08:42:30Z",
"details": "important"
}
],
"title": "CVE-2019-11691"
},
{
"cve": "CVE-2019-11692",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11692"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur when listeners are removed from the event listener manager while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60.7, Firefox \u003c 67, and Firefox ESR \u003c 60.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11692",
"url": "https://www.suse.com/security/cve/CVE-2019-11692"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-11692",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-28T08:42:30Z",
"details": "important"
}
],
"title": "CVE-2019-11692"
},
{
"cve": "CVE-2019-11693",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11693"
}
],
"notes": [
{
"category": "general",
"text": "The bufferdata function in WebGL is vulnerable to a buffer overflow with specific graphics drivers on Linux. This could result in malicious content freezing a tab or triggering a potentially exploitable crash. *Note: this issue only occurs on Linux. Other operating systems are unaffected.*. This vulnerability affects Thunderbird \u003c 60.7, Firefox \u003c 67, and Firefox ESR \u003c 60.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11693",
"url": "https://www.suse.com/security/cve/CVE-2019-11693"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-11693",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-28T08:42:30Z",
"details": "important"
}
],
"title": "CVE-2019-11693"
},
{
"cve": "CVE-2019-11694",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11694"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability exists in the Windows sandbox where an uninitialized value in memory can be leaked to a renderer from a broker when making a call to access an otherwise unavailable file. This results in the potential leaking of information stored at that memory location. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird \u003c 60.7, Firefox \u003c 67, and Firefox ESR \u003c 60.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11694",
"url": "https://www.suse.com/security/cve/CVE-2019-11694"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-11694",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-28T08:42:30Z",
"details": "important"
}
],
"title": "CVE-2019-11694"
},
{
"cve": "CVE-2019-11698",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11698"
}
],
"notes": [
{
"category": "general",
"text": "If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user\u0027s browser history can be run and transmitted to the content page via drop event data. This allows for the theft of browser history by a malicious site. This vulnerability affects Thunderbird \u003c 60.7, Firefox \u003c 67, and Firefox ESR \u003c 60.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11698",
"url": "https://www.suse.com/security/cve/CVE-2019-11698"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-11698",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-28T08:42:30Z",
"details": "important"
}
],
"title": "CVE-2019-11698"
},
{
"cve": "CVE-2019-11703",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11703"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Thunderbird\u0027s implementation of iCal causes a heap buffer overflow in parser_get_next_char when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60.7.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11703",
"url": "https://www.suse.com/security/cve/CVE-2019-11703"
},
{
"category": "external",
"summary": "SUSE Bug 1137595 for CVE-2019-11703",
"url": "https://bugzilla.suse.com/1137595"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-28T08:42:30Z",
"details": "moderate"
}
],
"title": "CVE-2019-11703"
},
{
"cve": "CVE-2019-11704",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11704"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Thunderbird\u0027s implementation of iCal causes a heap buffer overflow in icalmemory_strdup_and_dequote when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60.7.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11704",
"url": "https://www.suse.com/security/cve/CVE-2019-11704"
},
{
"category": "external",
"summary": "SUSE Bug 1137595 for CVE-2019-11704",
"url": "https://bugzilla.suse.com/1137595"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-28T08:42:30Z",
"details": "moderate"
}
],
"title": "CVE-2019-11704"
},
{
"cve": "CVE-2019-11705",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11705"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Thunderbird\u0027s implementation of iCal causes a stack buffer overflow in icalrecur_add_bydayrules when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60.7.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11705",
"url": "https://www.suse.com/security/cve/CVE-2019-11705"
},
{
"category": "external",
"summary": "SUSE Bug 1137595 for CVE-2019-11705",
"url": "https://bugzilla.suse.com/1137595"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-28T08:42:30Z",
"details": "moderate"
}
],
"title": "CVE-2019-11705"
},
{
"cve": "CVE-2019-11706",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11706"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Thunderbird\u0027s implementation of iCal causes a type confusion in icaltimezone_get_vtimezone_properties when processing certain email messages, resulting in a crash. This vulnerability affects Thunderbird \u003c 60.7.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11706",
"url": "https://www.suse.com/security/cve/CVE-2019-11706"
},
{
"category": "external",
"summary": "SUSE Bug 1137595 for CVE-2019-11706",
"url": "https://bugzilla.suse.com/1137595"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-28T08:42:30Z",
"details": "moderate"
}
],
"title": "CVE-2019-11706"
},
{
"cve": "CVE-2019-11707",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11707"
}
],
"notes": [
{
"category": "general",
"text": "A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR \u003c 60.7.1, Firefox \u003c 67.0.3, and Thunderbird \u003c 60.7.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11707",
"url": "https://www.suse.com/security/cve/CVE-2019-11707"
},
{
"category": "external",
"summary": "SUSE Bug 1138614 for CVE-2019-11707",
"url": "https://bugzilla.suse.com/1138614"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-28T08:42:30Z",
"details": "moderate"
}
],
"title": "CVE-2019-11707"
},
{
"cve": "CVE-2019-11708",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11708"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user\u0027s computer. This vulnerability affects Firefox ESR \u003c 60.7.2, Firefox \u003c 67.0.4, and Thunderbird \u003c 60.7.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11708",
"url": "https://www.suse.com/security/cve/CVE-2019-11708"
},
{
"category": "external",
"summary": "SUSE Bug 1138872 for CVE-2019-11708",
"url": "https://bugzilla.suse.com/1138872"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-28T08:42:30Z",
"details": "critical"
}
],
"title": "CVE-2019-11708"
},
{
"cve": "CVE-2019-5798",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5798"
}
],
"notes": [
{
"category": "general",
"text": "Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5798",
"url": "https://www.suse.com/security/cve/CVE-2019-5798"
},
{
"category": "external",
"summary": "SUSE Bug 1129059 for CVE-2019-5798",
"url": "https://bugzilla.suse.com/1129059"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-5798",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-28T08:42:30Z",
"details": "moderate"
}
],
"title": "CVE-2019-5798"
},
{
"cve": "CVE-2019-7317",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-7317"
}
],
"notes": [
{
"category": "general",
"text": "png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-7317",
"url": "https://www.suse.com/security/cve/CVE-2019-7317"
},
{
"category": "external",
"summary": "SUSE Bug 1124211 for CVE-2019-7317",
"url": "https://bugzilla.suse.com/1124211"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-7317",
"url": "https://bugzilla.suse.com/1135824"
},
{
"category": "external",
"summary": "SUSE Bug 1141780 for CVE-2019-7317",
"url": "https://bugzilla.suse.com/1141780"
},
{
"category": "external",
"summary": "SUSE Bug 1147021 for CVE-2019-7317",
"url": "https://bugzilla.suse.com/1147021"
},
{
"category": "external",
"summary": "SUSE Bug 1165297 for CVE-2019-7317",
"url": "https://bugzilla.suse.com/1165297"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-28T08:42:30Z",
"details": "moderate"
}
],
"title": "CVE-2019-7317"
},
{
"cve": "CVE-2019-9797",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9797"
}
],
"notes": [
{
"category": "general",
"text": "Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element. This vulnerability affects Firefox \u003c 66.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9797",
"url": "https://www.suse.com/security/cve/CVE-2019-9797"
},
{
"category": "external",
"summary": "SUSE Bug 1129821 for CVE-2019-9797",
"url": "https://bugzilla.suse.com/1129821"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-9797",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-28T08:42:30Z",
"details": "important"
}
],
"title": "CVE-2019-9797"
},
{
"cve": "CVE-2019-9800",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9800"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox 66, Firefox ESR 60.6, and Thunderbird 60.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 60.7, Firefox \u003c 67, and Firefox ESR \u003c 60.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9800",
"url": "https://www.suse.com/security/cve/CVE-2019-9800"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-9800",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-28T08:42:30Z",
"details": "important"
}
],
"title": "CVE-2019-9800"
},
{
"cve": "CVE-2019-9815",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9815"
}
],
"notes": [
{
"category": "general",
"text": "If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main thread and any worker threads. *Note: users need to update to macOS 10.14.5 in order to take advantage of this change.*. This vulnerability affects Thunderbird \u003c 60.7, Firefox \u003c 67, and Firefox ESR \u003c 60.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9815",
"url": "https://www.suse.com/security/cve/CVE-2019-9815"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-9815",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-28T08:42:30Z",
"details": "important"
}
],
"title": "CVE-2019-9815"
},
{
"cve": "CVE-2019-9816",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9816"
}
],
"notes": [
{
"category": "general",
"text": "A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. *Note: this vulnerability has only been demonstrated with UnboxedObjects, which are disabled by default on all supported releases.*. This vulnerability affects Thunderbird \u003c 60.7, Firefox \u003c 67, and Firefox ESR \u003c 60.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9816",
"url": "https://www.suse.com/security/cve/CVE-2019-9816"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-9816",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-28T08:42:30Z",
"details": "important"
}
],
"title": "CVE-2019-9816"
},
{
"cve": "CVE-2019-9817",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9817"
}
],
"notes": [
{
"category": "general",
"text": "Images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy. This vulnerability affects Thunderbird \u003c 60.7, Firefox \u003c 67, and Firefox ESR \u003c 60.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9817",
"url": "https://www.suse.com/security/cve/CVE-2019-9817"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-9817",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-28T08:42:30Z",
"details": "important"
}
],
"title": "CVE-2019-9817"
},
{
"cve": "CVE-2019-9818",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9818"
}
],
"notes": [
{
"category": "general",
"text": "A race condition is present in the crash generation server used to generate data for the crash reporter. This issue can lead to a use-after-free in the main process, resulting in a potentially exploitable crash and a sandbox escape. *Note: this vulnerability only affects Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird \u003c 60.7, Firefox \u003c 67, and Firefox ESR \u003c 60.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9818",
"url": "https://www.suse.com/security/cve/CVE-2019-9818"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-9818",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-28T08:42:30Z",
"details": "important"
}
],
"title": "CVE-2019-9818"
},
{
"cve": "CVE-2019-9819",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9819"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60.7, Firefox \u003c 67, and Firefox ESR \u003c 60.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9819",
"url": "https://www.suse.com/security/cve/CVE-2019-9819"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-9819",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-28T08:42:30Z",
"details": "important"
}
],
"title": "CVE-2019-9819"
},
{
"cve": "CVE-2019-9820",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9820"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60.7, Firefox \u003c 67, and Firefox ESR \u003c 60.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9820",
"url": "https://www.suse.com/security/cve/CVE-2019-9820"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-9820",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.7.2-85.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.7.2-85.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-28T08:42:30Z",
"details": "important"
}
],
"title": "CVE-2019-9820"
}
]
}
OPENSUSE-SU-2019:1912-1
Vulnerability from csaf_opensuse - Published: 2019-08-15 09:47 - Updated: 2019-08-15 09:47Summary
Security update for java-1_8_0-openjdk
Severity
Important
Notes
Title of the patch: Security update for java-1_8_0-openjdk
Description of the patch: This update for java-1_8_0-openjdk to version 8u222 fixes the following issues:
Security issues fixed:
- CVE-2019-2745: Improved ECC Implementation (bsc#1141784).
- CVE-2019-2762: Exceptional throw cases (bsc#1141782).
- CVE-2019-2766: Improve file protocol handling (bsc#1141789).
- CVE-2019-2769: Better copies of CopiesList (bsc#1141783).
- CVE-2019-2786: More limited privilege usage (bsc#1141787).
- CVE-2019-2816: Normalize normalization (bsc#1141785).
- CVE-2019-2842: Extended AES support (bsc#1141786).
- CVE-2019-7317: Improve PNG support (bsc#1141780).
- Certificate validation improvements
Non-security issue fixed:
- Fixed an issue where the installation failed when the manpages are not present (bsc#1115375)
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames: openSUSE-2019-1912
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.1 (Medium)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-javadoc-1.8.0.222-lp151.2.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-javadoc-1.8.0.222-lp151.2.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-javadoc-1.8.0.222-lp151.2.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-javadoc-1.8.0.222-lp151.2.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-javadoc-1.8.0.222-lp151.2.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-javadoc-1.8.0.222-lp151.2.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-javadoc-1.8.0.222-lp151.2.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-javadoc-1.8.0.222-lp151.2.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-javadoc-1.8.0.222-lp151.2.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-javadoc-1.8.0.222-lp151.2.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.8 (Medium)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-javadoc-1.8.0.222-lp151.2.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-javadoc-1.8.0.222-lp151.2.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-javadoc-1.8.0.222-lp151.2.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-javadoc-1.8.0.222-lp151.2.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-javadoc-1.8.0.222-lp151.2.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-javadoc-1.8.0.222-lp151.2.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
46 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for java-1_8_0-openjdk",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for java-1_8_0-openjdk to version 8u222 fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-2745: Improved ECC Implementation (bsc#1141784).\n- CVE-2019-2762: Exceptional throw cases (bsc#1141782).\n- CVE-2019-2766: Improve file protocol handling (bsc#1141789).\n- CVE-2019-2769: Better copies of CopiesList (bsc#1141783).\n- CVE-2019-2786: More limited privilege usage (bsc#1141787).\n- CVE-2019-2816: Normalize normalization (bsc#1141785).\n- CVE-2019-2842: Extended AES support (bsc#1141786).\n- CVE-2019-7317: Improve PNG support (bsc#1141780).\n- Certificate validation improvements\n\nNon-security issue fixed:\n\n- Fixed an issue where the installation failed when the manpages are not present (bsc#1115375)\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-1912",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_1912-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:1912-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WLAA33SFC2BQWUMXROFQCWU3SJN2HD7O/#WLAA33SFC2BQWUMXROFQCWU3SJN2HD7O"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:1912-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WLAA33SFC2BQWUMXROFQCWU3SJN2HD7O/#WLAA33SFC2BQWUMXROFQCWU3SJN2HD7O"
},
{
"category": "self",
"summary": "SUSE Bug 1115375",
"url": "https://bugzilla.suse.com/1115375"
},
{
"category": "self",
"summary": "SUSE Bug 1141780",
"url": "https://bugzilla.suse.com/1141780"
},
{
"category": "self",
"summary": "SUSE Bug 1141782",
"url": "https://bugzilla.suse.com/1141782"
},
{
"category": "self",
"summary": "SUSE Bug 1141783",
"url": "https://bugzilla.suse.com/1141783"
},
{
"category": "self",
"summary": "SUSE Bug 1141784",
"url": "https://bugzilla.suse.com/1141784"
},
{
"category": "self",
"summary": "SUSE Bug 1141785",
"url": "https://bugzilla.suse.com/1141785"
},
{
"category": "self",
"summary": "SUSE Bug 1141786",
"url": "https://bugzilla.suse.com/1141786"
},
{
"category": "self",
"summary": "SUSE Bug 1141787",
"url": "https://bugzilla.suse.com/1141787"
},
{
"category": "self",
"summary": "SUSE Bug 1141789",
"url": "https://bugzilla.suse.com/1141789"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-2745 page",
"url": "https://www.suse.com/security/cve/CVE-2019-2745/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-2762 page",
"url": "https://www.suse.com/security/cve/CVE-2019-2762/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-2766 page",
"url": "https://www.suse.com/security/cve/CVE-2019-2766/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-2769 page",
"url": "https://www.suse.com/security/cve/CVE-2019-2769/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-2786 page",
"url": "https://www.suse.com/security/cve/CVE-2019-2786/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-2816 page",
"url": "https://www.suse.com/security/cve/CVE-2019-2816/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-2842 page",
"url": "https://www.suse.com/security/cve/CVE-2019-2842/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-7317 page",
"url": "https://www.suse.com/security/cve/CVE-2019-7317/"
}
],
"title": "Security update for java-1_8_0-openjdk",
"tracking": {
"current_release_date": "2019-08-15T09:47:11Z",
"generator": {
"date": "2019-08-15T09:47:11Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:1912-1",
"initial_release_date": "2019-08-15T09:47:11Z",
"revision_history": [
{
"date": "2019-08-15T09:47:11Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.i586",
"product": {
"name": "java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.i586",
"product_id": "java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.i586"
}
},
{
"category": "product_version",
"name": "java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.i586",
"product": {
"name": "java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.i586",
"product_id": "java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.i586"
}
},
{
"category": "product_version",
"name": "java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.i586",
"product": {
"name": "java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.i586",
"product_id": "java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.i586"
}
},
{
"category": "product_version",
"name": "java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.i586",
"product": {
"name": "java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.i586",
"product_id": "java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.i586"
}
},
{
"category": "product_version",
"name": "java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.i586",
"product": {
"name": "java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.i586",
"product_id": "java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.i586"
}
},
{
"category": "product_version",
"name": "java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.i586",
"product": {
"name": "java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.i586",
"product_id": "java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1_8_0-openjdk-javadoc-1.8.0.222-lp151.2.3.1.noarch",
"product": {
"name": "java-1_8_0-openjdk-javadoc-1.8.0.222-lp151.2.3.1.noarch",
"product_id": "java-1_8_0-openjdk-javadoc-1.8.0.222-lp151.2.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.x86_64",
"product": {
"name": "java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.x86_64",
"product_id": "java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.x86_64",
"product": {
"name": "java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.x86_64",
"product_id": "java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.x86_64",
"product": {
"name": "java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.x86_64",
"product_id": "java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.x86_64",
"product": {
"name": "java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.x86_64",
"product_id": "java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.x86_64",
"product": {
"name": "java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.x86_64",
"product_id": "java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.x86_64",
"product": {
"name": "java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.x86_64",
"product_id": "java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.0",
"product": {
"name": "openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.0"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.i586"
},
"product_reference": "java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.x86_64"
},
"product_reference": "java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.i586"
},
"product_reference": "java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.x86_64"
},
"product_reference": "java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.i586"
},
"product_reference": "java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.x86_64"
},
"product_reference": "java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.i586"
},
"product_reference": "java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.x86_64"
},
"product_reference": "java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.i586"
},
"product_reference": "java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.x86_64"
},
"product_reference": "java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-javadoc-1.8.0.222-lp151.2.3.1.noarch as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:java-1_8_0-openjdk-javadoc-1.8.0.222-lp151.2.3.1.noarch"
},
"product_reference": "java-1_8_0-openjdk-javadoc-1.8.0.222-lp151.2.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.i586"
},
"product_reference": "java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.x86_64"
},
"product_reference": "java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.i586"
},
"product_reference": "java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.x86_64"
},
"product_reference": "java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.i586"
},
"product_reference": "java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.x86_64"
},
"product_reference": "java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.i586"
},
"product_reference": "java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.x86_64"
},
"product_reference": "java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.i586"
},
"product_reference": "java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.x86_64"
},
"product_reference": "java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.i586"
},
"product_reference": "java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.x86_64"
},
"product_reference": "java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-javadoc-1.8.0.222-lp151.2.3.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:java-1_8_0-openjdk-javadoc-1.8.0.222-lp151.2.3.1.noarch"
},
"product_reference": "java-1_8_0-openjdk-javadoc-1.8.0.222-lp151.2.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.i586"
},
"product_reference": "java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.x86_64"
},
"product_reference": "java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-2745",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-2745"
}
],
"notes": [
{
"category": "general",
"text": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 7u221, 8u212 and 11.0.3. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE executes to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-javadoc-1.8.0.222-lp151.2.3.1.noarch",
"openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-javadoc-1.8.0.222-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-2745",
"url": "https://www.suse.com/security/cve/CVE-2019-2745"
},
{
"category": "external",
"summary": "SUSE Bug 1141784 for CVE-2019-2745",
"url": "https://bugzilla.suse.com/1141784"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-javadoc-1.8.0.222-lp151.2.3.1.noarch",
"openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-javadoc-1.8.0.222-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-javadoc-1.8.0.222-lp151.2.3.1.noarch",
"openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-javadoc-1.8.0.222-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-15T09:47:11Z",
"details": "moderate"
}
],
"title": "CVE-2019-2745"
},
{
"cve": "CVE-2019-2762",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-2762"
}
],
"notes": [
{
"category": "general",
"text": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-javadoc-1.8.0.222-lp151.2.3.1.noarch",
"openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-javadoc-1.8.0.222-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-2762",
"url": "https://www.suse.com/security/cve/CVE-2019-2762"
},
{
"category": "external",
"summary": "SUSE Bug 1141782 for CVE-2019-2762",
"url": "https://bugzilla.suse.com/1141782"
},
{
"category": "external",
"summary": "SUSE Bug 1147021 for CVE-2019-2762",
"url": "https://bugzilla.suse.com/1147021"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-javadoc-1.8.0.222-lp151.2.3.1.noarch",
"openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-javadoc-1.8.0.222-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-javadoc-1.8.0.222-lp151.2.3.1.noarch",
"openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-javadoc-1.8.0.222-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-15T09:47:11Z",
"details": "moderate"
}
],
"title": "CVE-2019-2762"
},
{
"cve": "CVE-2019-2766",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-2766"
}
],
"notes": [
{
"category": "general",
"text": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-javadoc-1.8.0.222-lp151.2.3.1.noarch",
"openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-javadoc-1.8.0.222-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-2766",
"url": "https://www.suse.com/security/cve/CVE-2019-2766"
},
{
"category": "external",
"summary": "SUSE Bug 1141789 for CVE-2019-2766",
"url": "https://bugzilla.suse.com/1141789"
},
{
"category": "external",
"summary": "SUSE Bug 1147021 for CVE-2019-2766",
"url": "https://bugzilla.suse.com/1147021"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-javadoc-1.8.0.222-lp151.2.3.1.noarch",
"openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-javadoc-1.8.0.222-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-javadoc-1.8.0.222-lp151.2.3.1.noarch",
"openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-javadoc-1.8.0.222-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-15T09:47:11Z",
"details": "moderate"
}
],
"title": "CVE-2019-2766"
},
{
"cve": "CVE-2019-2769",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-2769"
}
],
"notes": [
{
"category": "general",
"text": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-javadoc-1.8.0.222-lp151.2.3.1.noarch",
"openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-javadoc-1.8.0.222-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-2769",
"url": "https://www.suse.com/security/cve/CVE-2019-2769"
},
{
"category": "external",
"summary": "SUSE Bug 1141783 for CVE-2019-2769",
"url": "https://bugzilla.suse.com/1141783"
},
{
"category": "external",
"summary": "SUSE Bug 1147021 for CVE-2019-2769",
"url": "https://bugzilla.suse.com/1147021"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-javadoc-1.8.0.222-lp151.2.3.1.noarch",
"openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-javadoc-1.8.0.222-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-javadoc-1.8.0.222-lp151.2.3.1.noarch",
"openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-javadoc-1.8.0.222-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-15T09:47:11Z",
"details": "moderate"
}
],
"title": "CVE-2019-2769"
},
{
"cve": "CVE-2019-2786",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-2786"
}
],
"notes": [
{
"category": "general",
"text": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-javadoc-1.8.0.222-lp151.2.3.1.noarch",
"openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-javadoc-1.8.0.222-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-2786",
"url": "https://www.suse.com/security/cve/CVE-2019-2786"
},
{
"category": "external",
"summary": "SUSE Bug 1141787 for CVE-2019-2786",
"url": "https://bugzilla.suse.com/1141787"
},
{
"category": "external",
"summary": "SUSE Bug 1147021 for CVE-2019-2786",
"url": "https://bugzilla.suse.com/1147021"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-javadoc-1.8.0.222-lp151.2.3.1.noarch",
"openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-javadoc-1.8.0.222-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-javadoc-1.8.0.222-lp151.2.3.1.noarch",
"openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-javadoc-1.8.0.222-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-15T09:47:11Z",
"details": "moderate"
}
],
"title": "CVE-2019-2786"
},
{
"cve": "CVE-2019-2816",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-2816"
}
],
"notes": [
{
"category": "general",
"text": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-javadoc-1.8.0.222-lp151.2.3.1.noarch",
"openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-javadoc-1.8.0.222-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-2816",
"url": "https://www.suse.com/security/cve/CVE-2019-2816"
},
{
"category": "external",
"summary": "SUSE Bug 1141785 for CVE-2019-2816",
"url": "https://bugzilla.suse.com/1141785"
},
{
"category": "external",
"summary": "SUSE Bug 1147021 for CVE-2019-2816",
"url": "https://bugzilla.suse.com/1147021"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-javadoc-1.8.0.222-lp151.2.3.1.noarch",
"openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-javadoc-1.8.0.222-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-javadoc-1.8.0.222-lp151.2.3.1.noarch",
"openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-javadoc-1.8.0.222-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-15T09:47:11Z",
"details": "moderate"
}
],
"title": "CVE-2019-2816"
},
{
"cve": "CVE-2019-2842",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-2842"
}
],
"notes": [
{
"category": "general",
"text": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JCE). The supported version that is affected is Java SE: 8u212. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-javadoc-1.8.0.222-lp151.2.3.1.noarch",
"openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-javadoc-1.8.0.222-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-2842",
"url": "https://www.suse.com/security/cve/CVE-2019-2842"
},
{
"category": "external",
"summary": "SUSE Bug 1141786 for CVE-2019-2842",
"url": "https://bugzilla.suse.com/1141786"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-javadoc-1.8.0.222-lp151.2.3.1.noarch",
"openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-javadoc-1.8.0.222-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-javadoc-1.8.0.222-lp151.2.3.1.noarch",
"openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-javadoc-1.8.0.222-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-15T09:47:11Z",
"details": "moderate"
}
],
"title": "CVE-2019-2842"
},
{
"cve": "CVE-2019-7317",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-7317"
}
],
"notes": [
{
"category": "general",
"text": "png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-javadoc-1.8.0.222-lp151.2.3.1.noarch",
"openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-javadoc-1.8.0.222-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-7317",
"url": "https://www.suse.com/security/cve/CVE-2019-7317"
},
{
"category": "external",
"summary": "SUSE Bug 1124211 for CVE-2019-7317",
"url": "https://bugzilla.suse.com/1124211"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-7317",
"url": "https://bugzilla.suse.com/1135824"
},
{
"category": "external",
"summary": "SUSE Bug 1141780 for CVE-2019-7317",
"url": "https://bugzilla.suse.com/1141780"
},
{
"category": "external",
"summary": "SUSE Bug 1147021 for CVE-2019-7317",
"url": "https://bugzilla.suse.com/1147021"
},
{
"category": "external",
"summary": "SUSE Bug 1165297 for CVE-2019-7317",
"url": "https://bugzilla.suse.com/1165297"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-javadoc-1.8.0.222-lp151.2.3.1.noarch",
"openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-javadoc-1.8.0.222-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.0:java-1_8_0-openjdk-javadoc-1.8.0.222-lp151.2.3.1.noarch",
"openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-accessibility-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-demo-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-devel-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-headless-1.8.0.222-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:java-1_8_0-openjdk-javadoc-1.8.0.222-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.i586",
"openSUSE Leap 15.1:java-1_8_0-openjdk-src-1.8.0.222-lp151.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-15T09:47:11Z",
"details": "moderate"
}
],
"title": "CVE-2019-7317"
}
]
}
OPENSUSE-SU-2019:1916-1
Vulnerability from csaf_opensuse - Published: 2019-08-15 09:50 - Updated: 2019-08-15 09:50Summary
Security update for java-11-openjdk
Severity
Important
Notes
Title of the patch: Security update for java-11-openjdk
Description of the patch: This update for java-11-openjdk to version jdk-11.0.4+11 fixes the following issues:
Security issues fixed:
- CVE-2019-2745: Improved ECC Implementation (bsc#1141784).
- CVE-2019-2762: Exceptional throw cases (bsc#1141782).
- CVE-2019-2766: Improve file protocol handling (bsc#1141789).
- CVE-2019-2769: Better copies of CopiesList (bsc#1141783).
- CVE-2019-2786: More limited privilege usage (bsc#1141787).
- CVE-2019-7317: Improve PNG support options (bsc#1141780).
- CVE-2019-2818: Better Poly1305 support (bsc#1141788).
- CVE-2019-2816: Normalize normalization (bsc#1141785).
- CVE-2019-2821: Improve TLS negotiation (bsc#1141781).
- Certificate validation improvements
Non-security issues fixed:
- Do not fail installation when the manpages are not present (bsc#1115375)
- Backport upstream fix for JDK-8208602: Cannot read PEM X.509 cert if
there is whitespace after the header or footer (bsc#1140461)
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames: openSUSE-2019-1916
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.1 (Medium)
Affected products
Recommended
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.8 (Medium)
Affected products
Recommended
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
51 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for java-11-openjdk",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for java-11-openjdk to version jdk-11.0.4+11 fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-2745: Improved ECC Implementation (bsc#1141784).\n- CVE-2019-2762: Exceptional throw cases (bsc#1141782).\n- CVE-2019-2766: Improve file protocol handling (bsc#1141789).\n- CVE-2019-2769: Better copies of CopiesList (bsc#1141783).\n- CVE-2019-2786: More limited privilege usage (bsc#1141787).\n- CVE-2019-7317: Improve PNG support options (bsc#1141780).\n- CVE-2019-2818: Better Poly1305 support (bsc#1141788).\n- CVE-2019-2816: Normalize normalization (bsc#1141785).\n- CVE-2019-2821: Improve TLS negotiation (bsc#1141781).\n- Certificate validation improvements\n\nNon-security issues fixed:\n\n- Do not fail installation when the manpages are not present (bsc#1115375)\n- Backport upstream fix for JDK-8208602: Cannot read PEM X.509 cert if\n there is whitespace after the header or footer (bsc#1140461)\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-1916",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_1916-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:1916-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7CWQDHDFTQ5TMYECHR6T3YTCURIWVTNU/#7CWQDHDFTQ5TMYECHR6T3YTCURIWVTNU"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:1916-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7CWQDHDFTQ5TMYECHR6T3YTCURIWVTNU/#7CWQDHDFTQ5TMYECHR6T3YTCURIWVTNU"
},
{
"category": "self",
"summary": "SUSE Bug 1115375",
"url": "https://bugzilla.suse.com/1115375"
},
{
"category": "self",
"summary": "SUSE Bug 1140461",
"url": "https://bugzilla.suse.com/1140461"
},
{
"category": "self",
"summary": "SUSE Bug 1141780",
"url": "https://bugzilla.suse.com/1141780"
},
{
"category": "self",
"summary": "SUSE Bug 1141781",
"url": "https://bugzilla.suse.com/1141781"
},
{
"category": "self",
"summary": "SUSE Bug 1141782",
"url": "https://bugzilla.suse.com/1141782"
},
{
"category": "self",
"summary": "SUSE Bug 1141783",
"url": "https://bugzilla.suse.com/1141783"
},
{
"category": "self",
"summary": "SUSE Bug 1141784",
"url": "https://bugzilla.suse.com/1141784"
},
{
"category": "self",
"summary": "SUSE Bug 1141785",
"url": "https://bugzilla.suse.com/1141785"
},
{
"category": "self",
"summary": "SUSE Bug 1141787",
"url": "https://bugzilla.suse.com/1141787"
},
{
"category": "self",
"summary": "SUSE Bug 1141788",
"url": "https://bugzilla.suse.com/1141788"
},
{
"category": "self",
"summary": "SUSE Bug 1141789",
"url": "https://bugzilla.suse.com/1141789"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-2745 page",
"url": "https://www.suse.com/security/cve/CVE-2019-2745/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-2762 page",
"url": "https://www.suse.com/security/cve/CVE-2019-2762/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-2766 page",
"url": "https://www.suse.com/security/cve/CVE-2019-2766/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-2769 page",
"url": "https://www.suse.com/security/cve/CVE-2019-2769/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-2786 page",
"url": "https://www.suse.com/security/cve/CVE-2019-2786/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-2816 page",
"url": "https://www.suse.com/security/cve/CVE-2019-2816/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-2818 page",
"url": "https://www.suse.com/security/cve/CVE-2019-2818/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-2821 page",
"url": "https://www.suse.com/security/cve/CVE-2019-2821/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-7317 page",
"url": "https://www.suse.com/security/cve/CVE-2019-7317/"
}
],
"title": "Security update for java-11-openjdk",
"tracking": {
"current_release_date": "2019-08-15T09:50:51Z",
"generator": {
"date": "2019-08-15T09:50:51Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:1916-1",
"initial_release_date": "2019-08-15T09:50:51Z",
"revision_history": [
{
"date": "2019-08-15T09:50:51Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "java-11-openjdk-11.0.4.0-lp151.3.6.1.i586",
"product": {
"name": "java-11-openjdk-11.0.4.0-lp151.3.6.1.i586",
"product_id": "java-11-openjdk-11.0.4.0-lp151.3.6.1.i586"
}
},
{
"category": "product_version",
"name": "java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586",
"product": {
"name": "java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586",
"product_id": "java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586"
}
},
{
"category": "product_version",
"name": "java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586",
"product": {
"name": "java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586",
"product_id": "java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586"
}
},
{
"category": "product_version",
"name": "java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586",
"product": {
"name": "java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586",
"product_id": "java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586"
}
},
{
"category": "product_version",
"name": "java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586",
"product": {
"name": "java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586",
"product_id": "java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586"
}
},
{
"category": "product_version",
"name": "java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586",
"product": {
"name": "java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586",
"product_id": "java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586"
}
},
{
"category": "product_version",
"name": "java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586",
"product": {
"name": "java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586",
"product_id": "java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch",
"product": {
"name": "java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch",
"product_id": "java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64",
"product": {
"name": "java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64",
"product_id": "java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64",
"product": {
"name": "java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64",
"product_id": "java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64",
"product": {
"name": "java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64",
"product_id": "java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64",
"product": {
"name": "java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64",
"product_id": "java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64",
"product": {
"name": "java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64",
"product_id": "java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64",
"product": {
"name": "java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64",
"product_id": "java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64",
"product": {
"name": "java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64",
"product_id": "java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.0",
"product": {
"name": "openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.0"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-11.0.4.0-lp151.3.6.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:java-11-openjdk-11.0.4.0-lp151.3.6.1.i586"
},
"product_reference": "java-11-openjdk-11.0.4.0-lp151.3.6.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64"
},
"product_reference": "java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586"
},
"product_reference": "java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64"
},
"product_reference": "java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586"
},
"product_reference": "java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64"
},
"product_reference": "java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586"
},
"product_reference": "java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64"
},
"product_reference": "java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586"
},
"product_reference": "java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64"
},
"product_reference": "java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch"
},
"product_reference": "java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586"
},
"product_reference": "java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64"
},
"product_reference": "java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586"
},
"product_reference": "java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64"
},
"product_reference": "java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-11.0.4.0-lp151.3.6.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:java-11-openjdk-11.0.4.0-lp151.3.6.1.i586"
},
"product_reference": "java-11-openjdk-11.0.4.0-lp151.3.6.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64"
},
"product_reference": "java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586"
},
"product_reference": "java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64"
},
"product_reference": "java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586"
},
"product_reference": "java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64"
},
"product_reference": "java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586"
},
"product_reference": "java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64"
},
"product_reference": "java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586"
},
"product_reference": "java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64"
},
"product_reference": "java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch"
},
"product_reference": "java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586"
},
"product_reference": "java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64"
},
"product_reference": "java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586"
},
"product_reference": "java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64"
},
"product_reference": "java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-2745",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-2745"
}
],
"notes": [
{
"category": "general",
"text": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 7u221, 8u212 and 11.0.3. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE executes to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:java-11-openjdk-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch",
"openSUSE Leap 15.0:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch",
"openSUSE Leap 15.1:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-2745",
"url": "https://www.suse.com/security/cve/CVE-2019-2745"
},
{
"category": "external",
"summary": "SUSE Bug 1141784 for CVE-2019-2745",
"url": "https://bugzilla.suse.com/1141784"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:java-11-openjdk-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch",
"openSUSE Leap 15.0:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch",
"openSUSE Leap 15.1:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:java-11-openjdk-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch",
"openSUSE Leap 15.0:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch",
"openSUSE Leap 15.1:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-15T09:50:51Z",
"details": "moderate"
}
],
"title": "CVE-2019-2745"
},
{
"cve": "CVE-2019-2762",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-2762"
}
],
"notes": [
{
"category": "general",
"text": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:java-11-openjdk-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch",
"openSUSE Leap 15.0:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch",
"openSUSE Leap 15.1:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-2762",
"url": "https://www.suse.com/security/cve/CVE-2019-2762"
},
{
"category": "external",
"summary": "SUSE Bug 1141782 for CVE-2019-2762",
"url": "https://bugzilla.suse.com/1141782"
},
{
"category": "external",
"summary": "SUSE Bug 1147021 for CVE-2019-2762",
"url": "https://bugzilla.suse.com/1147021"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:java-11-openjdk-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch",
"openSUSE Leap 15.0:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch",
"openSUSE Leap 15.1:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:java-11-openjdk-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch",
"openSUSE Leap 15.0:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch",
"openSUSE Leap 15.1:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-15T09:50:51Z",
"details": "moderate"
}
],
"title": "CVE-2019-2762"
},
{
"cve": "CVE-2019-2766",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-2766"
}
],
"notes": [
{
"category": "general",
"text": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:java-11-openjdk-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch",
"openSUSE Leap 15.0:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch",
"openSUSE Leap 15.1:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-2766",
"url": "https://www.suse.com/security/cve/CVE-2019-2766"
},
{
"category": "external",
"summary": "SUSE Bug 1141789 for CVE-2019-2766",
"url": "https://bugzilla.suse.com/1141789"
},
{
"category": "external",
"summary": "SUSE Bug 1147021 for CVE-2019-2766",
"url": "https://bugzilla.suse.com/1147021"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:java-11-openjdk-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch",
"openSUSE Leap 15.0:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch",
"openSUSE Leap 15.1:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:java-11-openjdk-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch",
"openSUSE Leap 15.0:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch",
"openSUSE Leap 15.1:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-15T09:50:51Z",
"details": "moderate"
}
],
"title": "CVE-2019-2766"
},
{
"cve": "CVE-2019-2769",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-2769"
}
],
"notes": [
{
"category": "general",
"text": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:java-11-openjdk-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch",
"openSUSE Leap 15.0:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch",
"openSUSE Leap 15.1:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-2769",
"url": "https://www.suse.com/security/cve/CVE-2019-2769"
},
{
"category": "external",
"summary": "SUSE Bug 1141783 for CVE-2019-2769",
"url": "https://bugzilla.suse.com/1141783"
},
{
"category": "external",
"summary": "SUSE Bug 1147021 for CVE-2019-2769",
"url": "https://bugzilla.suse.com/1147021"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:java-11-openjdk-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch",
"openSUSE Leap 15.0:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch",
"openSUSE Leap 15.1:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:java-11-openjdk-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch",
"openSUSE Leap 15.0:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch",
"openSUSE Leap 15.1:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-15T09:50:51Z",
"details": "moderate"
}
],
"title": "CVE-2019-2769"
},
{
"cve": "CVE-2019-2786",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-2786"
}
],
"notes": [
{
"category": "general",
"text": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:java-11-openjdk-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch",
"openSUSE Leap 15.0:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch",
"openSUSE Leap 15.1:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-2786",
"url": "https://www.suse.com/security/cve/CVE-2019-2786"
},
{
"category": "external",
"summary": "SUSE Bug 1141787 for CVE-2019-2786",
"url": "https://bugzilla.suse.com/1141787"
},
{
"category": "external",
"summary": "SUSE Bug 1147021 for CVE-2019-2786",
"url": "https://bugzilla.suse.com/1147021"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:java-11-openjdk-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch",
"openSUSE Leap 15.0:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch",
"openSUSE Leap 15.1:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:java-11-openjdk-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch",
"openSUSE Leap 15.0:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch",
"openSUSE Leap 15.1:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-15T09:50:51Z",
"details": "moderate"
}
],
"title": "CVE-2019-2786"
},
{
"cve": "CVE-2019-2816",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-2816"
}
],
"notes": [
{
"category": "general",
"text": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:java-11-openjdk-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch",
"openSUSE Leap 15.0:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch",
"openSUSE Leap 15.1:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-2816",
"url": "https://www.suse.com/security/cve/CVE-2019-2816"
},
{
"category": "external",
"summary": "SUSE Bug 1141785 for CVE-2019-2816",
"url": "https://bugzilla.suse.com/1141785"
},
{
"category": "external",
"summary": "SUSE Bug 1147021 for CVE-2019-2816",
"url": "https://bugzilla.suse.com/1147021"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:java-11-openjdk-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch",
"openSUSE Leap 15.0:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch",
"openSUSE Leap 15.1:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:java-11-openjdk-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch",
"openSUSE Leap 15.0:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch",
"openSUSE Leap 15.1:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-15T09:50:51Z",
"details": "moderate"
}
],
"title": "CVE-2019-2816"
},
{
"cve": "CVE-2019-2818",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-2818"
}
],
"notes": [
{
"category": "general",
"text": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 11.0.3 and 12.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:java-11-openjdk-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch",
"openSUSE Leap 15.0:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch",
"openSUSE Leap 15.1:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-2818",
"url": "https://www.suse.com/security/cve/CVE-2019-2818"
},
{
"category": "external",
"summary": "SUSE Bug 1141788 for CVE-2019-2818",
"url": "https://bugzilla.suse.com/1141788"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:java-11-openjdk-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch",
"openSUSE Leap 15.0:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch",
"openSUSE Leap 15.1:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:java-11-openjdk-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch",
"openSUSE Leap 15.0:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch",
"openSUSE Leap 15.1:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-15T09:50:51Z",
"details": "moderate"
}
],
"title": "CVE-2019-2818"
},
{
"cve": "CVE-2019-2821",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-2821"
}
],
"notes": [
{
"category": "general",
"text": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 11.0.3 and 12.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:java-11-openjdk-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch",
"openSUSE Leap 15.0:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch",
"openSUSE Leap 15.1:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-2821",
"url": "https://www.suse.com/security/cve/CVE-2019-2821"
},
{
"category": "external",
"summary": "SUSE Bug 1141781 for CVE-2019-2821",
"url": "https://bugzilla.suse.com/1141781"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:java-11-openjdk-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch",
"openSUSE Leap 15.0:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch",
"openSUSE Leap 15.1:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:java-11-openjdk-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch",
"openSUSE Leap 15.0:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch",
"openSUSE Leap 15.1:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-15T09:50:51Z",
"details": "moderate"
}
],
"title": "CVE-2019-2821"
},
{
"cve": "CVE-2019-7317",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-7317"
}
],
"notes": [
{
"category": "general",
"text": "png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:java-11-openjdk-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch",
"openSUSE Leap 15.0:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch",
"openSUSE Leap 15.1:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-7317",
"url": "https://www.suse.com/security/cve/CVE-2019-7317"
},
{
"category": "external",
"summary": "SUSE Bug 1124211 for CVE-2019-7317",
"url": "https://bugzilla.suse.com/1124211"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-7317",
"url": "https://bugzilla.suse.com/1135824"
},
{
"category": "external",
"summary": "SUSE Bug 1141780 for CVE-2019-7317",
"url": "https://bugzilla.suse.com/1141780"
},
{
"category": "external",
"summary": "SUSE Bug 1147021 for CVE-2019-7317",
"url": "https://bugzilla.suse.com/1147021"
},
{
"category": "external",
"summary": "SUSE Bug 1165297 for CVE-2019-7317",
"url": "https://bugzilla.suse.com/1165297"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:java-11-openjdk-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch",
"openSUSE Leap 15.0:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch",
"openSUSE Leap 15.1:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:java-11-openjdk-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch",
"openSUSE Leap 15.0:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.0:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-accessibility-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-demo-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-devel-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-headless-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-javadoc-11.0.4.0-lp151.3.6.1.noarch",
"openSUSE Leap 15.1:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-jmods-11.0.4.0-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.i586",
"openSUSE Leap 15.1:java-11-openjdk-src-11.0.4.0-lp151.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-15T09:50:51Z",
"details": "moderate"
}
],
"title": "CVE-2019-7317"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…