SUSE-SU-2018:0005-1: important: Security update for java-1_7_0-openjdk

sle-updates at lists.suse.com sle-updates at lists.suse.com
Wed Jan 3 13:08:17 MST 2018


   SUSE Security Update: Security update for java-1_7_0-openjdk
______________________________________________________________________________

Announcement ID:    SUSE-SU-2018:0005-1
Rating:             important
References:         #1049305 #1049306 #1049307 #1049309 #1049310 
                    #1049311 #1049312 #1049313 #1049314 #1049315 
                    #1049316 #1049317 #1049318 #1049319 #1049320 
                    #1049321 #1049322 #1049323 #1049324 #1049325 
                    #1049326 #1049327 #1049328 #1049329 #1049330 
                    #1049331 #1049332 #1052318 #1064071 #1064072 
                    #1064073 #1064075 #1064077 #1064078 #1064079 
                    #1064080 #1064081 #1064082 #1064083 #1064084 
                    #1064085 #1064086 
Cross-References:   CVE-2016-10165 CVE-2016-9840 CVE-2016-9841
                    CVE-2016-9842 CVE-2016-9843 CVE-2017-10053
                    CVE-2017-10067 CVE-2017-10074 CVE-2017-10081
                    CVE-2017-10086 CVE-2017-10087 CVE-2017-10089
                    CVE-2017-10090 CVE-2017-10096 CVE-2017-10101
                    CVE-2017-10102 CVE-2017-10105 CVE-2017-10107
                    CVE-2017-10108 CVE-2017-10109 CVE-2017-10110
                    CVE-2017-10111 CVE-2017-10114 CVE-2017-10115
                    CVE-2017-10116 CVE-2017-10118 CVE-2017-10125
                    CVE-2017-10135 CVE-2017-10176 CVE-2017-10193
                    CVE-2017-10198 CVE-2017-10243 CVE-2017-10274
                    CVE-2017-10281 CVE-2017-10285 CVE-2017-10295
                    CVE-2017-10345 CVE-2017-10346 CVE-2017-10347
                    CVE-2017-10348 CVE-2017-10349 CVE-2017-10350
                    CVE-2017-10355 CVE-2017-10356 CVE-2017-10357
                    CVE-2017-10388
Affected Products:
                    SUSE OpenStack Cloud 6
                    SUSE Linux Enterprise Server for SAP 12-SP1
                    SUSE Linux Enterprise Server for SAP 12
                    SUSE Linux Enterprise Server for Raspberry Pi 12-SP2
                    SUSE Linux Enterprise Server 12-SP3
                    SUSE Linux Enterprise Server 12-SP2
                    SUSE Linux Enterprise Server 12-SP1-LTSS
                    SUSE Linux Enterprise Server 12-LTSS
                    SUSE Linux Enterprise Desktop 12-SP3
                    SUSE Linux Enterprise Desktop 12-SP2
______________________________________________________________________________

   An update that fixes 46 vulnerabilities is now available.

Description:

   This update for java-1_7_0-openjdk fixes the following issues:

   Security issues fixed:

   - CVE-2017-10356: Fix issue inside subcomponent Security (bsc#1064084).
   - CVE-2017-10274: Fix issue inside subcomponent Smart Card IO
     (bsc#1064071).
   - CVE-2017-10281: Fix issue inside subcomponent Serialization
     (bsc#1064072).
   - CVE-2017-10285: Fix issue inside subcomponent RMI (bsc#1064073).
   - CVE-2017-10295: Fix issue inside subcomponent Networking (bsc#1064075).
   - CVE-2017-10388: Fix issue inside subcomponent Libraries (bsc#1064086).
   - CVE-2017-10346: Fix issue inside subcomponent Hotspot (bsc#1064078).
   - CVE-2017-10350: Fix issue inside subcomponent JAX-WS (bsc#1064082).
   - CVE-2017-10347: Fix issue inside subcomponent Serialization
     (bsc#1064079).
   - CVE-2017-10349: Fix issue inside subcomponent JAXP (bsc#1064081).
   - CVE-2017-10345: Fix issue inside subcomponent Serialization
     (bsc#1064077).
   - CVE-2017-10348: Fix issue inside subcomponent Libraries (bsc#1064080).
   - CVE-2017-10357: Fix issue inside subcomponent Serialization
     (bsc#1064085).
   - CVE-2017-10355: Fix issue inside subcomponent Networking (bsc#1064083).
   - CVE-2017-10102: Fix incorrect handling of references in DGC
     (bsc#1049316).
   - CVE-2017-10053: Fix reading of unprocessed image data in JPEGImageReader
     (bsc#1049305).
   - CVE-2017-10067: Fix JAR verifier incorrect handling of missing digest
     (bsc#1049306).
   - CVE-2017-10081: Fix incorrect bracket processing in function signature
     handling (bsc#1049309).
   - CVE-2017-10087: Fix insufficient access control checks in
     ThreadPoolExecutor (bsc#1049311).
   - CVE-2017-10089: Fix insufficient access control checks in
     ServiceRegistry (bsc#1049312).
   - CVE-2017-10090: Fix insufficient access control checks in
     AsynchronousChannelGroupImpl (bsc#1049313).
   - CVE-2017-10096: Fix insufficient access control checks in XML
     transformations (bsc#1049314).
   - CVE-2017-10101: Fix unrestricted access to
     com.sun.org.apache.xml.internal.resolver (bsc#1049315).
   - CVE-2017-10107: Fix insufficient access control checks in ActivationID
     (bsc#1049318).
   - CVE-2017-10074: Fix integer overflows in range check loop predicates
     (bsc#1049307).
   - CVE-2017-10110: Fix insufficient access control checks in ImageWatched
     (bsc#1049321).
   - CVE-2017-10108: Fix unbounded memory allocation in BasicAttribute
     deserialization (bsc#1049319).
   - CVE-2017-10109: Fix unbounded memory allocation in CodeSource
     deserialization (bsc#1049320).
   - CVE-2017-10115: Fix unspecified vulnerability in subcomponent JCE
     (bsc#1049324).
   - CVE-2017-10118: Fix ECDSA implementation timing attack (bsc#1049326).
   - CVE-2017-10116: Fix LDAPCertStore following referrals to non-LDAP URL
     (bsc#1049325).
   - CVE-2017-10135: Fix PKCS#8 implementation timing attack (bsc#1049328).
   - CVE-2017-10176: Fix incorrect handling of certain EC points
     (bsc#1049329).
   - CVE-2017-10074: Fix integer overflows in range check loop predicates
     (bsc#1049307).
   - CVE-2017-10074: Fix integer overflows in range check loop predicates
     (bsc#1049307).
   - CVE-2017-10111: Fix checks in LambdaFormEditor (bsc#1049322).
   - CVE-2017-10243: Fix unspecified vulnerability in subcomponent JAX-WS
     (bsc#1049332).
   - CVE-2017-10125: Fix unspecified vulnerability in subcomponent deployment
     (bsc#1049327).
   - CVE-2017-10114: Fix unspecified vulnerability in subcomponent JavaFX
     (bsc#1049323).
   - CVE-2017-10105: Fix unspecified vulnerability in subcomponent deployment
     (bsc#1049317).
   - CVE-2017-10086: Fix unspecified in subcomponent JavaFX (bsc#1049310).
   - CVE-2017-10198: Fix incorrect enforcement of certificate path
     restrictions (bsc#1049331).
   - CVE-2017-10193: Fix incorrect key size constraint check (bsc#1049330).

   Bug fixes:

   - Drop Exec Shield workaround to fix crashes on recent kernels, where Exec
     Shield is gone (bsc#1052318).


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE OpenStack Cloud 6:

      zypper in -t patch SUSE-OpenStack-Cloud-6-2018-6=1

   - SUSE Linux Enterprise Server for SAP 12-SP1:

      zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-6=1

   - SUSE Linux Enterprise Server for SAP 12:

      zypper in -t patch SUSE-SLE-SAP-12-2018-6=1

   - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:

      zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-6=1

   - SUSE Linux Enterprise Server 12-SP3:

      zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-6=1

   - SUSE Linux Enterprise Server 12-SP2:

      zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-6=1

   - SUSE Linux Enterprise Server 12-SP1-LTSS:

      zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-6=1

   - SUSE Linux Enterprise Server 12-LTSS:

      zypper in -t patch SUSE-SLE-SERVER-12-2018-6=1

   - SUSE Linux Enterprise Desktop 12-SP3:

      zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-6=1

   - SUSE Linux Enterprise Desktop 12-SP2:

      zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-6=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE OpenStack Cloud 6 (x86_64):

      java-1_7_0-openjdk-1.7.0.161-43.7.6
      java-1_7_0-openjdk-debuginfo-1.7.0.161-43.7.6
      java-1_7_0-openjdk-debugsource-1.7.0.161-43.7.6
      java-1_7_0-openjdk-demo-1.7.0.161-43.7.6
      java-1_7_0-openjdk-demo-debuginfo-1.7.0.161-43.7.6
      java-1_7_0-openjdk-devel-1.7.0.161-43.7.6
      java-1_7_0-openjdk-devel-debuginfo-1.7.0.161-43.7.6
      java-1_7_0-openjdk-headless-1.7.0.161-43.7.6
      java-1_7_0-openjdk-headless-debuginfo-1.7.0.161-43.7.6

   - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64):

      java-1_7_0-openjdk-1.7.0.161-43.7.6
      java-1_7_0-openjdk-debuginfo-1.7.0.161-43.7.6
      java-1_7_0-openjdk-debugsource-1.7.0.161-43.7.6
      java-1_7_0-openjdk-demo-1.7.0.161-43.7.6
      java-1_7_0-openjdk-demo-debuginfo-1.7.0.161-43.7.6
      java-1_7_0-openjdk-devel-1.7.0.161-43.7.6
      java-1_7_0-openjdk-devel-debuginfo-1.7.0.161-43.7.6
      java-1_7_0-openjdk-headless-1.7.0.161-43.7.6
      java-1_7_0-openjdk-headless-debuginfo-1.7.0.161-43.7.6

   - SUSE Linux Enterprise Server for SAP 12 (x86_64):

      java-1_7_0-openjdk-1.7.0.161-43.7.6
      java-1_7_0-openjdk-debuginfo-1.7.0.161-43.7.6
      java-1_7_0-openjdk-debugsource-1.7.0.161-43.7.6
      java-1_7_0-openjdk-demo-1.7.0.161-43.7.6
      java-1_7_0-openjdk-demo-debuginfo-1.7.0.161-43.7.6
      java-1_7_0-openjdk-devel-1.7.0.161-43.7.6
      java-1_7_0-openjdk-devel-debuginfo-1.7.0.161-43.7.6
      java-1_7_0-openjdk-headless-1.7.0.161-43.7.6
      java-1_7_0-openjdk-headless-debuginfo-1.7.0.161-43.7.6

   - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64):

      java-1_7_0-openjdk-1.7.0.161-43.7.6
      java-1_7_0-openjdk-debuginfo-1.7.0.161-43.7.6
      java-1_7_0-openjdk-debugsource-1.7.0.161-43.7.6
      java-1_7_0-openjdk-demo-1.7.0.161-43.7.6
      java-1_7_0-openjdk-demo-debuginfo-1.7.0.161-43.7.6
      java-1_7_0-openjdk-devel-1.7.0.161-43.7.6
      java-1_7_0-openjdk-devel-debuginfo-1.7.0.161-43.7.6
      java-1_7_0-openjdk-headless-1.7.0.161-43.7.6
      java-1_7_0-openjdk-headless-debuginfo-1.7.0.161-43.7.6

   - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64):

      java-1_7_0-openjdk-1.7.0.161-43.7.6
      java-1_7_0-openjdk-debuginfo-1.7.0.161-43.7.6
      java-1_7_0-openjdk-debugsource-1.7.0.161-43.7.6
      java-1_7_0-openjdk-demo-1.7.0.161-43.7.6
      java-1_7_0-openjdk-demo-debuginfo-1.7.0.161-43.7.6
      java-1_7_0-openjdk-devel-1.7.0.161-43.7.6
      java-1_7_0-openjdk-devel-debuginfo-1.7.0.161-43.7.6
      java-1_7_0-openjdk-headless-1.7.0.161-43.7.6
      java-1_7_0-openjdk-headless-debuginfo-1.7.0.161-43.7.6

   - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64):

      java-1_7_0-openjdk-1.7.0.161-43.7.6
      java-1_7_0-openjdk-debuginfo-1.7.0.161-43.7.6
      java-1_7_0-openjdk-debugsource-1.7.0.161-43.7.6
      java-1_7_0-openjdk-demo-1.7.0.161-43.7.6
      java-1_7_0-openjdk-demo-debuginfo-1.7.0.161-43.7.6
      java-1_7_0-openjdk-devel-1.7.0.161-43.7.6
      java-1_7_0-openjdk-devel-debuginfo-1.7.0.161-43.7.6
      java-1_7_0-openjdk-headless-1.7.0.161-43.7.6
      java-1_7_0-openjdk-headless-debuginfo-1.7.0.161-43.7.6

   - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64):

      java-1_7_0-openjdk-1.7.0.161-43.7.6
      java-1_7_0-openjdk-debuginfo-1.7.0.161-43.7.6
      java-1_7_0-openjdk-debugsource-1.7.0.161-43.7.6
      java-1_7_0-openjdk-demo-1.7.0.161-43.7.6
      java-1_7_0-openjdk-demo-debuginfo-1.7.0.161-43.7.6
      java-1_7_0-openjdk-devel-1.7.0.161-43.7.6
      java-1_7_0-openjdk-devel-debuginfo-1.7.0.161-43.7.6
      java-1_7_0-openjdk-headless-1.7.0.161-43.7.6
      java-1_7_0-openjdk-headless-debuginfo-1.7.0.161-43.7.6

   - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64):

      java-1_7_0-openjdk-1.7.0.161-43.7.6
      java-1_7_0-openjdk-debuginfo-1.7.0.161-43.7.6
      java-1_7_0-openjdk-debugsource-1.7.0.161-43.7.6
      java-1_7_0-openjdk-demo-1.7.0.161-43.7.6
      java-1_7_0-openjdk-demo-debuginfo-1.7.0.161-43.7.6
      java-1_7_0-openjdk-devel-1.7.0.161-43.7.6
      java-1_7_0-openjdk-devel-debuginfo-1.7.0.161-43.7.6
      java-1_7_0-openjdk-headless-1.7.0.161-43.7.6
      java-1_7_0-openjdk-headless-debuginfo-1.7.0.161-43.7.6

   - SUSE Linux Enterprise Desktop 12-SP3 (x86_64):

      java-1_7_0-openjdk-1.7.0.161-43.7.6
      java-1_7_0-openjdk-debuginfo-1.7.0.161-43.7.6
      java-1_7_0-openjdk-debugsource-1.7.0.161-43.7.6
      java-1_7_0-openjdk-headless-1.7.0.161-43.7.6
      java-1_7_0-openjdk-headless-debuginfo-1.7.0.161-43.7.6

   - SUSE Linux Enterprise Desktop 12-SP2 (x86_64):

      java-1_7_0-openjdk-1.7.0.161-43.7.6
      java-1_7_0-openjdk-debuginfo-1.7.0.161-43.7.6
      java-1_7_0-openjdk-debugsource-1.7.0.161-43.7.6
      java-1_7_0-openjdk-headless-1.7.0.161-43.7.6
      java-1_7_0-openjdk-headless-debuginfo-1.7.0.161-43.7.6


References:

   https://www.suse.com/security/cve/CVE-2016-10165.html
   https://www.suse.com/security/cve/CVE-2016-9840.html
   https://www.suse.com/security/cve/CVE-2016-9841.html
   https://www.suse.com/security/cve/CVE-2016-9842.html
   https://www.suse.com/security/cve/CVE-2016-9843.html
   https://www.suse.com/security/cve/CVE-2017-10053.html
   https://www.suse.com/security/cve/CVE-2017-10067.html
   https://www.suse.com/security/cve/CVE-2017-10074.html
   https://www.suse.com/security/cve/CVE-2017-10081.html
   https://www.suse.com/security/cve/CVE-2017-10086.html
   https://www.suse.com/security/cve/CVE-2017-10087.html
   https://www.suse.com/security/cve/CVE-2017-10089.html
   https://www.suse.com/security/cve/CVE-2017-10090.html
   https://www.suse.com/security/cve/CVE-2017-10096.html
   https://www.suse.com/security/cve/CVE-2017-10101.html
   https://www.suse.com/security/cve/CVE-2017-10102.html
   https://www.suse.com/security/cve/CVE-2017-10105.html
   https://www.suse.com/security/cve/CVE-2017-10107.html
   https://www.suse.com/security/cve/CVE-2017-10108.html
   https://www.suse.com/security/cve/CVE-2017-10109.html
   https://www.suse.com/security/cve/CVE-2017-10110.html
   https://www.suse.com/security/cve/CVE-2017-10111.html
   https://www.suse.com/security/cve/CVE-2017-10114.html
   https://www.suse.com/security/cve/CVE-2017-10115.html
   https://www.suse.com/security/cve/CVE-2017-10116.html
   https://www.suse.com/security/cve/CVE-2017-10118.html
   https://www.suse.com/security/cve/CVE-2017-10125.html
   https://www.suse.com/security/cve/CVE-2017-10135.html
   https://www.suse.com/security/cve/CVE-2017-10176.html
   https://www.suse.com/security/cve/CVE-2017-10193.html
   https://www.suse.com/security/cve/CVE-2017-10198.html
   https://www.suse.com/security/cve/CVE-2017-10243.html
   https://www.suse.com/security/cve/CVE-2017-10274.html
   https://www.suse.com/security/cve/CVE-2017-10281.html
   https://www.suse.com/security/cve/CVE-2017-10285.html
   https://www.suse.com/security/cve/CVE-2017-10295.html
   https://www.suse.com/security/cve/CVE-2017-10345.html
   https://www.suse.com/security/cve/CVE-2017-10346.html
   https://www.suse.com/security/cve/CVE-2017-10347.html
   https://www.suse.com/security/cve/CVE-2017-10348.html
   https://www.suse.com/security/cve/CVE-2017-10349.html
   https://www.suse.com/security/cve/CVE-2017-10350.html
   https://www.suse.com/security/cve/CVE-2017-10355.html
   https://www.suse.com/security/cve/CVE-2017-10356.html
   https://www.suse.com/security/cve/CVE-2017-10357.html
   https://www.suse.com/security/cve/CVE-2017-10388.html
   https://bugzilla.suse.com/1049305
   https://bugzilla.suse.com/1049306
   https://bugzilla.suse.com/1049307
   https://bugzilla.suse.com/1049309
   https://bugzilla.suse.com/1049310
   https://bugzilla.suse.com/1049311
   https://bugzilla.suse.com/1049312
   https://bugzilla.suse.com/1049313
   https://bugzilla.suse.com/1049314
   https://bugzilla.suse.com/1049315
   https://bugzilla.suse.com/1049316
   https://bugzilla.suse.com/1049317
   https://bugzilla.suse.com/1049318
   https://bugzilla.suse.com/1049319
   https://bugzilla.suse.com/1049320
   https://bugzilla.suse.com/1049321
   https://bugzilla.suse.com/1049322
   https://bugzilla.suse.com/1049323
   https://bugzilla.suse.com/1049324
   https://bugzilla.suse.com/1049325
   https://bugzilla.suse.com/1049326
   https://bugzilla.suse.com/1049327
   https://bugzilla.suse.com/1049328
   https://bugzilla.suse.com/1049329
   https://bugzilla.suse.com/1049330
   https://bugzilla.suse.com/1049331
   https://bugzilla.suse.com/1049332
   https://bugzilla.suse.com/1052318
   https://bugzilla.suse.com/1064071
   https://bugzilla.suse.com/1064072
   https://bugzilla.suse.com/1064073
   https://bugzilla.suse.com/1064075
   https://bugzilla.suse.com/1064077
   https://bugzilla.suse.com/1064078
   https://bugzilla.suse.com/1064079
   https://bugzilla.suse.com/1064080
   https://bugzilla.suse.com/1064081
   https://bugzilla.suse.com/1064082
   https://bugzilla.suse.com/1064083
   https://bugzilla.suse.com/1064084
   https://bugzilla.suse.com/1064085
   https://bugzilla.suse.com/1064086



More information about the sle-updates mailing list