Jump to content
Compatible Support Forums
Sign in to follow this  
news

[security-announce] SUSE-SU-2017:2175-1: important: Security update for java-1_8_0-openjdk

Recommended Posts

SUSE Security Update: Security update for java-1_8_0-openjdk

______________________________________________________________________________

 

Announcement ID: SUSE-SU-2017:2175-1

Rating: important

References: #1049302 #1049305 #1049306 #1049307 #1049308

#1049309 #1049310 #1049311 #1049312 #1049313

#1049314 #1049315 #1049316 #1049317 #1049318

#1049319 #1049320 #1049321 #1049322 #1049323

#1049324 #1049325 #1049326 #1049327 #1049328

#1049329 #1049330 #1049331 #1049332

Cross-References: CVE-2017-10053 CVE-2017-10067 CVE-2017-10074

CVE-2017-10078 CVE-2017-10081 CVE-2017-10086

CVE-2017-10087 CVE-2017-10089 CVE-2017-10090

CVE-2017-10096 CVE-2017-10101 CVE-2017-10102

CVE-2017-10105 CVE-2017-10107 CVE-2017-10108

CVE-2017-10109 CVE-2017-10110 CVE-2017-10111

CVE-2017-10114 CVE-2017-10115 CVE-2017-10116

CVE-2017-10118 CVE-2017-10125 CVE-2017-10135

CVE-2017-10176 CVE-2017-10193 CVE-2017-10198

CVE-2017-10243

Affected Products:

SUSE OpenStack Cloud 6

SUSE Linux Enterprise Server for SAP 12-SP1

SUSE Linux Enterprise Server for Raspberry Pi 12-SP2

SUSE Linux Enterprise Server 12-SP3

SUSE Linux Enterprise Server 12-SP2

SUSE Linux Enterprise Server 12-SP1-LTSS

SUSE Linux Enterprise Desktop 12-SP3

SUSE Linux Enterprise Desktop 12-SP2

______________________________________________________________________________

 

An update that solves 28 vulnerabilities and has one errata

is now available.

 

Description:

 

This java-1_8_0-openjdk update to version jdk8u141 (icedtea 3.5.0) fixes

the following issues:

 

Security issues fixed:

- CVE-2017-10053: Improved image post-processing steps (bsc#1049305)

- CVE-2017-10067: Additional jar validation steps (bsc#1049306)

- CVE-2017-10074: Image conversion improvements (bsc#1049307)

- CVE-2017-10078: Better script accessibility for JavaScript (bsc#1049308)

- CVE-2017-10081: Right parenthesis issue (bsc#1049309)

- CVE-2017-10086: Unspecified vulnerability in subcomponent JavaFX

(bsc#1049310)

- CVE-2017-10087: Better Thread Pool execution (bsc#1049311)

- CVE-2017-10089: Service Registration Lifecycle (bsc#1049312)

- CVE-2017-10090: Better handling of channel groups (bsc#1049313)

- CVE-2017-10096: Transform Transformer Exceptions (bsc#1049314)

- CVE-2017-10101: Better reading of text catalogs (bsc#1049315)

- CVE-2017-10102: Improved garbage collection (bsc#1049316)

- CVE-2017-10105: Unspecified vulnerability in subcomponent deployment

(bsc#1049317)

- CVE-2017-10107: Less Active Activations (bsc#1049318)

- CVE-2017-10108: Better naming attribution (bsc#1049319)

- CVE-2017-10109: Better sourcing of code (bsc#1049320)

- CVE-2017-10110: Better image fetching (bsc#1049321)

- CVE-2017-10111: Rearrange MethodHandle arrangements (bsc#1049322)

- CVE-2017-10114: Unspecified vulnerability in subcomponent JavaFX

(bsc#1049323)

- CVE-2017-10115: Higher quality DSA operations (bsc#1049324)

- CVE-2017-10116: Proper directory lookup processing (bsc#1049325)

- CVE-2017-10118: Higher quality ECDSA operations (bsc#1049326)

- CVE-2017-10125: Unspecified vulnerability in subcomponent deployment

(bsc#1049327)

- CVE-2017-10135: Better handling of PKCS8 material (bsc#1049328)

- CVE-2017-10176: Additional elliptic curve support (bsc#1049329)

- CVE-2017-10193: Improve algorithm constraints implementation

(bsc#1049330)

- CVE-2017-10198: Clear certificate chain connections (bsc#1049331)

- CVE-2017-10243: Unspecified vulnerability in subcomponent JAX-WS

(bsc#1049332)

 

Bug fixes:

- Check registry registration location

- Improved certificate processing

- JMX diagnostic improvements

- Update to libpng 1.6.28

- Import of OpenJDK 8 u141 build 15 (bsc#1049302)

 

New features:

- Support using RSAandMGF1 with the SHA hash algorithms in the PKCS11

provider

 

 

Patch Instructions:

 

To install this SUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

 

- SUSE OpenStack Cloud 6:

 

zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1337=1

 

- SUSE Linux Enterprise Server for SAP 12-SP1:

 

zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1337=1

 

- SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:

 

zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1337=1

 

- SUSE Linux Enterprise Server 12-SP3:

 

zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1337=1

 

- SUSE Linux Enterprise Server 12-SP2:

 

zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1337=1

 

- SUSE Linux Enterprise Server 12-SP1-LTSS:

 

zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1337=1

 

- SUSE Linux Enterprise Desktop 12-SP3:

 

zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1337=1

 

- SUSE Linux Enterprise Desktop 12-SP2:

 

zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1337=1

 

To bring your system up-to-date, use "zypper patch".

 

 

Package List:

 

- SUSE OpenStack Cloud 6 (x86_64):

 

java-1_8_0-openjdk-1.8.0.144-27.5.3

java-1_8_0-openjdk-debuginfo-1.8.0.144-27.5.3

java-1_8_0-openjdk-debugsource-1.8.0.144-27.5.3

java-1_8_0-openjdk-demo-1.8.0.144-27.5.3

java-1_8_0-openjdk-demo-debuginfo-1.8.0.144-27.5.3

java-1_8_0-openjdk-devel-1.8.0.144-27.5.3

java-1_8_0-openjdk-headless-1.8.0.144-27.5.3

java-1_8_0-openjdk-headless-debuginfo-1.8.0.144-27.5.3

 

- SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64):

 

java-1_8_0-openjdk-1.8.0.144-27.5.3

java-1_8_0-openjdk-debuginfo-1.8.0.144-27.5.3

java-1_8_0-openjdk-debugsource-1.8.0.144-27.5.3

java-1_8_0-openjdk-demo-1.8.0.144-27.5.3

java-1_8_0-openjdk-demo-debuginfo-1.8.0.144-27.5.3

java-1_8_0-openjdk-devel-1.8.0.144-27.5.3

java-1_8_0-openjdk-headless-1.8.0.144-27.5.3

java-1_8_0-openjdk-headless-debuginfo-1.8.0.144-27.5.3

 

- SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64):

 

java-1_8_0-openjdk-1.8.0.144-27.5.3

java-1_8_0-openjdk-debuginfo-1.8.0.144-27.5.3

java-1_8_0-openjdk-debugsource-1.8.0.144-27.5.3

java-1_8_0-openjdk-demo-1.8.0.144-27.5.3

java-1_8_0-openjdk-demo-debuginfo-1.8.0.144-27.5.3

java-1_8_0-openjdk-devel-1.8.0.144-27.5.3

java-1_8_0-openjdk-devel-debuginfo-1.8.0.144-27.5.3

java-1_8_0-openjdk-headless-1.8.0.144-27.5.3

java-1_8_0-openjdk-headless-debuginfo-1.8.0.144-27.5.3

 

- SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64):

 

java-1_8_0-openjdk-1.8.0.144-27.5.3

java-1_8_0-openjdk-debuginfo-1.8.0.144-27.5.3

java-1_8_0-openjdk-debugsource-1.8.0.144-27.5.3

java-1_8_0-openjdk-demo-1.8.0.144-27.5.3

java-1_8_0-openjdk-demo-debuginfo-1.8.0.144-27.5.3

java-1_8_0-openjdk-devel-1.8.0.144-27.5.3

java-1_8_0-openjdk-devel-debuginfo-1.8.0.144-27.5.3

java-1_8_0-openjdk-headless-1.8.0.144-27.5.3

java-1_8_0-openjdk-headless-debuginfo-1.8.0.144-27.5.3

 

- SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64):

 

java-1_8_0-openjdk-1.8.0.144-27.5.3

java-1_8_0-openjdk-debuginfo-1.8.0.144-27.5.3

java-1_8_0-openjdk-debugsource-1.8.0.144-27.5.3

java-1_8_0-openjdk-demo-1.8.0.144-27.5.3

java-1_8_0-openjdk-demo-debuginfo-1.8.0.144-27.5.3

java-1_8_0-openjdk-devel-1.8.0.144-27.5.3

java-1_8_0-openjdk-devel-debuginfo-1.8.0.144-27.5.3

java-1_8_0-openjdk-headless-1.8.0.144-27.5.3

java-1_8_0-openjdk-headless-debuginfo-1.8.0.144-27.5.3

 

- SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64):

 

java-1_8_0-openjdk-1.8.0.144-27.5.3

java-1_8_0-openjdk-debuginfo-1.8.0.144-27.5.3

java-1_8_0-openjdk-debugsource-1.8.0.144-27.5.3

java-1_8_0-openjdk-demo-1.8.0.144-27.5.3

java-1_8_0-openjdk-demo-debuginfo-1.8.0.144-27.5.3

java-1_8_0-openjdk-devel-1.8.0.144-27.5.3

java-1_8_0-openjdk-headless-1.8.0.144-27.5.3

java-1_8_0-openjdk-headless-debuginfo-1.8.0.144-27.5.3

 

- SUSE Linux Enterprise Desktop 12-SP3 (x86_64):

 

java-1_8_0-openjdk-1.8.0.144-27.5.3

java-1_8_0-openjdk-debuginfo-1.8.0.144-27.5.3

java-1_8_0-openjdk-debugsource-1.8.0.144-27.5.3

java-1_8_0-openjdk-headless-1.8.0.144-27.5.3

java-1_8_0-openjdk-headless-debuginfo-1.8.0.144-27.5.3

 

- SUSE Linux Enterprise Desktop 12-SP2 (x86_64):

 

java-1_8_0-openjdk-1.8.0.144-27.5.3

java-1_8_0-openjdk-debuginfo-1.8.0.144-27.5.3

java-1_8_0-openjdk-debugsource-1.8.0.144-27.5.3

java-1_8_0-openjdk-headless-1.8.0.144-27.5.3

java-1_8_0-openjdk-headless-debuginfo-1.8.0.144-27.5.3

 

 

References:

 

https://www.suse.com/security/cve/CVE-2017-10053.html

https://www.suse.com/security/cve/CVE-2017-10067.html

https://www.suse.com/security/cve/CVE-2017-10074.html

https://www.suse.com/security/cve/CVE-2017-10078.html

https://www.suse.com/security/cve/CVE-2017-10081.html

https://www.suse.com/security/cve/CVE-2017-10086.html

https://www.suse.com/security/cve/CVE-2017-10087.html

https://www.suse.com/security/cve/CVE-2017-10089.html

https://www.suse.com/security/cve/CVE-2017-10090.html

https://www.suse.com/security/cve/CVE-2017-10096.html

https://www.suse.com/security/cve/CVE-2017-10101.html

https://www.suse.com/security/cve/CVE-2017-10102.html

https://www.suse.com/security/cve/CVE-2017-10105.html

https://www.suse.com/security/cve/CVE-2017-10107.html

https://www.suse.com/security/cve/CVE-2017-10108.html

https://www.suse.com/security/cve/CVE-2017-10109.html

https://www.suse.com/security/cve/CVE-2017-10110.html

https://www.suse.com/security/cve/CVE-2017-10111.html

https://www.suse.com/security/cve/CVE-2017-10114.html

https://www.suse.com/security/cve/CVE-2017-10115.html

https://www.suse.com/security/cve/CVE-2017-10116.html

https://www.suse.com/security/cve/CVE-2017-10118.html

https://www.suse.com/security/cve/CVE-2017-10125.html

https://www.suse.com/security/cve/CVE-2017-10135.html

https://www.suse.com/security/cve/CVE-2017-10176.html

https://www.suse.com/security/cve/CVE-2017-10193.html

https://www.suse.com/security/cve/CVE-2017-10198.html

https://www.suse.com/security/cve/CVE-2017-10243.html

https://bugzilla.suse.com/1049302

https://bugzilla.suse.com/1049305

https://bugzilla.suse.com/1049306

https://bugzilla.suse.com/1049307

https://bugzilla.suse.com/1049308

https://bugzilla.suse.com/1049309

https://bugzilla.suse.com/1049310

https://bugzilla.suse.com/1049311

https://bugzilla.suse.com/1049312

https://bugzilla.suse.com/1049313

https://bugzilla.suse.com/1049314

https://bugzilla.suse.com/1049315

https://bugzilla.suse.com/1049316

https://bugzilla.suse.com/1049317

https://bugzilla.suse.com/1049318

https://bugzilla.suse.com/1049319

https://bugzilla.suse.com/1049320

https://bugzilla.suse.com/1049321

https://bugzilla.suse.com/1049322

https://bugzilla.suse.com/1049323

https://bugzilla.suse.com/1049324

https://bugzilla.suse.com/1049325

https://bugzilla.suse.com/1049326

https://bugzilla.suse.com/1049327

https://bugzilla.suse.com/1049328

https://bugzilla.suse.com/1049329

https://bugzilla.suse.com/1049330

https://bugzilla.suse.com/1049331

https://bugzilla.suse.com/1049332

 

--

To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org

For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org

 

 

 

Share this post


Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×