-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.3930
                  Security update for java-1_8_0-openjdk
                              9 November 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           java-1_8_0-openjdk
Publisher:         SUSE
Operating System:  SUSE
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Modify Arbitrary Files          -- Remote/Unauthenticated      
                   Denial of Service               -- Remote/Unauthenticated      
                   Access Confidential Data        -- Remote/Unauthenticated      
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-14803 CVE-2020-14798 CVE-2020-14797
                   CVE-2020-14796 CVE-2020-14792 CVE-2020-14782
                   CVE-2020-14781 CVE-2020-14779 CVE-2020-14621
                   CVE-2020-14593 CVE-2020-14583 CVE-2020-14581
                   CVE-2020-14579 CVE-2020-14578 CVE-2020-14577
                   CVE-2020-14556  

Reference:         ASB-2020.0175
                   ASB-2020.0174
                   ESB-2020.3772
                   ESB-2020.3694.2
                   ESB-2020.3664
                   ESB-2020.3648

Original Bulletin: 
   https://www.suse.com/support/update/announcement/2020/suse-su-20203191-1

- --------------------------BEGIN INCLUDED TEXT--------------------

SUSE Security Update: Security update for java-1_8_0-openjdk

______________________________________________________________________________

Announcement ID:   SUSE-SU-2020:3191-1
Rating:            important
References:        #1171352 #1174157 #1177943
Cross-References:  CVE-2020-14556 CVE-2020-14577 CVE-2020-14578 CVE-2020-14579
                   CVE-2020-14581 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621
                   CVE-2020-14779 CVE-2020-14781 CVE-2020-14782 CVE-2020-14792
                   CVE-2020-14796 CVE-2020-14797 CVE-2020-14798 CVE-2020-14803
Affected Products:
                   SUSE OpenStack Cloud Crowbar 9
                   SUSE OpenStack Cloud Crowbar 8
                   SUSE OpenStack Cloud 9
                   SUSE OpenStack Cloud 8
                   SUSE OpenStack Cloud 7
                   SUSE Linux Enterprise Server for SAP 12-SP4
                   SUSE Linux Enterprise Server for SAP 12-SP3
                   SUSE Linux Enterprise Server for SAP 12-SP2
                   SUSE Linux Enterprise Server 12-SP5
                   SUSE Linux Enterprise Server 12-SP4-LTSS
                   SUSE Linux Enterprise Server 12-SP3-LTSS
                   SUSE Linux Enterprise Server 12-SP3-BCL
                   SUSE Linux Enterprise Server 12-SP2-LTSS
                   SUSE Linux Enterprise Server 12-SP2-BCL
                   SUSE Enterprise Storage 5
                   HPE Helion Openstack 8
______________________________________________________________________________

An update that fixes 16 vulnerabilities is now available.

Description:

This update for java-1_8_0-openjdk fixes the following issues:

  o Fix regression "8250861: Crash in MinINode::Ideal(PhaseGVN*, bool)",
    introduced in October 2020 CPU.


  o Update to version jdk8u272 (icedtea 3.17.0) (July 2020 CPU, bsc#1174157,
    and October 2020 CPU, bsc#1177943) * New features + JDK-8245468: Add
    TLSv1.3 implementation classes from 11.0.7 + PR3796: Allow the number of
    curves supported to be specified * Security fixes + JDK-8028431,
    CVE-2020-14579: NullPointerException in DerValue.equals(DerValue) +
    JDK-8028591, CVE-2020-14578: NegativeArraySizeException in
    sun.security.util.DerInputStream.getUnalignedBitString() + JDK-8230613:
    Better ASCII conversions + JDK-8231800: Better listing of arrays +
    JDK-8232014: Expand DTD support + JDK-8233255: Better Swing Buttons +
    JDK-8233624: Enhance JNI linkage + JDK-8234032: Improve basic calendar
    services + JDK-8234042: Better factory production of certificates +
    JDK-8234418: Better parsing with CertificateFactory + JDK-8234836: Improve
    serialization handling + JDK-8236191: Enhance OID processing + JDK-8236196:
    Improve string pooling + JDK-8236862, CVE-2020-14779: Enhance support of
    Proxy class + JDK-8237117, CVE-2020-14556: Better ForkJoinPool behavior +
    JDK-8237592, CVE-2020-14577: Enhance certificate verification +
    JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts + JDK-8237995,
    CVE-2020-14782: Enhance certificate processing + JDK-8238002,
    CVE-2020-14581: Better matrix operations + JDK-8238804: Enhance key
    handling process + JDK-8238842: AIOOBE in
    GIFImageReader.initializeStringTable + JDK-8238843: Enhanced font handing +
    JDK-8238920, CVE-2020-14583: Better Buffer support + JDK-8238925: Enhance
    WAV file playback + JDK-8240119, CVE-2020-14593: Less Affine
    Transformations + JDK-8240124: Better VM Interning + JDK-8240482: Improved
    WAV file playback + JDK-8241114, CVE-2020-14792: Better range handling +
    JDK-8241379: Update JCEKS support + JDK-8241522: Manifest improved jar
    headers redux + JDK-8242136, CVE-2020-14621: Better XML namespace handling
    + JDK-8242680, CVE-2020-14796: Improved URI Support + JDK-8242685,
    CVE-2020-14797: Better Path Validation + JDK-8242695, CVE-2020-14798:
    Enhanced buffer support + JDK-8243302: Advanced class supports +
    JDK-8244136, CVE-2020-14803: Improved Buffer supports + JDK-8244479:
    Further constrain certificates + JDK-8244955: Additional Fix for
    JDK-8240124 + JDK-8245407: Enhance zoning of times + JDK-8245412: Better
    class definitions + JDK-8245417: Improve certificate chain handling +
    JDK-8248574: Improve jpeg processing + JDK-8249927: Specify limits of
    jdk.serialProxyInterfaceLimit + JDK-8253019: Enhanced JPEG decoding *
    Import of OpenJDK 8 u262 build 01 + JDK-4949105: Access Bridge lacks html
    tags parsing + JDK-8003209: JFR events for network utilization +
    JDK-8030680: 292 cleanup from default method code assessment + JDK-8035633:
    TEST_BUG: java/net/NetworkInterface/Equals.java and some tests failed on
    windows intermittently + JDK-8041626: Shutdown tracing event + JDK-8141056:
    Erroneous assignment in HeapRegionSet.cpp + JDK-8149338: JVM Crash caused
    by Marlin renderer not handling NaN coordinates + JDK-8151582: (ch) test
    java/nio/channels/ /AsyncCloseAndInterrupt.java failing due to "Connection
    succeeded" + JDK-8165675: Trace event for thread park has incorrect unit
    for timeout + JDK-8176182: 4 security tests are not run + JDK-8178910:
    Problemlist sample tests + JDK-8183925: Decouple crash protection from
    watcher thread + JDK-8191393: Random crashes during cfree+0x1c +
    JDK-8195817: JFR.stop should require name of recording + JDK-8195818:
    JFR.start should increase autogenerated name by one + JDK-8195819: Remove
    recording=x from jcmd JFR.check output + JDK-8199712: Flight Recorder +
    JDK-8202578: Revisit location for class unload events + JDK-8202835: jfr/
    event/os/TestSystemProcess.java fails on missing events + JDK-8203287: Zero
    fails to build after JDK-8199712 (Flight Recorder) + JDK-8203346: JFR:
    Inconsistent signature of jfr_add_string_constant + JDK-8203664: JFR start
    failure after AppCDS archive created with JFR StartFlightRecording +
    JDK-8203921: JFR thread sampling is missing fixes from JDK-8194552 +
    JDK-8203929: Limit amount of data for JFR.dump + JDK-8205516: JFR tool +
    JDK-8207392: [PPC64] Implement JFR profiling + JDK-8207829:
    FlightRecorderMXBeanImpl is leaking the first classloader which calls it +
    JDK-8209960: -Xlog:jfr* doesn't work with the JFR + JDK-8210024: JFR calls
    virtual is_Java_thread from ~Thread() + JDK-8210776: Upgrade X Window
    System 6.8.2 to the latest XWD 1.0.7 + JDK-8211239: Build fails without
    JFR: empty JFR events signatures mismatch + JDK-8212232: Wrong metadata for
    the configuration of the cutoff for old object sample events + JDK-8213015:
    Inconsistent settings between JFR.configure and -XX:FlightRecorderOptions +
    JDK-8213421: Line number information for execution samples always 0 +
    JDK-8213617: JFR should record the PID of the recorded process +
    JDK-8213734: SAXParser.parse(File, ..) does not close resources when
    Exception occurs. + JDK-8213914: [TESTBUG] Several JFR VM events are not
    covered by tests + JDK-8213917: [TESTBUG] Shutdown JFR event is not covered
    by test + JDK-8213966: The ZGC JFR events should be marked as experimental
    + JDK-8214542: JFR: Old Object Sample event slow on a deep heap in debug
    builds + JDK-8214750: Unnecessary

    tags in jfr classes + JDK-8214896: JFR Tool left files behind +
    JDK-8214906: [TESTBUG] jfr/event/sampling/TestNative.java fails with
    UnsatisfiedLinkError + JDK-8214925: JFR tool fails to execute +
    JDK-8215175: Inconsistencies in JFR event metadata + JDK-8215237:
    jdk.jfr.Recording javadoc does not compile + JDK-8215284: Reduce noise
    induced by periodic task getFileSize() + JDK-8215355: Object monitor
    deadlock with no threads holding the monitor (using jemalloc 5.1) +
    JDK-8215362: JFR GTest JfrTestNetworkUtilization fails + JDK-8215771: The
    jfr tool should pretty print reference chains + JDK-8216064:
    -XX:StartFlightRecording:settings= doesn't work properly + JDK-8216486:
    Possibility of integer overflow in JfrThreadSampler::run() + JDK-8216528:
    test/jdk/java/rmi/transport/ /runtimeThreadInheritanceLeak/ /
    RuntimeThreadInheritanceLeak.java failing with Xcomp + JDK-8216559: [JFR]
    Native libraries not correctly parsed from /proc/self/maps + JDK-8216578:
    Remove unused/obsolete method in JFR code + JDK-8216995: Clean up JFR
    command line processing + JDK-8217744: [TESTBUG] JFR TestShutdownEvent
    fails on some systems due to process surviving SIGINT + JDK-8217748:
    [TESTBUG] Exclude TestSig test case from JFR TestShutdownEvent +
    JDK-8218935: Make jfr strncpy uses GCC 8.x friendly + JDK-8223147: JFR
    Backport + JDK-8223689: Add JFR Thread Sampling Support + JDK-8223690: Add
    JFR BiasedLock Event Support + JDK-8223691: Add JFR G1 Region Type Change
    Event Support + JDK-8223692: Add JFR G1 Heap Summary Event Support +
    JDK-8224172: assert(jfr_is_event_enabled(id)) failed: invariant +
    JDK-8224475: JTextPane does not show images in HTML rendering +
    JDK-8226253: JAWS reports wrong number of radio buttons when buttons are
    hidden. + JDK-8226779: [TESTBUG] Test JFR API from Java agent +
    JDK-8226892: ActionListeners on JRadioButtons don't get notified when
    selection is changed with arrow keys + JDK-8227011: Starting a JFR
    recording in response to JVMTI VMInit and / or Java agent premain corrupts
    memory + JDK-8227605: Kitchensink fails "assert((((klass)->trace_id() &
    (JfrTraceIdEpoch::leakp_in_use_this_epoch_bit())) != 0)) failed:
    invariant" + JDK-8229366: JFR backport allows unchecked writing to memory +
    JDK-8229401: Fix JFR code cache test failures + JDK-8229708: JFR backport
    code does not initialize + JDK-8229873: 8229401 broke jdk8u-jfr-incubator +
    JDK-8230448: [test] JFRSecurityTestSuite.java is failing on Windows +
    JDK-8230707: JFR related tests are failing + JDK-8230782:
    Robot.createScreenCapture() fails if "awt.robot.gtk" is set to false +
    JDK-8230856: Java_java_net_NetworkInterface_getByName0 on unix misses
    ReleaseStringUTFChars in early return + JDK-8230947:
    TestLookForUntestedEvents.java is failing after JDK-8230707 + JDK-8231995:
    two jtreg tests failed after 8229366 is fixed + JDK-8233623: Add classpath
    exception to copyright in EventHandlerProxyCreator.java file + JDK-8236002:
    CSR for JFR backport suggests not leaving out the package-info +
    JDK-8236008: Some backup files were accidentally left in the hotspot tree +
    JDK-8236074: Missed package-info + JDK-8236174: Should update javadoc since
    tags + JDK-8238076: Fix OpenJDK 7 Bootstrap Broken by JFR Backport +
    JDK-8238452: Keytool generates wrong expiration date if validity is set to
    2050/01/01 + JDK-8238555: Allow Initialization of SunPKCS11 with NSS when
    there are external FIPS modules in the NSSDB + JDK-8238589: Necessary code
    cleanup in JFR for JDK8u + JDK-8238590: Enable JFR by default during
    compilation in 8u + JDK-8239055: Wrong implementation of
    VMState.hasListener + JDK-8239476: JDK-8238589 broke windows build by
    moving OrderedPair + JDK-8239479: minimal1 and zero builds are failing +
    JDK-8239867: correct over use of INCLUDE_JFR macro + JDK-8240375: Disable
    JFR by default for July 2020 release + JDK-8241444: Metaspace::_class_vsm
    not initialized if compressed class pointers are disabled + JDK-8241902:
    AIX Build broken after integration of JDK-8223147 (JFR Backport) +
    JDK-8242788: Non-PCH build is broken after JDK-8191393 * Import of OpenJDK
    8 u262 build 02 + JDK-8130737: AffineTransformOp can't handle child raster
    with non-zero x-offset + JDK-8172559: [PIT][TEST_BUG] Move @test to be 1st
    annotation in java/awt/image/Raster/TestChildRasterOp.java + JDK-8230926:
    [macosx] Two apostrophes are entered instead of one with "U.S.
    International - PC" layout + JDK-8240576: JVM crashes after transformation
    in C2 IdealLoopTree::merge_many_backedges + JDK-8242883: Incomplete
    backport of JDK-8078268: backport test part * Import of OpenJDK 8 u262
    build 03 + JDK-8037866: Replace the Fun class in tests with lambdas +
    JDK-8146612: C2: Precedence edges specification violated + JDK-8150986:
    serviceability/sa/jmap-hprof/ /JMapHProfLargeHeapTest.java failing because
    expects HPROF JAVA PROFILE 1.0.1 file format + JDK-8229888: (zipfs)
    Updating an existing zip file does not preserve original permissions +
    JDK-8230597: Update GIFlib library to the 5.2.1 + JDK-8230769:
    BufImg_SetupICM add ReleasePrimitiveArrayCritical call in early return +
    JDK-8233880, PR3798: Support compilers with multi-digit major version
    numbers + JDK-8239852: java/util/concurrent tests fail with
    -XX:+VerifyGraphEdges: assert(!VerifyGraphEdges) failed:

verification should have failed + JDK-8241638: launcher time metrics always
report 1 on Linux when _JAVA_LAUNCHER_DEBUG set + JDK-8243059: Build fails when
- --with-vendor-name contains a comma + JDK-8243474: [TESTBUG] removed three
tests of 0 bytes + JDK-8244461: [JDK 8u] Build fails with glibc 2.32 +
JDK-8244548: JDK 8u: sun.misc.Version.jdkUpdateVersion() returns wrong result *
Import of OpenJDK 8 u262 build 04 + JDK-8067796: (process) Process.waitFor
(timeout, unit) doesn't throw NPE if timeout is less than, or equal to zero
when unit == null + JDK-8148886: SEGV in
sun.java2d.marlin.Renderer._endRendering + JDK-8171934:
ObjectSizeCalculator.getEffectiveMemoryLayoutSpecification() does not recognize
OpenJDK's HotSpot VM + JDK-8196969: JTreg Failure: serviceability/sa/
ClhsdbJstack.java causes NPE + JDK-8243539: Copyright info (Year) should be
updated for fix of 8241638 + JDK-8244777: ClassLoaderStats VM Op uses constant
hash value * Import of OpenJDK 8 u262 build 05 + JDK-7147060: com/sun/org/
apache/xml/internal/security/ /transforms/ClassLoaderTest.java doesn't run in
agentvm mode + JDK-8178374: Problematic ByteBuffer handling in
CipherSpi.bufferCrypt method + JDK-8181841: A TSA server returns timestamp with
precision higher than milliseconds + JDK-8227269: Slow class loading when
running with JDWP + JDK-8229899: Make java.io.File.isInvalid() less racy +
JDK-8236996: Incorrect Roboto font rendering on Windows with subpixel
antialiasing + JDK-8241750: x86_32 build failure after JDK-8227269 +
JDK-8244407: JVM crashes after transformation in C2
IdealLoopTree::split_fall_in + JDK-8244843: JapanEraNameCompatTest fails *
Import of OpenJDK 8 u262 build 06 + JDK-8246223: Windows build fails after
JDK-8227269 * Import of OpenJDK 8 u262 build 07 + JDK-8233197: Invert
JvmtiExport::post_vm_initialized() and Jfr:on_vm_start() start-up order for
correct option parsing + JDK-8243541: (tz) Upgrade time-zone data to
tzdata2020a + JDK-8245167: Top package in method profiling shows null in JMC +
JDK-8246703: [TESTBUG] Add test for JDK-8233197 * Import of OpenJDK 8 u262
build 08 + JDK-8220293: Deadlock in JFR string pool + JDK-8225068: Remove
DocuSign root certificate that is expiring in May 2020 + JDK-8225069: Remove
Comodo root certificate that is expiring in May 2020 * Import of OpenJDK 8 u262
build 09 + JDK-8248399: Build installs jfr binary when JFR is disabled * Import
of OpenJDK 8 u262 build 10 + JDK-8248715: New JavaTimeSupplementary
localisation for 'in' installed in wrong package * Import of OpenJDK 8 u265
build 01 + JDK-8249677: Regression in 8u after JDK-8237117: Better ForkJoinPool
behavior + JDK-8250546: Expect changed behaviour reported in JDK-8249846 *
Import of OpenJDK 8 u272 build 01 + JDK-8006205: [TESTBUG] NEED_TEST: please
JTREGIFY test/compiler/7177917/Test7177917.java + JDK-8035493: JVMTI PopFrame
capability must instruct compilers not to prune locals + JDK-8036088: Replace
strtok() with its safe equivalent strtok_s() in DefaultProxySelector.c +
JDK-8039082: [TEST_BUG] Test java/awt/dnd/ /BadSerializationTest/
BadSerializationTest.java fails + JDK-8075774: Small readability and
performance improvements for zipfs + JDK-8132206: move ScanTest.java into
OpenJDK + JDK-8132376: Add @requires os.family to the client tests with access
to internal OS-specific API + JDK-8132745: minor cleanup of java/util/Scanner/
ScanTest.java + JDK-8137087: [TEST_BUG] Cygwin failure of java/awt/ /
appletviewer/IOExceptionIfEncodedURLTest/ /IOExceptionIfEncodedURLTest.sh +
JDK-8145808: java/awt/Graphics2D/MTGraphicsAccessTest/ /
MTGraphicsAccessTest.java hangs on Win. 8 + JDK-8151788: NullPointerException
from ntlm.Client.type3 + JDK-8151834: Test SmallPrimeExponentP.java times out
intermittently + JDK-8153430: jdk regression test MletParserLocaleTest,
ParserInfiniteLoopTest reduce default timeout + JDK-8153583: Make
OutputAnalyzer.reportDiagnosticSummary public + JDK-8156169: Some sound tests
rarely hangs because of incorrect synchronization + JDK-8165936: Potential Heap
buffer overflow when seaching timezone info files + JDK-8166148: Fix for
JDK-8165936 broke solaris builds + JDK-8167300: Scheduling failures during gcm
should be fatal + JDK-8167615: Opensource unit/regression tests for JavaSound +
JDK-8172012: [TEST_BUG] delays needed in javax/swing/JTree/4633594/
bug4633594.java + JDK-8177628: Opensource unit/regression tests for ImageIO +
JDK-8183341: Better cleanup for javax/imageio/AllowSearch.java + JDK-8183351:
Better cleanup for jdk/test/javax/imageio/spi/ /AppletContextTest/
BadPluginConfigurationTest.sh + JDK-8193137: Nashorn crashes when given an
empty script file + JDK-8194298: Add support for per Socket configuration of
TCP keepalive + JDK-8198004: javax/swing/JFileChooser/6868611/bug6868611.java
throws error + JDK-8200313: java/awt/Gtk/GtkVersionTest/GtkVersionTest.java
fails + JDK-8210147: adjust some WSAGetLastError usages in windows network
coding + JDK-8211714: Need to update vm_version.cpp to recognise VS2017 minor
versions + JDK-8214862: assert(proj != __null) at compile.cpp:3251 +
JDK-8217606: LdapContext#reconnect always opens a new connection + JDK-8217647:
JFR: recordings on 32-bit systems unreadable + JDK-8226697: Several tests which
need the @key headful keyword are missing it. + JDK-8229378: jdwp library
loader in linker_md.c quietly truncates on buffer overflow + JDK-8230303: JDB
hangs when running monitor command + JDK-8230711:
ConnectionGraph::unique_java_object(Node* N) return NULL if n is not in the CG
+ JDK-8234617: C1: Incorrect result of field load due to missing narrowing
conversion + JDK-8235243: handle VS2017 15.9 and VS2019 in abstract_vm_version
+ JDK-8235325: build failure on Linux after 8235243 + JDK-8235687: Contents/
MacOS/libjli.dylib cannot be a symlink + JDK-8237951: CTW: C2 compilation fails
with "malformed control flow" + JDK-8238225: Issues reported after replacing
symlink at Contents/MacOS/libjli.dylib with binary + JDK-8239385:
KerberosTicket client name refers wrongly to sAMAccountName in AD +
JDK-8239819: XToolkit: Misread of screen information memory + JDK-8240295:
hs_err elapsed time in seconds is not accurate enough + JDK-8241888: Mirror
jdk.security.allowNonCaAnchor system property with a security one +
JDK-8242498: Invalid "sun.awt.TimedWindowEvent" object leads to JVM crash +
JDK-8243489: Thread CPU Load event may contain wrong data for CPU time under
certain conditions + JDK-8244818: Java2D Queue Flusher crash while moving
application window to external monitor + JDK-8246310: Clean commented-out code
about ModuleEntry and PackageEntry in JFR + JDK-8246384: Enable JFR by default
on supported architectures for October 2020 release + JDK-8248643: Remove extra
leading space in JDK-8240295 8u backport + JDK-8249610: Make
sun.security.krb5.Config.getBooleanObject(String... keys) method public *
Import of OpenJDK 8 u272 build 02 + JDK-8023697: failed class resolution
reports different class name in detail message for the first and subsequent
times + JDK-8025886: replace [[ and == bash extensions in regtest +
JDK-8046274: Removing dependency on jakarta-regexp + JDK-8048933:
- -XX:+TraceExceptions output should include the message + JDK-8076151: [TESTBUG]
Test java/awt/FontClass/CreateFont/ /fileaccess/FontFile.java fails +
JDK-8148854: Class names "SomeClass" and "LSomeClass;" treated by JVM as an
equivalent + JDK-8154313: Generated javadoc scattered all over the place +
JDK-8163251: Hard coded loop limit prevents reading of smart card data greater
than 8k + JDK-8173300: [TESTBUG]compiler/tiered/NonTieredLevelsTest.java fails
with compiler.whitebox.SimpleTestCaseHelper(int) must be compiled +
JDK-8183349: Better cleanup for jdk/test/javax/imageio/ /plugins/shared/
CanWriteSequence.java and WriteAfterAbort.java + JDK-8191678: [TESTBUG] Add
keyword headful in java/awt FocusTransitionTest test. + JDK-8201633: Problems
with AES-GCM native acceleration + JDK-8211049: Second parameter of
"initialize" method is not used + JDK-8219566: JFR did not collect call stacks
when MaxJavaStackTraceDepth is set to zero + JDK-8220165: Encryption using GCM
results in RuntimeException- input length out of bound + JDK-8220555: JFR tool
shows potentially misleading message when it cannot access a file +
JDK-8224217: RecordingInfo should use textual representation of path +
JDK-8231779: crash HeapWord*ParallelScavengeHeap::failed_mem_allocate +
JDK-8238380, PR3798: java.base/unix/native/libjava/childproc.c "multiple
definition" link errors with GCC10 + JDK-8238386, PR3798: (sctp) jdk.sctp/unix/
native/libsctp/ /SctpNet.c "multiple definition" link errors with GCC10 +
JDK-8238388, PR3798: libj2gss/NativeFunc.o "multiple definition" link errors
with GCC10 + JDK-8242556: Cannot load RSASSA-PSS public key with non-null
params from byte array + JDK-8250755: Better cleanup for jdk/test/javax/imageio
/ /plugins/shared/CanWriteSequence.java * Import of OpenJDK 8 u272 build 03 +
JDK-6574989: TEST_BUG: javax/sound/sampled/Clip/bug5070081.java fails sometimes
+ JDK-8148754: C2 loop unrolling fails due to unexpected graph shape +
JDK-8192953: sun/management/jmxremote/bootstrap/*.sh tests fail with error :
revokeall.exe: Permission denied + JDK-8203357: Container Metrics +
JDK-8209113: Use WeakReference for lastFontStrike for created Fonts +
JDK-8216283: Allow shorter method sampling interval than 10 ms + JDK-8221569:
JFR tool produces incorrect output when both --categories and --events are
specified + JDK-8233097: Fontmetrics for large Fonts has zero width +
JDK-8248851: CMS: Missing memory fences between free chunk check and klass read
+ JDK-8250875: Incorrect parameter type for update_number in
JDK_Version::jdk_update * Import of OpenJDK 8 u272 build 04 + JDK-8061616:
HotspotDiagnosticMXBean.getVMOption() throws IllegalArgumentException for flags
of type double + JDK-8177334: Update xmldsig implementation to Apache Santuario
2.1.1 + JDK-8217878: ENVELOPING XML signature no longer works in JDK 11 +
JDK-8218629: XML Digital Signature throws NAMESPACE_ERR exception on OpenJDK
11, works 8/9/10 + JDK-8243138: Enhance BaseLdapServer to support starttls
extended request * Import of OpenJDK 8 u272 build 05 + JDK-8026236: Add
PrimeTest for BigInteger + JDK-8057003: Large reference arrays cause extremely
long synchronization times + JDK-8060721: Test runtime/SharedArchiveFile/ /
LimitSharedSizes.java fails in jdk 9 fcs new platforms/compiler + JDK-8152077:
(cal) Calendar.roll does not always roll the hours during daylight savings +
JDK-8168517: java/lang/ProcessBuilder/Basic.java failed + JDK-8211163: UNIX
version of Java_java_io_Console_echo does not return a clean boolean +
JDK-8220674: [TESTBUG] MetricsMemoryTester failcount test in docker container
only works with debug JVMs + JDK-8231213: Migrate SimpleDateFormatConstTest to
JDK Repo + JDK-8236645: JDK 8u231 introduces a regression with incompatible
handling of XML messages + JDK-8240676: Meet not symmetric failure when running
lucene on jdk8 + JDK-8243321: Add Entrust root CA - G4 to Oracle Root CA
program + JDK-8249158: THREAD_START and THREAD_END event posted in primordial
phase + JDK-8250627: Use -XX:+/-UseContainerSupport for enabling/disabling Java
container metrics + JDK-8251546: 8u backport of JDK-8194298 breaks AIX and
Solaris builds + JDK-8252084: Minimal VM fails to bootcycle: undefined symbol:
AgeTableTracer::is_tenuring_distribution_event_enabled * Import of OpenJDK 8
u272 build 06 + JDK-8064319: Need to enable -XX:+TraceExceptions in release
builds + JDK-8080462, PR3801: Update SunPKCS11 provider with PKCS11 v2.40
support + JDK-8160768: Add capability to custom resolve host/domain names
within the default JNDI LDAP provider + JDK-8161973:
PKIXRevocationChecker.getSoftFailExceptions() not working + JDK-8169925,
PR3801: PKCS #11 Cryptographic Token Interface license + JDK-8184762:
ZapStackSegments should use optimized memset + JDK-8193234: When using
- -Xcheck:jni an internally allocated buffer can leak + JDK-8219919: RuntimeStub
name lost with PrintFrameConverterAssembly + JDK-8220313: [TESTBUG] Update base
image for Docker testing to OL 7.6 + JDK-8222079: Don't use memset to
initialize fields decode_env constructor in disassembler.cpp + JDK-8225695:
32-bit build failures after JDK-8080462 (Update SunPKCS11 provider with PKCS11
v2.40 support) + JDK-8226575: OperatingSystemMXBean should be made container
aware + JDK-8226809: Circular reference in printed stack trace is not correctly
indented & ambiguous + JDK-8228835: Memory leak in PKCS11 provider when using
AES GCM + JDK-8233621: Mismatch in jsse.enableMFLNExtension property name +
JDK-8238898, PR3801: Missing hash characters for header on license file +
JDK-8243320: Add SSL root certificates to Oracle Root CA program + JDK-8244151:
Update MUSCLE PC/SC-Lite headers to the latest release 1.8.26 + JDK-8245467:
Remove 8u TLSv1.2 implementation files + JDK-8245469: Remove DTLS protocol
implementation + JDK-8245470: Fix JDK8 compatibility issues + JDK-8245471:
Revert JDK-8148188 + JDK-8245472: Backport JDK-8038893 to JDK8 + JDK-8245473:
OCSP stapling support + JDK-8245474: Add TLS_KRB5 cipher suites support
according to RFC-2712 + JDK-8245476: Disable TLSv1.3 protocol in the
ClientHello message by default + JDK-8245477: Adjust TLS tests location +
JDK-8245653: Remove 8u TLS tests + JDK-8245681: Add TLSv1.3 regression test
from 11.0.7 + JDK-8251117: Cannot check P11Key size in P11Cipher and
P11AEADCipher + JDK-8251120, PR3793: [8u] HotSpot build assumes ENABLE_JFR is
set to either true or false + JDK-8251341: Minimal Java specification change +
JDK-8251478: Backport TLSv1.3 regression tests to JDK8u * Import of OpenJDK 8
u272 build 07 + JDK-8246193: Possible NPE in ENC-PA-REP search in AS-REQ *
Import of OpenJDK 8 u272 build 08 + JDK-8062947: Fix exception message to
correctly represent LDAP connection failure + JDK-8151678: com/sun/jndi/ldap/
LdapTimeoutTest.java failed due to timeout on DeadServerNoTimeoutTest is
incorrect + JDK-8252573: 8u: Windows build failed after 8222079 backport *
Import of OpenJDK 8 u272 build 09 + JDK-8252886: [TESTBUG] sun/security/ec/
TestEC.java : Compilation failed * Import of OpenJDK 8 u272 build 10 +
JDK-8254673: Call to JvmtiExport::post_vm_start() was removed by the fix for
JDK-8249158 + JDK-8254937: Revert JDK-8148854 for 8u272 * Backports +
JDK-8038723, PR3806: Openup some PrinterJob tests + JDK-8041480, PR3806:
ArrayIndexOutOfBoundsException when JTable contains certain string +
JDK-8058779, PR3805: Faster implementation of String.replace(CharSequence,
CharSequence) + JDK-8130125, PR3806: [TEST_BUG] add @modules to the several
client tests unaffected by the automated bulk update + JDK-8144015, PR3806:
[PIT] failures of text layout font tests + JDK-8144023, PR3806: [PIT] failure
of text measurements in javax/swing/text/html/parser/Parser/6836089/
bug6836089.java + JDK-8144240, PR3806: [macosx][PIT] AIOOB in closed/javax/
swing/text/GlyphPainter2/6427244/bug6427244.java + JDK-8145542, PR3806: The
case failed automatically and thrown java.lang.ArrayIndexOutOfBoundsException
exception + JDK-8151725, PR3806: [macosx] ArrayIndexOOB exception when
displaying Devanagari text in JEditorPane + JDK-8152358, PR3800: code and
comment cleanups found during the hunt for 8077392 + JDK-8152545, PR3804: Use
preprocessor instead of compiling a program to generate native nio constants +
JDK-8152680, PR3806: Regression in GlyphVector.getGlyphCharIndex behaviour +
JDK-8158924, PR3806: Incorrect i18n text document layout + JDK-8166003, PR3806:
[PIT][TEST_BUG] missing helper for javax/swing/text/GlyphPainter2/6427244/
bug6427244.java + JDK-8166068, PR3806: test/java/awt/font/GlyphVector/ /
GetGlyphCharIndexTest.java does not compile + JDK-8169879, PR3806: [TEST_BUG]
javax/swing/text/ /GlyphPainter2/6427244/bug6427244.java - compilation failed +
JDK-8191512, PR3806: T2K font rasterizer code removal + JDK-8191522, PR3806:
Remove Bigelow&Holmes Lucida fonts from JDK sources + JDK-8236512, PR3801:
PKCS11 Connection closed after Cipher.doFinal and NoPadding + JDK-8254177,
PR3809: (tz) Upgrade time-zone data to tzdata2020b * Bug fixes + PR3798: Fix
format-overflow error on GCC 10, caused by passing NULL to a '%s' directive +
PR3795: ECDSAUtils for XML digital signatures should support the same curve set
as the rest of the JDK + PR3799: Adapt elliptic curve patches to JDK-8245468:
Add TLSv1.3 implementation classes from 11.0.7 + PR3808: IcedTea does not
install the JFR *.jfc files + PR3810: Enable JFR on x86 (32-bit) now that
JDK-8252096 has fixed its use with Shenandoah + PR3811: Don't attempt to
install JFR files when JFR is disabled * Shenandoah + [backport] 8221435:
Shenandoah should not mark through weak roots + [backport] 8221629: Shenandoah:
Cleanup class unloading logic + [backport] 8222992: Shenandoah: Pre-evacuate
all roots + [backport] 8223215: Shenandoah: Support verifying subset of roots +
[backport] 8223774: Shenandoah: Refactor ShenandoahRootProcessor and family +
[backport] 8224210: Shenandoah: Refactor ShenandoahRootScanner to support
scanning CSet codecache roots + [backport] 8224508: Shenandoah: Need to update
thread roots in final mark for piggyback ref update cycle + [backport] 8224579:
ResourceMark not declared in shenandoahRootProcessor.inline.hpp with
- --disable-precompiled-headers + [backport] 8224679: Shenandoah: Make
ShenandoahParallelCodeCacheIterator noncopyable + [backport] 8224751:
Shenandoah: Shenandoah Verifier should select proper roots according to current
GC cycle + [backport] 8225014: Separate ShenandoahRootScanner method for
object_iterate + [backport] 8225216: gc/logging/TestMetaSpaceLog.java doesn't
work for Shenandoah + [backport] 8225573: Shenandoah: Enhance
ShenandoahVerifier to ensure roots to-space invariant + [backport] 8225590:
Shenandoah: Refactor ShenandoahClassLoaderDataRoots API + [backport] 8226413:
Shenandoah: Separate root scanner for SH::object_iterate() + [backport]
8230853: Shenandoah: replace leftover assert(is_in(...)) with rich asserts +
[backport] 8231198: Shenandoah: heap walking should visit all roots most of the
time + [backport] 8231244: Shenandoah: all-roots heap walking misses some weak
roots + [backport] 8237632: Shenandoah: accept NULL fwdptr to cooperate with
JVMTI and JFR + [backport] 8239786: Shenandoah: print per-cycle statistics +
[backport] 8239926: Shenandoah: Shenandoah needs to mark nmethod's metadata +
[backport] 8240671: Shenandoah: refactor ShenandoahPhaseTimings + [backport]
8240749: Shenandoah: refactor ShenandoahUtils + [backport] 8240750: Shenandoah:
remove leftover files and mentions of ShenandoahAllocTracker + [backport]
8240868: Shenandoah: remove CM-with-UR piggybacking cycles + [backport]
8240872: Shenandoah: Avoid updating new regions from start of evacuation +
[backport] 8240873: Shenandoah: Short-cut arraycopy barriers + [backport]
8240915: Shenandoah: Remove unused fields in init mark tasks + [backport]
8240948: Shenandoah: cleanup not-forwarded-objects paths after JDK-8240868 +
[backport] 8241007: Shenandoah: remove ShenandoahCriticalControlThreadPriority
support + [backport] 8241062: Shenandoah: rich asserts trigger "empty
statement" inspection + [backport] 8241081: Shenandoah: Do not modify
update-watermark concurrently + [backport] 8241093: Shenandoah: editorial
changes in flag descriptions + [backport] 8241139: Shenandoah: distribute
mark-compact work exactly to minimize fragmentation + [backport] 8241142:
Shenandoah: should not use parallel reference processing with single GC thread
+ [backport] 8241351: Shenandoah: fragmentation metrics overhaul + [backport]
8241435: Shenandoah: avoid disabling pacing with "aggressive" + [backport]
8241520: Shenandoah: simplify region sequence numbers handling + [backport]
8241534: Shenandoah: region status should include update watermark + [backport]
8241574: Shenandoah: remove ShenandoahAssertToSpaceClosure + [backport]
8241583: Shenandoah: turn heap lock asserts into macros + [backport] 8241668:
Shenandoah: make ShenandoahHeapRegion not derive from ContiguousSpace +
[backport] 8241673: Shenandoah: refactor anti-false-sharing padding +
[backport] 8241675: Shenandoah: assert(n->outcnt() > 0) at
shenandoahSupport.cpp:2858 with java/util/Collections/FindSubList.java +
[backport] 8241692: Shenandoah: remove ShenandoahHeapRegion::_reserved +
[backport] 8241700: Shenandoah: Fold ShenandoahKeepAliveBarrier flag into
ShenandoahSATBBarrier + [backport] 8241740: Shenandoah: remove
ShenandoahHeapRegion::_heap + [backport] 8241743: Shenandoah: refactor and
inline ShenandoahHeap::heap() + [backport] 8241748: Shenandoah: inline
MarkingContext TAMS methods + [backport] 8241838: Shenandoah: no need to trash
cset during final mark + [backport] 8241841: Shenandoah: ditch one of
allocation type counters in ShenandoahHeapRegion + [backport] 8241842:
Shenandoah: inline ShenandoahHeapRegion::region_number + [backport] 8241844:
Shenandoah: rename ShenandoahHeapRegion::region_number + [backport] 8241845:
Shenandoah: align ShenandoahHeapRegions to cache lines + [backport] 8241926:
Shenandoah: only print heap changes for operations that directly affect it +
[backport] 8241983: Shenandoah: simplify FreeSet logging + [backport] 8241985:
Shenandoah: simplify collectable garbage logging + [backport] 8242040:
Shenandoah: print allocation failure type + [backport] 8242041: Shenandoah:
adaptive heuristics should account evac reserve in free target + [backport]
8242042: Shenandoah: tune down ShenandoahGarbageThreshold + [backport] 8242054:
Shenandoah: New incremental-update mode + [backport] 8242075: Shenandoah:
rename ShenandoahHeapRegionSize flag + [backport] 8242082: Shenandoah: Purge
Traversal mode + [backport] 8242083: Shenandoah: split "Prepare Evacuation"
tracking into cset/freeset counters + [backport] 8242089: Shenandoah:
per-worker stats should be summed up, not averaged + [backport] 8242101:
Shenandoah: coalesce and parallelise heap region walks during the pauses +
[backport] 8242114: Shenandoah: remove
ShenandoahHeapRegion::reset_alloc_metadata_to_shared + [backport] 8242130:
Shenandoah: Simplify arraycopy-barrier dispatching + [backport] 8242211:
Shenandoah: remove ShenandoahHeuristics::RegionData::_seqnum_last_alloc +
[backport] 8242212: Shenandoah: initialize ShenandoahHeuristics::_region_data
eagerly + [backport] 8242213: Shenandoah: remove
ShenandoahHeuristics::_bytes_in_cset + [backport] 8242217: Shenandoah: Enable
GC mode to be diagnostic/experimental and have a name + [backport] 8242227:
Shenandoah: transit regions to cset state when adding to collection set +
[backport] 8242228: Shenandoah: remove unused ShenandoahCollectionSet methods +
[backport] 8242229: Shenandoah: inline ShenandoahHeapRegion liveness-related
methods + [backport] 8242267: Shenandoah: regions space needs to be aligned by
os::vm_allocation_granularity() + [backport] 8242271: Shenandoah: add test to
verify GC mode unlock + [backport] 8242273: Shenandoah: accept either SATB or
IU barriers, but not both + [backport] 8242301: Shenandoah: Inline LRB runtime
call + [backport] 8242316: Shenandoah: Turn NULL-check into assert in SATB
slow-path entry + [backport] 8242353: Shenandoah: micro-optimize region
liveness handling + [backport] 8242365: Shenandoah: use uint16_t instead of
jushort for liveness cache + [backport] 8242375: Shenandoah: Remove
ShenandoahHeuristic::record_gc_start/end methods + [backport] 8242641:
Shenandoah: clear live data and update TAMS optimistically + [backport]
8243238: Shenandoah: explicit GC request should wait for a complete GC cycle +
[backport] 8243301: Shenandoah: ditch ShenandoahAllowMixedAllocs + [backport]
8243307: Shenandoah: remove ShCollectionSet::live_data + [backport] 8243395:
Shenandoah: demote guarantee in ShenandoahPhaseTimings::record_workers_end +
[backport] 8243463: Shenandoah: ditch total_pause counters + [backport]
8243464: Shenandoah: print statistic counters in time order + [backport]
8243465: Shenandoah: ditch unused pause_other, conc_other counters + [backport]
8243487: Shenandoah: make _num_phases illegal phase type + [backport] 8243494:
Shenandoah: set counters once per cycle + [backport] 8243573: Shenandoah:
rename GCParPhases and related code + [backport] 8243848: Shenandoah: Windows
build fails after JDK-8239786 + [backport] 8244180: Shenandoah: carry Phase to
ShWorkerTimingsTracker explicitly + [backport] 8244200: Shenandoah: build
breakages after JDK-8241743 + [backport] 8244226: Shenandoah: per-cycle
statistics contain worker data from previous cycles + [backport] 8244326:
Shenandoah: global statistics should not accept bogus samples + [backport]
8244509: Shenandoah: refactor ShenandoahBarrierC2Support::test_* methods +
[backport] 8244551: Shenandoah: Fix racy update of update_watermark +
[backport] 8244667: Shenandoah: SBC2Support::test_gc_state takes loop for wrong
control + [backport] 8244730: Shenandoah: gc/shenandoah/options/ /
TestHeuristicsUnlock.java should only verify the heuristics + [backport]
8244732: Shenandoah: move heuristics code to gc/shenandoah/heuristics +
[backport] 8244737: Shenandoah: move mode code to gc/shenandoah/mode +
[backport] 8244739: Shenandoah: break superclass dependency on
ShenandoahNormalMode + [backport] 8244740: Shenandoah: rename
ShenandoahNormalMode to ShenandoahSATBMode + [backport] 8245461: Shenandoah:
refine mode name()-s + [backport] 8245463: Shenandoah: refine
ShenandoahPhaseTimings constructor arguments + [backport] 8245464: Shenandoah:
allocate collection set bitmap at lower addresses + [backport] 8245465:
Shenandoah: test_in_cset can use more efficient encoding + [backport] 8245726:
Shenandoah: lift/cleanup ShenandoahHeuristics names and properties + [backport]
8245754: Shenandoah: ditch ShenandoahAlwaysPreTouch + [backport] 8245757:
Shenandoah: AlwaysPreTouch should not disable heap resizing or uncommits +
[backport] 8245773: Shenandoah: Windows assertion failure after JDK-8245464 +
[backport] 8245812: Shenandoah: compute root phase parallelism + [backport]
8245814: Shenandoah: reconsider format specifiers for stats + [backport]
8245825: Shenandoah: Remove diagnostic flag ShenandoahConcurrentScanCodeRoots +
[backport] 8246162: Shenandoah: full GC does not mark code roots when class
unloading is off + [backport] 8247310: Shenandoah: pacer should not affect
interrupt status + [backport] 8247358: Shenandoah: reconsider free budget slice
for marking + [backport] 8247367: Shenandoah: pacer should wait on lock instead
of exponential backoff + [backport] 8247474: Shenandoah: Windows build warning
after JDK-8247310 + [backport] 8247560: Shenandoah: heap iteration holds root
locks all the time + [backport] 8247593: Shenandoah: should not block pacing
reporters + [backport] 8247751: Shenandoah: options tests should run with
smaller heaps + [backport] 8247754: Shenandoah: mxbeans tests can be shorter +
[backport] 8247757: Shenandoah: split heavy tests by heuristics to improve
parallelism + [backport] 8247860: Shenandoah: add update watermark line in rich
assert failure message + [backport] 8248041: Shenandoah: pre-Full GC root
updates may miss some roots + [backport] 8248652: Shenandoah: SATB buffer
handling may assume no forwarded objects + [backport] 8249560: Shenandoah: Fix
racy GC request handling + [backport] 8249649: Shenandoah: provide per-cycle
pacing stats + [backport] 8249801: Shenandoah: Clear soft-refs on requested GC
cycle + [backport] 8249953: Shenandoah: gc/shenandoah/mxbeans tests should
account for corner cases + Fix slowdebug build after JDK-8230853 backport +
JDK-8252096: Shenandoah: adjust SerialPageShiftCount for x86_32 and JFR +
JDK-8252366: Shenandoah: revert/cleanup changes in graphKit.cpp + Shenandoah:
add JFR roots to root processor after JFR integration + Shenandoah: add root
statistics for string dedup table/queues + Shenandoah: enable low-frequency STW
class unloading + Shenandoah: fix build failures after JDK-8244737 backport +
Shenandoah: Fix build failure with +JFR -PCH + Shenandoah: fix forceful pacer
claim + Shenandoah: fix formats in ShenandoahStringSymbolTableUnlinkTask +
Shenandoah: fix runtime linking failure due to non-compiled
shenandoahBarrierSetC1 + Shenandoah: hook statistics printing to
PrintGCDetails, not PrintGC + Shenandoah: JNI weak roots are always cleared
before Full GC mark + Shenandoah: missing SystemDictionary roots in
ShenandoahHeapIterationRootScanner + Shenandoah: move barrier sets to their
proper locations + Shenandoah: move parallelCleaning.* to shenandoah/ +
Shenandoah: pacer should use proper Atomics for intptr_t + Shenandoah: properly
deallocates class loader metadata + Shenandoah: specialize String Table scans
for better pause performance + Shenandoah: Zero build fails after recent Atomic
cleanup in Pacer * AArch64 port + JDK-8161072, PR3797: AArch64: jtreg compiler/
uncommontrap/TestDeoptOOM failure + JDK-8171537, PR3797: aarch64: compiler/c1/
Test6849574.java generates guarantee failure in C1 + JDK-8183925, PR3797:
[AArch64] Decouple crash protection from watcher thread + JDK-8199712, PR3797:
[AArch64] Flight Recorder + JDK-8203481, PR3797: Incorrect constraint for
unextended_sp in frame:safe_for_sender + JDK-8203699, PR3797: java/lang/invoke/
SpecialInterfaceCall fails with SIGILL on aarch64 + JDK-8209413, PR3797:
AArch64: NPE in clhsdb jstack command + JDK-8215961, PR3797: jdk/jfr/event/os/
TestCPUInformation.java fails on AArch64 + JDK-8216989, PR3797:
CardTableBarrierSetAssembler::gen_write_ref_array_post_barrier() does not check
for zero length on AARCH64 + JDK-8217368, PR3797: AArch64: C2 recursive stack
locking optimisation not triggered + JDK-8221658, PR3797: aarch64: add
necessary predicate for ubfx patterns + JDK-8237512, PR3797: AArch64:
aarch64TestHook leaks a BufferBlob + JDK-8246482, PR3797: Build failures with
+JFR -PCH + JDK-8247979, PR3797: aarch64: missing side effect of killing flags
for clearArray_reg_reg + JDK-8248219, PR3797: aarch64: missing memory barrier
in fast_storefield and fast_accessfield

  o Ignore whitespaces after the header or footer in PEM X.509 cert (bsc#
    1171352)

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE OpenStack Cloud Crowbar 9:
    zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-3191=1
  o SUSE OpenStack Cloud Crowbar 8:
    zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-3191=1
  o SUSE OpenStack Cloud 9:
    zypper in -t patch SUSE-OpenStack-Cloud-9-2020-3191=1
  o SUSE OpenStack Cloud 8:
    zypper in -t patch SUSE-OpenStack-Cloud-8-2020-3191=1
  o SUSE OpenStack Cloud 7:
    zypper in -t patch SUSE-OpenStack-Cloud-7-2020-3191=1
  o SUSE Linux Enterprise Server for SAP 12-SP4:
    zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-3191=1
  o SUSE Linux Enterprise Server for SAP 12-SP3:
    zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-3191=1
  o SUSE Linux Enterprise Server for SAP 12-SP2:
    zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-3191=1
  o SUSE Linux Enterprise Server 12-SP5:
    zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-3191=1
  o SUSE Linux Enterprise Server 12-SP4-LTSS:
    zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-3191=1
  o SUSE Linux Enterprise Server 12-SP3-LTSS:
    zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-3191=1
  o SUSE Linux Enterprise Server 12-SP3-BCL:
    zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-3191=1
  o SUSE Linux Enterprise Server 12-SP2-LTSS:
    zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-3191=1
  o SUSE Linux Enterprise Server 12-SP2-BCL:
    zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-3191=1
  o SUSE Enterprise Storage 5:
    zypper in -t patch SUSE-Storage-5-2020-3191=1
  o HPE Helion Openstack 8:
    zypper in -t patch HPE-Helion-OpenStack-8-2020-3191=1

Package List:

  o SUSE OpenStack Cloud Crowbar 9 (x86_64):
       java-1_8_0-openjdk-1.8.0.272-27.48.1
       java-1_8_0-openjdk-debuginfo-1.8.0.272-27.48.1
       java-1_8_0-openjdk-debugsource-1.8.0.272-27.48.1
       java-1_8_0-openjdk-demo-1.8.0.272-27.48.1
       java-1_8_0-openjdk-demo-debuginfo-1.8.0.272-27.48.1
       java-1_8_0-openjdk-devel-1.8.0.272-27.48.1
       java-1_8_0-openjdk-devel-debuginfo-1.8.0.272-27.48.1
       java-1_8_0-openjdk-headless-1.8.0.272-27.48.1
       java-1_8_0-openjdk-headless-debuginfo-1.8.0.272-27.48.1
  o SUSE OpenStack Cloud Crowbar 8 (x86_64):
       java-1_8_0-openjdk-1.8.0.272-27.48.1
       java-1_8_0-openjdk-debuginfo-1.8.0.272-27.48.1
       java-1_8_0-openjdk-debugsource-1.8.0.272-27.48.1
       java-1_8_0-openjdk-demo-1.8.0.272-27.48.1
       java-1_8_0-openjdk-demo-debuginfo-1.8.0.272-27.48.1
       java-1_8_0-openjdk-devel-1.8.0.272-27.48.1
       java-1_8_0-openjdk-devel-debuginfo-1.8.0.272-27.48.1
       java-1_8_0-openjdk-headless-1.8.0.272-27.48.1
       java-1_8_0-openjdk-headless-debuginfo-1.8.0.272-27.48.1
  o SUSE OpenStack Cloud 9 (x86_64):
       java-1_8_0-openjdk-1.8.0.272-27.48.1
       java-1_8_0-openjdk-debuginfo-1.8.0.272-27.48.1
       java-1_8_0-openjdk-debugsource-1.8.0.272-27.48.1
       java-1_8_0-openjdk-demo-1.8.0.272-27.48.1
       java-1_8_0-openjdk-demo-debuginfo-1.8.0.272-27.48.1
       java-1_8_0-openjdk-devel-1.8.0.272-27.48.1
       java-1_8_0-openjdk-devel-debuginfo-1.8.0.272-27.48.1
       java-1_8_0-openjdk-headless-1.8.0.272-27.48.1
       java-1_8_0-openjdk-headless-debuginfo-1.8.0.272-27.48.1
  o SUSE OpenStack Cloud 8 (x86_64):
       java-1_8_0-openjdk-1.8.0.272-27.48.1
       java-1_8_0-openjdk-debuginfo-1.8.0.272-27.48.1
       java-1_8_0-openjdk-debugsource-1.8.0.272-27.48.1
       java-1_8_0-openjdk-demo-1.8.0.272-27.48.1
       java-1_8_0-openjdk-demo-debuginfo-1.8.0.272-27.48.1
       java-1_8_0-openjdk-devel-1.8.0.272-27.48.1
       java-1_8_0-openjdk-devel-debuginfo-1.8.0.272-27.48.1
       java-1_8_0-openjdk-headless-1.8.0.272-27.48.1
       java-1_8_0-openjdk-headless-debuginfo-1.8.0.272-27.48.1
  o SUSE OpenStack Cloud 7 (s390x x86_64):
       java-1_8_0-openjdk-1.8.0.272-27.48.1
       java-1_8_0-openjdk-debuginfo-1.8.0.272-27.48.1
       java-1_8_0-openjdk-debugsource-1.8.0.272-27.48.1
       java-1_8_0-openjdk-demo-1.8.0.272-27.48.1
       java-1_8_0-openjdk-demo-debuginfo-1.8.0.272-27.48.1
       java-1_8_0-openjdk-devel-1.8.0.272-27.48.1
       java-1_8_0-openjdk-devel-debuginfo-1.8.0.272-27.48.1
       java-1_8_0-openjdk-headless-1.8.0.272-27.48.1
       java-1_8_0-openjdk-headless-debuginfo-1.8.0.272-27.48.1
  o SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64):
       java-1_8_0-openjdk-1.8.0.272-27.48.1
       java-1_8_0-openjdk-debuginfo-1.8.0.272-27.48.1
       java-1_8_0-openjdk-debugsource-1.8.0.272-27.48.1
       java-1_8_0-openjdk-demo-1.8.0.272-27.48.1
       java-1_8_0-openjdk-demo-debuginfo-1.8.0.272-27.48.1
       java-1_8_0-openjdk-devel-1.8.0.272-27.48.1
       java-1_8_0-openjdk-devel-debuginfo-1.8.0.272-27.48.1
       java-1_8_0-openjdk-headless-1.8.0.272-27.48.1
       java-1_8_0-openjdk-headless-debuginfo-1.8.0.272-27.48.1
  o SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64):
       java-1_8_0-openjdk-1.8.0.272-27.48.1
       java-1_8_0-openjdk-debuginfo-1.8.0.272-27.48.1
       java-1_8_0-openjdk-debugsource-1.8.0.272-27.48.1
       java-1_8_0-openjdk-demo-1.8.0.272-27.48.1
       java-1_8_0-openjdk-demo-debuginfo-1.8.0.272-27.48.1
       java-1_8_0-openjdk-devel-1.8.0.272-27.48.1
       java-1_8_0-openjdk-devel-debuginfo-1.8.0.272-27.48.1
       java-1_8_0-openjdk-headless-1.8.0.272-27.48.1
       java-1_8_0-openjdk-headless-debuginfo-1.8.0.272-27.48.1
  o SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64):
       java-1_8_0-openjdk-1.8.0.272-27.48.1
       java-1_8_0-openjdk-debuginfo-1.8.0.272-27.48.1
       java-1_8_0-openjdk-debugsource-1.8.0.272-27.48.1
       java-1_8_0-openjdk-demo-1.8.0.272-27.48.1
       java-1_8_0-openjdk-demo-debuginfo-1.8.0.272-27.48.1
       java-1_8_0-openjdk-devel-1.8.0.272-27.48.1
       java-1_8_0-openjdk-devel-debuginfo-1.8.0.272-27.48.1
       java-1_8_0-openjdk-headless-1.8.0.272-27.48.1
       java-1_8_0-openjdk-headless-debuginfo-1.8.0.272-27.48.1
  o SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
       java-1_8_0-openjdk-1.8.0.272-27.48.1
       java-1_8_0-openjdk-debuginfo-1.8.0.272-27.48.1
       java-1_8_0-openjdk-debugsource-1.8.0.272-27.48.1
       java-1_8_0-openjdk-demo-1.8.0.272-27.48.1
       java-1_8_0-openjdk-demo-debuginfo-1.8.0.272-27.48.1
       java-1_8_0-openjdk-devel-1.8.0.272-27.48.1
       java-1_8_0-openjdk-devel-debuginfo-1.8.0.272-27.48.1
       java-1_8_0-openjdk-headless-1.8.0.272-27.48.1
       java-1_8_0-openjdk-headless-debuginfo-1.8.0.272-27.48.1
  o SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64):
       java-1_8_0-openjdk-1.8.0.272-27.48.1
       java-1_8_0-openjdk-debuginfo-1.8.0.272-27.48.1
       java-1_8_0-openjdk-debugsource-1.8.0.272-27.48.1
       java-1_8_0-openjdk-demo-1.8.0.272-27.48.1
       java-1_8_0-openjdk-demo-debuginfo-1.8.0.272-27.48.1
       java-1_8_0-openjdk-devel-1.8.0.272-27.48.1
       java-1_8_0-openjdk-devel-debuginfo-1.8.0.272-27.48.1
       java-1_8_0-openjdk-headless-1.8.0.272-27.48.1
       java-1_8_0-openjdk-headless-debuginfo-1.8.0.272-27.48.1
  o SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64):
       java-1_8_0-openjdk-1.8.0.272-27.48.1
       java-1_8_0-openjdk-debuginfo-1.8.0.272-27.48.1
       java-1_8_0-openjdk-debugsource-1.8.0.272-27.48.1
       java-1_8_0-openjdk-demo-1.8.0.272-27.48.1
       java-1_8_0-openjdk-demo-debuginfo-1.8.0.272-27.48.1
       java-1_8_0-openjdk-devel-1.8.0.272-27.48.1
       java-1_8_0-openjdk-devel-debuginfo-1.8.0.272-27.48.1
       java-1_8_0-openjdk-headless-1.8.0.272-27.48.1
       java-1_8_0-openjdk-headless-debuginfo-1.8.0.272-27.48.1
  o SUSE Linux Enterprise Server 12-SP3-BCL (x86_64):
       java-1_8_0-openjdk-1.8.0.272-27.48.1
       java-1_8_0-openjdk-debuginfo-1.8.0.272-27.48.1
       java-1_8_0-openjdk-debugsource-1.8.0.272-27.48.1
       java-1_8_0-openjdk-demo-1.8.0.272-27.48.1
       java-1_8_0-openjdk-demo-debuginfo-1.8.0.272-27.48.1
       java-1_8_0-openjdk-devel-1.8.0.272-27.48.1
       java-1_8_0-openjdk-devel-debuginfo-1.8.0.272-27.48.1
       java-1_8_0-openjdk-headless-1.8.0.272-27.48.1
       java-1_8_0-openjdk-headless-debuginfo-1.8.0.272-27.48.1
  o SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64):
       java-1_8_0-openjdk-1.8.0.272-27.48.1
       java-1_8_0-openjdk-debuginfo-1.8.0.272-27.48.1
       java-1_8_0-openjdk-debugsource-1.8.0.272-27.48.1
       java-1_8_0-openjdk-demo-1.8.0.272-27.48.1
       java-1_8_0-openjdk-demo-debuginfo-1.8.0.272-27.48.1
       java-1_8_0-openjdk-devel-1.8.0.272-27.48.1
       java-1_8_0-openjdk-devel-debuginfo-1.8.0.272-27.48.1
       java-1_8_0-openjdk-headless-1.8.0.272-27.48.1
       java-1_8_0-openjdk-headless-debuginfo-1.8.0.272-27.48.1
  o SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):
       java-1_8_0-openjdk-1.8.0.272-27.48.1
       java-1_8_0-openjdk-debuginfo-1.8.0.272-27.48.1
       java-1_8_0-openjdk-debugsource-1.8.0.272-27.48.1
       java-1_8_0-openjdk-demo-1.8.0.272-27.48.1
       java-1_8_0-openjdk-demo-debuginfo-1.8.0.272-27.48.1
       java-1_8_0-openjdk-devel-1.8.0.272-27.48.1
       java-1_8_0-openjdk-devel-debuginfo-1.8.0.272-27.48.1
       java-1_8_0-openjdk-headless-1.8.0.272-27.48.1
       java-1_8_0-openjdk-headless-debuginfo-1.8.0.272-27.48.1
  o SUSE Enterprise Storage 5 (aarch64 x86_64):
       java-1_8_0-openjdk-1.8.0.272-27.48.1
       java-1_8_0-openjdk-debuginfo-1.8.0.272-27.48.1
       java-1_8_0-openjdk-debugsource-1.8.0.272-27.48.1
       java-1_8_0-openjdk-demo-1.8.0.272-27.48.1
       java-1_8_0-openjdk-demo-debuginfo-1.8.0.272-27.48.1
       java-1_8_0-openjdk-devel-1.8.0.272-27.48.1
       java-1_8_0-openjdk-devel-debuginfo-1.8.0.272-27.48.1
       java-1_8_0-openjdk-headless-1.8.0.272-27.48.1
       java-1_8_0-openjdk-headless-debuginfo-1.8.0.272-27.48.1
  o HPE Helion Openstack 8 (x86_64):
       java-1_8_0-openjdk-1.8.0.272-27.48.1
       java-1_8_0-openjdk-debuginfo-1.8.0.272-27.48.1
       java-1_8_0-openjdk-debugsource-1.8.0.272-27.48.1
       java-1_8_0-openjdk-demo-1.8.0.272-27.48.1
       java-1_8_0-openjdk-demo-debuginfo-1.8.0.272-27.48.1
       java-1_8_0-openjdk-devel-1.8.0.272-27.48.1
       java-1_8_0-openjdk-devel-debuginfo-1.8.0.272-27.48.1
       java-1_8_0-openjdk-headless-1.8.0.272-27.48.1
       java-1_8_0-openjdk-headless-debuginfo-1.8.0.272-27.48.1


References:

  o https://www.suse.com/security/cve/CVE-2020-14556.html
  o https://www.suse.com/security/cve/CVE-2020-14577.html
  o https://www.suse.com/security/cve/CVE-2020-14578.html
  o https://www.suse.com/security/cve/CVE-2020-14579.html
  o https://www.suse.com/security/cve/CVE-2020-14581.html
  o https://www.suse.com/security/cve/CVE-2020-14583.html
  o https://www.suse.com/security/cve/CVE-2020-14593.html
  o https://www.suse.com/security/cve/CVE-2020-14621.html
  o https://www.suse.com/security/cve/CVE-2020-14779.html
  o https://www.suse.com/security/cve/CVE-2020-14781.html
  o https://www.suse.com/security/cve/CVE-2020-14782.html
  o https://www.suse.com/security/cve/CVE-2020-14792.html
  o https://www.suse.com/security/cve/CVE-2020-14796.html
  o https://www.suse.com/security/cve/CVE-2020-14797.html
  o https://www.suse.com/security/cve/CVE-2020-14798.html
  o https://www.suse.com/security/cve/CVE-2020-14803.html
  o https://bugzilla.suse.com/1171352
  o https://bugzilla.suse.com/1174157
  o https://bugzilla.suse.com/1177943

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX6i6meNLKJtyKPYoAQjqEQ/8C/BmcKfFe5CgdeqZAegvC3UycJHG0kYp
CjOFCxbvdz9xXJTAM5yUyB2sx+5rMbAaEZgvOf3m6ZLd90Sl06sltzX6wLApzp6y
IXJXAsCxHShiG1XSIqplnRxxqFeaskhPaQolTnkMy0Mm7XmcCsfT90Imr1eYFETM
8gciSZI81YmFrmX5YMKTBxUmzAzAK2F96tY3kwn4elNXptimRy2pTaau+BO/p2GG
s6TeOwo+GbpGFS0TL7mzrwvPUWtTRfXJADpBSXazuKbkjHZd8Tke6rws8rDQGJo5
TwoZ0dF7XoXK8dVfnLi5TMAQ6AwiiIv7fPqIdTQT9L97Zmk3it6L62dNvIoXtxKT
is5YybnJKnD/3bczubafyvzTmAVcG97wDk7DpvbNyLV4uLp9d0jCCsKyCl65DwUH
huZB/GnCL4EdNm2Bj453OvdX62Lj2xmYd4kNfTeOLsfF0ieUiicM1GdH67meNquu
X7De2cCZL3d4dO/VGI/ZAYQv3XR6+owHwqCKcvIf8sZco47im0RtztlEMx8Cq7oL
KdMpuL4iylZWqIcWYNVcgrYgGjuFrCitQmyqcQAKCDQSYgxIPFSvWyvmkidTw4Es
l4EZThosBh57KzuuXEQJ8QJo0g1l82TcdfG/+TWaJeobGfz7yb3YCA6a5axxe0xn
vH2QwU73BP0=
=Uick
-----END PGP SIGNATURE-----