SUSE-SU-2017:2175-1: important: Security update for java-1_8_0-openjdk

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Wed Aug 16 07:08:28 MDT 2017


   SUSE Security Update: Security update for java-1_8_0-openjdk
______________________________________________________________________________

Announcement ID:    SUSE-SU-2017:2175-1
Rating:             important
References:         #1049302 #1049305 #1049306 #1049307 #1049308 
                    #1049309 #1049310 #1049311 #1049312 #1049313 
                    #1049314 #1049315 #1049316 #1049317 #1049318 
                    #1049319 #1049320 #1049321 #1049322 #1049323 
                    #1049324 #1049325 #1049326 #1049327 #1049328 
                    #1049329 #1049330 #1049331 #1049332 
Cross-References:   CVE-2017-10053 CVE-2017-10067 CVE-2017-10074
                    CVE-2017-10078 CVE-2017-10081 CVE-2017-10086
                    CVE-2017-10087 CVE-2017-10089 CVE-2017-10090
                    CVE-2017-10096 CVE-2017-10101 CVE-2017-10102
                    CVE-2017-10105 CVE-2017-10107 CVE-2017-10108
                    CVE-2017-10109 CVE-2017-10110 CVE-2017-10111
                    CVE-2017-10114 CVE-2017-10115 CVE-2017-10116
                    CVE-2017-10118 CVE-2017-10125 CVE-2017-10135
                    CVE-2017-10176 CVE-2017-10193 CVE-2017-10198
                    CVE-2017-10243
Affected Products:
                    SUSE OpenStack Cloud 6
                    SUSE Linux Enterprise Server for SAP 12-SP1
                    SUSE Linux Enterprise Server for Raspberry Pi 12-SP2
                    SUSE Linux Enterprise Server 12-SP3
                    SUSE Linux Enterprise Server 12-SP2
                    SUSE Linux Enterprise Server 12-SP1-LTSS
                    SUSE Linux Enterprise Desktop 12-SP3
                    SUSE Linux Enterprise Desktop 12-SP2
______________________________________________________________________________

   An update that solves 28 vulnerabilities and has one errata
   is now available.

Description:

   This java-1_8_0-openjdk update to version jdk8u141 (icedtea 3.5.0) fixes
   the following issues:

   Security issues fixed:
   - CVE-2017-10053: Improved image post-processing steps (bsc#1049305)
   - CVE-2017-10067: Additional jar validation steps (bsc#1049306)
   - CVE-2017-10074: Image conversion improvements (bsc#1049307)
   - CVE-2017-10078: Better script accessibility for JavaScript (bsc#1049308)
   - CVE-2017-10081: Right parenthesis issue (bsc#1049309)
   - CVE-2017-10086: Unspecified vulnerability in subcomponent JavaFX
     (bsc#1049310)
   - CVE-2017-10087: Better Thread Pool execution (bsc#1049311)
   - CVE-2017-10089: Service Registration Lifecycle (bsc#1049312)
   - CVE-2017-10090: Better handling of channel groups (bsc#1049313)
   - CVE-2017-10096: Transform Transformer Exceptions (bsc#1049314)
   - CVE-2017-10101: Better reading of text catalogs (bsc#1049315)
   - CVE-2017-10102: Improved garbage collection (bsc#1049316)
   - CVE-2017-10105: Unspecified vulnerability in subcomponent deployment
     (bsc#1049317)
   - CVE-2017-10107: Less Active Activations (bsc#1049318)
   - CVE-2017-10108: Better naming attribution (bsc#1049319)
   - CVE-2017-10109: Better sourcing of code (bsc#1049320)
   - CVE-2017-10110: Better image fetching (bsc#1049321)
   - CVE-2017-10111: Rearrange MethodHandle arrangements (bsc#1049322)
   - CVE-2017-10114: Unspecified vulnerability in subcomponent JavaFX
     (bsc#1049323)
   - CVE-2017-10115: Higher quality DSA operations (bsc#1049324)
   - CVE-2017-10116: Proper directory lookup processing (bsc#1049325)
   - CVE-2017-10118: Higher quality ECDSA operations (bsc#1049326)
   - CVE-2017-10125: Unspecified vulnerability in subcomponent deployment
     (bsc#1049327)
   - CVE-2017-10135: Better handling of PKCS8 material (bsc#1049328)
   - CVE-2017-10176: Additional elliptic curve support (bsc#1049329)
   - CVE-2017-10193: Improve algorithm constraints implementation
     (bsc#1049330)
   - CVE-2017-10198: Clear certificate chain connections (bsc#1049331)
   - CVE-2017-10243: Unspecified vulnerability in subcomponent JAX-WS
     (bsc#1049332)

   Bug fixes:
   - Check registry registration location
   - Improved certificate processing
   - JMX diagnostic improvements
   - Update to libpng 1.6.28
   - Import of OpenJDK 8 u141 build 15 (bsc#1049302)

   New features:
   - Support using RSAandMGF1 with the SHA hash algorithms in the PKCS11
     provider


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE OpenStack Cloud 6:

      zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1337=1

   - SUSE Linux Enterprise Server for SAP 12-SP1:

      zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1337=1

   - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:

      zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1337=1

   - SUSE Linux Enterprise Server 12-SP3:

      zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1337=1

   - SUSE Linux Enterprise Server 12-SP2:

      zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1337=1

   - SUSE Linux Enterprise Server 12-SP1-LTSS:

      zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1337=1

   - SUSE Linux Enterprise Desktop 12-SP3:

      zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1337=1

   - SUSE Linux Enterprise Desktop 12-SP2:

      zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1337=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE OpenStack Cloud 6 (x86_64):

      java-1_8_0-openjdk-1.8.0.144-27.5.3
      java-1_8_0-openjdk-debuginfo-1.8.0.144-27.5.3
      java-1_8_0-openjdk-debugsource-1.8.0.144-27.5.3
      java-1_8_0-openjdk-demo-1.8.0.144-27.5.3
      java-1_8_0-openjdk-demo-debuginfo-1.8.0.144-27.5.3
      java-1_8_0-openjdk-devel-1.8.0.144-27.5.3
      java-1_8_0-openjdk-headless-1.8.0.144-27.5.3
      java-1_8_0-openjdk-headless-debuginfo-1.8.0.144-27.5.3

   - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64):

      java-1_8_0-openjdk-1.8.0.144-27.5.3
      java-1_8_0-openjdk-debuginfo-1.8.0.144-27.5.3
      java-1_8_0-openjdk-debugsource-1.8.0.144-27.5.3
      java-1_8_0-openjdk-demo-1.8.0.144-27.5.3
      java-1_8_0-openjdk-demo-debuginfo-1.8.0.144-27.5.3
      java-1_8_0-openjdk-devel-1.8.0.144-27.5.3
      java-1_8_0-openjdk-headless-1.8.0.144-27.5.3
      java-1_8_0-openjdk-headless-debuginfo-1.8.0.144-27.5.3

   - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64):

      java-1_8_0-openjdk-1.8.0.144-27.5.3
      java-1_8_0-openjdk-debuginfo-1.8.0.144-27.5.3
      java-1_8_0-openjdk-debugsource-1.8.0.144-27.5.3
      java-1_8_0-openjdk-demo-1.8.0.144-27.5.3
      java-1_8_0-openjdk-demo-debuginfo-1.8.0.144-27.5.3
      java-1_8_0-openjdk-devel-1.8.0.144-27.5.3
      java-1_8_0-openjdk-devel-debuginfo-1.8.0.144-27.5.3
      java-1_8_0-openjdk-headless-1.8.0.144-27.5.3
      java-1_8_0-openjdk-headless-debuginfo-1.8.0.144-27.5.3

   - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64):

      java-1_8_0-openjdk-1.8.0.144-27.5.3
      java-1_8_0-openjdk-debuginfo-1.8.0.144-27.5.3
      java-1_8_0-openjdk-debugsource-1.8.0.144-27.5.3
      java-1_8_0-openjdk-demo-1.8.0.144-27.5.3
      java-1_8_0-openjdk-demo-debuginfo-1.8.0.144-27.5.3
      java-1_8_0-openjdk-devel-1.8.0.144-27.5.3
      java-1_8_0-openjdk-devel-debuginfo-1.8.0.144-27.5.3
      java-1_8_0-openjdk-headless-1.8.0.144-27.5.3
      java-1_8_0-openjdk-headless-debuginfo-1.8.0.144-27.5.3

   - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64):

      java-1_8_0-openjdk-1.8.0.144-27.5.3
      java-1_8_0-openjdk-debuginfo-1.8.0.144-27.5.3
      java-1_8_0-openjdk-debugsource-1.8.0.144-27.5.3
      java-1_8_0-openjdk-demo-1.8.0.144-27.5.3
      java-1_8_0-openjdk-demo-debuginfo-1.8.0.144-27.5.3
      java-1_8_0-openjdk-devel-1.8.0.144-27.5.3
      java-1_8_0-openjdk-devel-debuginfo-1.8.0.144-27.5.3
      java-1_8_0-openjdk-headless-1.8.0.144-27.5.3
      java-1_8_0-openjdk-headless-debuginfo-1.8.0.144-27.5.3

   - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64):

      java-1_8_0-openjdk-1.8.0.144-27.5.3
      java-1_8_0-openjdk-debuginfo-1.8.0.144-27.5.3
      java-1_8_0-openjdk-debugsource-1.8.0.144-27.5.3
      java-1_8_0-openjdk-demo-1.8.0.144-27.5.3
      java-1_8_0-openjdk-demo-debuginfo-1.8.0.144-27.5.3
      java-1_8_0-openjdk-devel-1.8.0.144-27.5.3
      java-1_8_0-openjdk-headless-1.8.0.144-27.5.3
      java-1_8_0-openjdk-headless-debuginfo-1.8.0.144-27.5.3

   - SUSE Linux Enterprise Desktop 12-SP3 (x86_64):

      java-1_8_0-openjdk-1.8.0.144-27.5.3
      java-1_8_0-openjdk-debuginfo-1.8.0.144-27.5.3
      java-1_8_0-openjdk-debugsource-1.8.0.144-27.5.3
      java-1_8_0-openjdk-headless-1.8.0.144-27.5.3
      java-1_8_0-openjdk-headless-debuginfo-1.8.0.144-27.5.3

   - SUSE Linux Enterprise Desktop 12-SP2 (x86_64):

      java-1_8_0-openjdk-1.8.0.144-27.5.3
      java-1_8_0-openjdk-debuginfo-1.8.0.144-27.5.3
      java-1_8_0-openjdk-debugsource-1.8.0.144-27.5.3
      java-1_8_0-openjdk-headless-1.8.0.144-27.5.3
      java-1_8_0-openjdk-headless-debuginfo-1.8.0.144-27.5.3


References:

   https://www.suse.com/security/cve/CVE-2017-10053.html
   https://www.suse.com/security/cve/CVE-2017-10067.html
   https://www.suse.com/security/cve/CVE-2017-10074.html
   https://www.suse.com/security/cve/CVE-2017-10078.html
   https://www.suse.com/security/cve/CVE-2017-10081.html
   https://www.suse.com/security/cve/CVE-2017-10086.html
   https://www.suse.com/security/cve/CVE-2017-10087.html
   https://www.suse.com/security/cve/CVE-2017-10089.html
   https://www.suse.com/security/cve/CVE-2017-10090.html
   https://www.suse.com/security/cve/CVE-2017-10096.html
   https://www.suse.com/security/cve/CVE-2017-10101.html
   https://www.suse.com/security/cve/CVE-2017-10102.html
   https://www.suse.com/security/cve/CVE-2017-10105.html
   https://www.suse.com/security/cve/CVE-2017-10107.html
   https://www.suse.com/security/cve/CVE-2017-10108.html
   https://www.suse.com/security/cve/CVE-2017-10109.html
   https://www.suse.com/security/cve/CVE-2017-10110.html
   https://www.suse.com/security/cve/CVE-2017-10111.html
   https://www.suse.com/security/cve/CVE-2017-10114.html
   https://www.suse.com/security/cve/CVE-2017-10115.html
   https://www.suse.com/security/cve/CVE-2017-10116.html
   https://www.suse.com/security/cve/CVE-2017-10118.html
   https://www.suse.com/security/cve/CVE-2017-10125.html
   https://www.suse.com/security/cve/CVE-2017-10135.html
   https://www.suse.com/security/cve/CVE-2017-10176.html
   https://www.suse.com/security/cve/CVE-2017-10193.html
   https://www.suse.com/security/cve/CVE-2017-10198.html
   https://www.suse.com/security/cve/CVE-2017-10243.html
   https://bugzilla.suse.com/1049302
   https://bugzilla.suse.com/1049305
   https://bugzilla.suse.com/1049306
   https://bugzilla.suse.com/1049307
   https://bugzilla.suse.com/1049308
   https://bugzilla.suse.com/1049309
   https://bugzilla.suse.com/1049310
   https://bugzilla.suse.com/1049311
   https://bugzilla.suse.com/1049312
   https://bugzilla.suse.com/1049313
   https://bugzilla.suse.com/1049314
   https://bugzilla.suse.com/1049315
   https://bugzilla.suse.com/1049316
   https://bugzilla.suse.com/1049317
   https://bugzilla.suse.com/1049318
   https://bugzilla.suse.com/1049319
   https://bugzilla.suse.com/1049320
   https://bugzilla.suse.com/1049321
   https://bugzilla.suse.com/1049322
   https://bugzilla.suse.com/1049323
   https://bugzilla.suse.com/1049324
   https://bugzilla.suse.com/1049325
   https://bugzilla.suse.com/1049326
   https://bugzilla.suse.com/1049327
   https://bugzilla.suse.com/1049328
   https://bugzilla.suse.com/1049329
   https://bugzilla.suse.com/1049330
   https://bugzilla.suse.com/1049331
   https://bugzilla.suse.com/1049332



More information about the sle-security-updates mailing list