SUSE-SU-2020:3460-1: moderate: Security update for java-1_8_0-openjdk

sle-security-updates at sle-security-updates at
Fri Nov 20 10:20:50 MST 2020

   SUSE Security Update: Security update for java-1_8_0-openjdk

Announcement ID:    SUSE-SU-2020:3460-1
Rating:             moderate
References:         #1174157 #1177943 
Cross-References:   CVE-2020-14556 CVE-2020-14577 CVE-2020-14578
                    CVE-2020-14579 CVE-2020-14581 CVE-2020-14583
                    CVE-2020-14593 CVE-2020-14621 CVE-2020-14779
                    CVE-2020-14781 CVE-2020-14782 CVE-2020-14792
                    CVE-2020-14796 CVE-2020-14797 CVE-2020-14798
Affected Products:
                    SUSE Linux Enterprise Server for SAP 15
                    SUSE Linux Enterprise Server 15-LTSS
                    SUSE Linux Enterprise Module for Legacy Software 15-SP2
                    SUSE Linux Enterprise Module for Legacy Software 15-SP1

   An update that fixes 16 vulnerabilities is now available.


   This update for java-1_8_0-openjdk fixes the following issues:

   - Fix regression "8250861: Crash in MinINode::Ideal(PhaseGVN*, bool)",
     introduced in October 2020 CPU.

   - Update to version jdk8u272 (icedtea 3.17.0) (July 2020 CPU, bsc#1174157,
     and October 2020 CPU, bsc#1177943)
     * New features
       + JDK-8245468: Add TLSv1.3 implementation classes from 11.0.7
       + PR3796: Allow the number of curves supported to be specified
     * Security fixes
       + JDK-8028431, CVE-2020-14579: NullPointerException in
       + JDK-8028591, CVE-2020-14578: NegativeArraySizeException in
       + JDK-8230613: Better ASCII conversions
       + JDK-8231800: Better listing of arrays
       + JDK-8232014: Expand DTD support
       + JDK-8233255: Better Swing Buttons
       + JDK-8233624: Enhance JNI linkage
       + JDK-8234032: Improve basic calendar services
       + JDK-8234042: Better factory production of certificates
       + JDK-8234418: Better parsing with CertificateFactory
       + JDK-8234836: Improve serialization handling
       + JDK-8236191: Enhance OID processing
       + JDK-8236196: Improve string pooling
       + JDK-8236862, CVE-2020-14779: Enhance support of Proxy class
       + JDK-8237117, CVE-2020-14556: Better ForkJoinPool behavior
       + JDK-8237592, CVE-2020-14577: Enhance certificate verification
       + JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts
       + JDK-8237995, CVE-2020-14782: Enhance certificate processing
       + JDK-8238002, CVE-2020-14581: Better matrix operations
       + JDK-8238804: Enhance key handling process
       + JDK-8238842: AIOOBE in GIFImageReader.initializeStringTable
       + JDK-8238843: Enhanced font handing
       + JDK-8238920, CVE-2020-14583: Better Buffer support
       + JDK-8238925: Enhance WAV file playback
       + JDK-8240119, CVE-2020-14593: Less Affine Transformations
       + JDK-8240124: Better VM Interning
       + JDK-8240482: Improved WAV file playback
       + JDK-8241114, CVE-2020-14792: Better range handling
       + JDK-8241379: Update JCEKS support
       + JDK-8241522: Manifest improved jar headers redux
       + JDK-8242136, CVE-2020-14621: Better XML namespace handling
       + JDK-8242680, CVE-2020-14796: Improved URI Support
       + JDK-8242685, CVE-2020-14797: Better Path Validation
       + JDK-8242695, CVE-2020-14798: Enhanced buffer support
       + JDK-8243302: Advanced class supports
       + JDK-8244136, CVE-2020-14803: Improved Buffer supports
       + JDK-8244479: Further constrain certificates
       + JDK-8244955: Additional Fix for JDK-8240124
       + JDK-8245407: Enhance zoning of times
       + JDK-8245412: Better class definitions
       + JDK-8245417: Improve certificate chain handling
       + JDK-8248574: Improve jpeg processing
       + JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit
       + JDK-8253019: Enhanced JPEG decoding
     * Import of OpenJDK 8 u262 build 01
       + JDK-4949105: Access Bridge lacks html tags parsing
       + JDK-8003209: JFR events for network utilization
       + JDK-8030680: 292 cleanup from default method code assessment
       + JDK-8035633: TEST_BUG: java/net/NetworkInterface/ and
         some tests failed on windows intermittently
       + JDK-8041626: Shutdown tracing event
       + JDK-8141056: Erroneous assignment in HeapRegionSet.cpp
       + JDK-8149338: JVM Crash caused by Marlin renderer not handling NaN
       + JDK-8151582: (ch) test java/nio/channels/
         / failing due to "Connection succeeded"
       + JDK-8165675: Trace event for thread park has incorrect unit for
       + JDK-8176182: 4 security tests are not run
       + JDK-8178910: Problemlist sample tests
       + JDK-8183925: Decouple crash protection from watcher thread
       + JDK-8191393: Random crashes during cfree+0x1c
       + JDK-8195817: JFR.stop should require name of recording
       + JDK-8195818: JFR.start should increase autogenerated name by
       + JDK-8195819: Remove recording=x from jcmd JFR.check output
       + JDK-8199712: Flight Recorder
       + JDK-8202578: Revisit location for class unload events
       + JDK-8202835: jfr/event/os/ fails on missing
       + JDK-8203287: Zero fails to build after JDK-8199712 (Flight Recorder)
       + JDK-8203346: JFR: Inconsistent signature of jfr_add_string_constant
       + JDK-8203664: JFR start failure after AppCDS archive created with JFR
       + JDK-8203921: JFR thread sampling is missing fixes from JDK-8194552
       + JDK-8203929: Limit amount of data for JFR.dump
       + JDK-8205516: JFR tool
       + JDK-8207392: [PPC64] Implement JFR profiling
       + JDK-8207829: FlightRecorderMXBeanImpl is leaking the first
         classloader which calls it
       + JDK-8209960: -Xlog:jfr* doesn't work with the JFR
       + JDK-8210024: JFR calls virtual is_Java_thread from ~Thread()
       + JDK-8210776: Upgrade X Window System 6.8.2 to the latest XWD 1.0.7
       + JDK-8211239: Build fails without JFR: empty JFR events signatures
       + JDK-8212232: Wrong metadata for the configuration of the cutoff for
         old object sample events
       + JDK-8213015: Inconsistent settings between JFR.configure and
       + JDK-8213421: Line number information for execution samples always 0
       + JDK-8213617: JFR should record the PID of the recorded process
       + JDK-8213734: SAXParser.parse(File, ..) does not close resources when
         Exception occurs.
       + JDK-8213914: [TESTBUG] Several JFR VM events are not covered by tests
       + JDK-8213917: [TESTBUG] Shutdown JFR event is not covered by test
       + JDK-8213966: The ZGC JFR events should be marked as experimental
       + JDK-8214542: JFR: Old Object Sample event slow on a deep heap in
         debug builds
       + JDK-8214750: Unnecessary <p> tags in jfr classes
       + JDK-8214896: JFR Tool left files behind
       + JDK-8214906: [TESTBUG] jfr/event/sampling/ fails with
       + JDK-8214925: JFR tool fails to execute
       + JDK-8215175: Inconsistencies in JFR event metadata
       + JDK-8215237: jdk.jfr.Recording javadoc does not compile
       + JDK-8215284: Reduce noise induced by periodic task getFileSize()
       + JDK-8215355: Object monitor deadlock with no threads holding the
         monitor (using jemalloc 5.1)
       + JDK-8215362: JFR GTest JfrTestNetworkUtilization fails
       + JDK-8215771: The jfr tool should pretty print reference chains
       + JDK-8216064: -XX:StartFlightRecording:settings= doesn't work properly
       + JDK-8216486: Possibility of integer overflow in
       + JDK-8216528: test/jdk/java/rmi/transport/
         /runtimeThreadInheritanceLeak/ /
         failing with Xcomp
       + JDK-8216559: [JFR] Native libraries not correctly parsed from
       + JDK-8216578: Remove unused/obsolete method in JFR code
       + JDK-8216995: Clean up JFR command line processing
       + JDK-8217744: [TESTBUG] JFR TestShutdownEvent fails on some systems
         due to process surviving SIGINT
       + JDK-8217748: [TESTBUG] Exclude TestSig test case from JFR
       + JDK-8218935: Make jfr strncpy uses GCC 8.x friendly
       + JDK-8223147: JFR Backport
       + JDK-8223689: Add JFR Thread Sampling Support
       + JDK-8223690: Add JFR BiasedLock Event Support
       + JDK-8223691: Add JFR G1 Region Type Change Event Support
       + JDK-8223692: Add JFR G1 Heap Summary Event Support
       + JDK-8224172: assert(jfr_is_event_enabled(id)) failed: invariant
       + JDK-8224475: JTextPane does not show images in HTML rendering
       + JDK-8226253: JAWS reports wrong number of radio buttons when buttons
         are hidden.
       + JDK-8226779: [TESTBUG] Test JFR API from Java agent
       + JDK-8226892: ActionListeners on JRadioButtons don't get notified
         when selection is changed with arrow keys
       + JDK-8227011: Starting a JFR recording in response to JVMTI VMInit
         and / or Java agent premain corrupts memory
       + JDK-8227605: Kitchensink fails "assert((((klass)->trace_id() &
         (JfrTraceIdEpoch::leakp_in_use_this_epoch_bit())) != 0)) failed:
       + JDK-8229366: JFR backport allows unchecked writing to memory
       + JDK-8229401: Fix JFR code cache test failures
       + JDK-8229708: JFR backport code does not initialize
       + JDK-8229873: 8229401 broke jdk8u-jfr-incubator
       + JDK-8230448: [test] is failing on Windows
       + JDK-8230707: JFR related tests are failing
       + JDK-8230782: Robot.createScreenCapture() fails if "awt.robot.gtk" is
         set to false
       + JDK-8230856: Java_java_net_NetworkInterface_getByName0 on unix
         misses ReleaseStringUTFChars in early return
       + JDK-8230947: is failing after
       + JDK-8231995: two jtreg tests failed after 8229366 is fixed
       + JDK-8233623: Add classpath exception to copyright in file
       + JDK-8236002: CSR for JFR backport suggests not leaving out the
       + JDK-8236008: Some backup files were accidentally left in the hotspot
       + JDK-8236074: Missed package-info
       + JDK-8236174: Should update javadoc since tags
       + JDK-8238076: Fix OpenJDK 7 Bootstrap Broken by JFR Backport
       + JDK-8238452: Keytool generates wrong expiration date if validity is
         set to 2050/01/01
       + JDK-8238555: Allow Initialization of SunPKCS11 with NSS when there
         are external FIPS modules in the NSSDB
       + JDK-8238589: Necessary code cleanup in JFR for JDK8u
       + JDK-8238590: Enable JFR by default during compilation in 8u
       + JDK-8239055: Wrong implementation of VMState.hasListener
       + JDK-8239476: JDK-8238589 broke windows build by moving OrderedPair
       + JDK-8239479: minimal1 and zero builds are failing
       + JDK-8239867: correct over use of INCLUDE_JFR macro
       + JDK-8240375: Disable JFR by default for July 2020 release
       + JDK-8241444: Metaspace::_class_vsm not initialized if compressed
         class pointers are disabled
       + JDK-8241902: AIX Build broken after integration of JDK-8223147 (JFR
       + JDK-8242788: Non-PCH build is broken after JDK-8191393
     * Import of OpenJDK 8 u262 build 02
       + JDK-8130737: AffineTransformOp can't handle child raster with
         non-zero x-offset
       + JDK-8172559: [PIT][TEST_BUG] Move @test to be 1st annotation in
       + JDK-8230926: [macosx] Two apostrophes are entered instead of
         one with "U.S. International - PC" layout
       + JDK-8240576: JVM crashes after transformation in C2
       + JDK-8242883: Incomplete backport of JDK-8078268: backport test part
     * Import of OpenJDK 8 u262 build 03
       + JDK-8037866: Replace the Fun class in tests with lambdas
       + JDK-8146612: C2: Precedence edges specification violated
       + JDK-8150986: serviceability/sa/jmap-hprof/
         / failing because expects HPROF JAVA
         PROFILE 1.0.1 file format
       + JDK-8229888: (zipfs) Updating an existing zip file does not preserve
         original permissions
       + JDK-8230597: Update GIFlib library to the 5.2.1
       + JDK-8230769: BufImg_SetupICM add ReleasePrimitiveArrayCritical call
         in early return
       + JDK-8233880, PR3798: Support compilers with multi-digit major
         version numbers
       + JDK-8239852: java/util/concurrent tests fail with
         -XX:+VerifyGraphEdges: assert(!VerifyGraphEdges) failed:
   verification should have failed
       + JDK-8241638: launcher time metrics always report 1 on Linux when
       + JDK-8243059: Build fails when --with-vendor-name contains a comma
       + JDK-8243474: [TESTBUG] removed three tests of 0 bytes
       + JDK-8244461: [JDK 8u] Build fails with glibc 2.32
       + JDK-8244548: JDK 8u: sun.misc.Version.jdkUpdateVersion() returns
         wrong result
     * Import of OpenJDK 8 u262 build 04
       + JDK-8067796: (process) Process.waitFor(timeout, unit) doesn't throw
         NPE if timeout is less than, or equal to zero when unit == null
       + JDK-8148886: SEGV in sun.java2d.marlin.Renderer._endRendering
       + JDK-8171934:
         ObjectSizeCalculator.getEffectiveMemoryLayoutSpecification() does
         not recognize OpenJDK's HotSpot VM
       + JDK-8196969: JTreg Failure: serviceability/sa/
         causes NPE
       + JDK-8243539: Copyright info (Year) should be updated for fix
         of 8241638
       + JDK-8244777: ClassLoaderStats VM Op uses constant hash value
     * Import of OpenJDK 8 u262 build 05
       + JDK-7147060: com/sun/org/apache/xml/internal/security/
         /transforms/ doesn't run in agentvm mode
       + JDK-8178374: Problematic ByteBuffer handling in
         CipherSpi.bufferCrypt method
       + JDK-8181841: A TSA server returns timestamp with precision higher
         than milliseconds
       + JDK-8227269: Slow class loading when running with JDWP
       + JDK-8229899: Make less racy
       + JDK-8236996: Incorrect Roboto font rendering on Windows with
         subpixel antialiasing
       + JDK-8241750: x86_32 build failure after JDK-8227269
       + JDK-8244407: JVM crashes after transformation in C2
       + JDK-8244843: JapanEraNameCompatTest fails
     * Import of OpenJDK 8 u262 build 06
       + JDK-8246223: Windows build fails after JDK-8227269
     * Import of OpenJDK 8 u262 build 07
       + JDK-8233197: Invert JvmtiExport::post_vm_initialized() and
         Jfr:on_vm_start() start-up order for correct option parsing
       + JDK-8243541: (tz) Upgrade time-zone data to tzdata2020a
       + JDK-8245167: Top package in method profiling shows null in JMC
       + JDK-8246703: [TESTBUG] Add test for JDK-8233197
     * Import of OpenJDK 8 u262 build 08
       + JDK-8220293: Deadlock in JFR string pool
       + JDK-8225068: Remove DocuSign root certificate that is expiring in
         May 2020
       + JDK-8225069: Remove Comodo root certificate that is expiring in May
     * Import of OpenJDK 8 u262 build 09
       + JDK-8248399: Build installs jfr binary when JFR is disabled
     * Import of OpenJDK 8 u262 build 10
       + JDK-8248715: New JavaTimeSupplementary localisation for 'in'
         installed in wrong package
     * Import of OpenJDK 8 u265 build 01
       + JDK-8249677: Regression in 8u after JDK-8237117: Better ForkJoinPool
       + JDK-8250546: Expect changed behaviour reported in JDK-8249846
     * Import of OpenJDK 8 u272 build 01
       + JDK-8006205: [TESTBUG] NEED_TEST: please JTREGIFY
       + JDK-8035493: JVMTI PopFrame capability must instruct compilers not
         to prune locals
       + JDK-8036088: Replace strtok() with its safe equivalent strtok_s() in
       + JDK-8039082: [TEST_BUG] Test java/awt/dnd/
         /BadSerializationTest/ fails
       + JDK-8075774: Small readability and performance improvements for zipfs
       + JDK-8132206: move into OpenJDK
       + JDK-8132376: Add @requires to the client tests with access
         to internal OS-specific API
       + JDK-8132745: minor cleanup of java/util/Scanner/
       + JDK-8137087: [TEST_BUG] Cygwin failure of java/awt/
       + JDK-8145808: java/awt/Graphics2D/MTGraphicsAccessTest/
         / hangs on Win. 8
       + JDK-8151788: NullPointerException from ntlm.Client.type3
       + JDK-8151834: Test times out intermittently
       + JDK-8153430: jdk regression test MletParserLocaleTest,
         ParserInfiniteLoopTest reduce default timeout
       + JDK-8153583: Make OutputAnalyzer.reportDiagnosticSummary public
       + JDK-8156169: Some sound tests rarely hangs because of incorrect
       + JDK-8165936: Potential Heap buffer overflow when seaching timezone
         info files
       + JDK-8166148: Fix for JDK-8165936 broke solaris builds
       + JDK-8167300: Scheduling failures during gcm should be fatal
       + JDK-8167615: Opensource unit/regression tests for JavaSound
       + JDK-8172012: [TEST_BUG] delays needed in
       + JDK-8177628: Opensource unit/regression tests for ImageIO
       + JDK-8183341: Better cleanup for javax/imageio/
       + JDK-8183351: Better cleanup for jdk/test/javax/imageio/spi/
       + JDK-8193137: Nashorn crashes when given an empty script file
       + JDK-8194298: Add support for per Socket configuration of TCP
       + JDK-8198004: javax/swing/JFileChooser/6868611/ throws
       + JDK-8200313: java/awt/Gtk/GtkVersionTest/ fails
       + JDK-8210147: adjust some WSAGetLastError usages in windows network
       + JDK-8211714: Need to update vm_version.cpp to recognise VS2017 minor
       + JDK-8214862: assert(proj != __null) at compile.cpp:3251
       + JDK-8217606: LdapContext#reconnect always opens a new connection
       + JDK-8217647: JFR: recordings on 32-bit systems unreadable
       + JDK-8226697: Several tests which need the @key headful keyword are
         missing it.
       + JDK-8229378: jdwp library loader in linker_md.c quietly truncates on
         buffer overflow
       + JDK-8230303: JDB hangs when running monitor command
       + JDK-8230711: ConnectionGraph::unique_java_object(Node* N) return
         NULL if n is not in the CG
       + JDK-8234617: C1: Incorrect result of field load due to missing
         narrowing conversion
       + JDK-8235243: handle VS2017 15.9 and VS2019 in abstract_vm_version
       + JDK-8235325: build failure on Linux after 8235243
       + JDK-8235687: Contents/MacOS/libjli.dylib cannot be a symlink
       + JDK-8237951: CTW: C2 compilation fails with "malformed control flow"
       + JDK-8238225: Issues reported after replacing symlink at
         Contents/MacOS/libjli.dylib with binary
       + JDK-8239385: KerberosTicket client name refers wrongly to
         sAMAccountName in AD
       + JDK-8239819: XToolkit: Misread of screen information memory
       + JDK-8240295: hs_err elapsed time in seconds is not accurate enough
       + JDK-8241888: Mirror system property
         with a security one
       + JDK-8242498: Invalid "sun.awt.TimedWindowEvent" object leads to JVM
       + JDK-8243489: Thread CPU Load event may contain wrong data for CPU
         time under certain conditions
       + JDK-8244818: Java2D Queue Flusher crash while moving application
         window to external monitor
       + JDK-8246310: Clean commented-out code about ModuleEntry and
         PackageEntry in JFR
       + JDK-8246384: Enable JFR by default on supported architectures for
         October 2020 release
       + JDK-8248643: Remove extra leading space in JDK-8240295 8u backport
       + JDK-8249610: Make keys) method
     * Import of OpenJDK 8 u272 build 02
       + JDK-8023697: failed class resolution reports different class name in
         detail message for the first and subsequent times
       + JDK-8025886: replace [[ and == bash extensions in regtest
       + JDK-8046274: Removing dependency on jakarta-regexp
       + JDK-8048933: -XX:+TraceExceptions output should include the message
       + JDK-8076151: [TESTBUG] Test java/awt/FontClass/CreateFont/
         /fileaccess/ fails
       + JDK-8148854: Class names "SomeClass" and "LSomeClass;" treated by
         JVM as an equivalent
       + JDK-8154313: Generated javadoc scattered all over the place
       + JDK-8163251: Hard coded loop limit prevents reading of smart card
         data greater than 8k
       + JDK-8173300: [TESTBUG]compiler/tiered/ fails
         with compiler.whitebox.SimpleTestCaseHelper(int) must be compiled
       + JDK-8183349: Better cleanup for jdk/test/javax/imageio/
         /plugins/shared/ and
       + JDK-8191678: [TESTBUG] Add keyword headful in java/awt
         FocusTransitionTest test.
       + JDK-8201633: Problems with AES-GCM native acceleration
       + JDK-8211049: Second parameter of "initialize" method is not used
       + JDK-8219566: JFR did not collect call stacks when
         MaxJavaStackTraceDepth is set to zero
       + JDK-8220165: Encryption using GCM results in RuntimeException- input
         length out of bound
       + JDK-8220555: JFR tool shows potentially misleading message when it
         cannot access a file
       + JDK-8224217: RecordingInfo should use textual representation
         of path
       + JDK-8231779: crash HeapWord*ParallelScavengeHeap::failed_mem_allocate
       + JDK-8238380, PR3798: java.base/unix/native/libjava/childproc.c
         "multiple definition" link errors with GCC10
       + JDK-8238386, PR3798: (sctp) jdk.sctp/unix/native/libsctp/ /SctpNet.c
         "multiple definition" link errors with GCC10
       + JDK-8238388, PR3798: libj2gss/NativeFunc.o "multiple definition"
         link errors with GCC10
       + JDK-8242556: Cannot load RSASSA-PSS public key with non-null params
         from byte array
       + JDK-8250755: Better cleanup for jdk/test/javax/imageio/
     * Import of OpenJDK 8 u272 build 03
       + JDK-6574989: TEST_BUG: javax/sound/sampled/Clip/
         fails sometimes
       + JDK-8148754: C2 loop unrolling fails due to unexpected graph shape
       + JDK-8192953: sun/management/jmxremote/bootstrap/*.sh tests fail with
         error : revokeall.exe: Permission denied
       + JDK-8203357: Container Metrics
       + JDK-8209113: Use WeakReference for lastFontStrike for created Fonts
       + JDK-8216283: Allow shorter method sampling interval than 10 ms
       + JDK-8221569: JFR tool produces incorrect output when both
         --categories and --events are specified
       + JDK-8233097: Fontmetrics for large Fonts has zero width
       + JDK-8248851: CMS: Missing memory fences between free chunk check and
         klass read
       + JDK-8250875: Incorrect parameter type for update_number in
     * Import of OpenJDK 8 u272 build 04
       + JDK-8061616: HotspotDiagnosticMXBean.getVMOption() throws
         IllegalArgumentException for flags of type double
       + JDK-8177334: Update xmldsig implementation to Apache Santuario 2.1.1
       + JDK-8217878: ENVELOPING XML signature no longer works in JDK 11
       + JDK-8218629: XML Digital Signature throws NAMESPACE_ERR exception on
         OpenJDK 11, works 8/9/10
       + JDK-8243138: Enhance BaseLdapServer to support starttls extended
     * Import of OpenJDK 8 u272 build 05
       + JDK-8026236: Add PrimeTest for BigInteger
       + JDK-8057003: Large reference arrays cause extremely long
         synchronization times
       + JDK-8060721: Test runtime/SharedArchiveFile/ /
         fails in jdk 9 fcs new platforms/compiler
       + JDK-8152077: (cal) Calendar.roll does not always roll the hours
         during daylight savings
       + JDK-8168517: java/lang/ProcessBuilder/ failed
       + JDK-8211163: UNIX version of Java_java_io_Console_echo does not
         return a clean boolean
       + JDK-8220674: [TESTBUG] MetricsMemoryTester failcount test in docker
         container only works with debug JVMs
       + JDK-8231213: Migrate SimpleDateFormatConstTest to JDK Repo
       + JDK-8236645: JDK 8u231 introduces a regression with incompatible
         handling of XML messages
       + JDK-8240676: Meet not symmetric failure when running lucene
         on jdk8
       + JDK-8243321: Add Entrust root CA - G4 to Oracle Root CA program
       + JDK-8249158: THREAD_START and THREAD_END event posted in primordial
       + JDK-8250627: Use -XX:+/-UseContainerSupport for enabling/disabling
         Java container metrics
       + JDK-8251546: 8u backport of JDK-8194298 breaks AIX and Solaris builds
       + JDK-8252084: Minimal VM fails to bootcycle: undefined symbol:
     * Import of OpenJDK 8 u272 build 06
       + JDK-8064319: Need to enable -XX:+TraceExceptions in release builds
       + JDK-8080462, PR3801: Update SunPKCS11 provider with PKCS11 v2.40
       + JDK-8160768: Add capability to custom resolve host/domain names
         within the default JNDI LDAP provider
       + JDK-8161973: PKIXRevocationChecker.getSoftFailExceptions() not
       + JDK-8169925, PR3801: PKCS #11 Cryptographic Token Interface license
       + JDK-8184762: ZapStackSegments should use optimized memset
       + JDK-8193234: When using -Xcheck:jni an internally allocated buffer
         can leak
       + JDK-8219919: RuntimeStub name lost with PrintFrameConverterAssembly
       + JDK-8220313: [TESTBUG] Update base image for Docker testing to OL 7.6
       + JDK-8222079: Don't use memset to initialize fields decode_env
         constructor in disassembler.cpp
       + JDK-8225695: 32-bit build failures after JDK-8080462 (Update
         SunPKCS11 provider with PKCS11 v2.40 support)
       + JDK-8226575: OperatingSystemMXBean should be made container aware
       + JDK-8226809: Circular reference in printed stack trace is not
         correctly indented & ambiguous
       + JDK-8228835: Memory leak in PKCS11 provider when using AES GCM
       + JDK-8233621: Mismatch in jsse.enableMFLNExtension property name
       + JDK-8238898, PR3801: Missing hash characters for header on license
       + JDK-8243320: Add SSL root certificates to Oracle Root CA program
       + JDK-8244151: Update MUSCLE PC/SC-Lite headers to the latest release
       + JDK-8245467: Remove 8u TLSv1.2 implementation files
       + JDK-8245469: Remove DTLS protocol implementation
       + JDK-8245470: Fix JDK8 compatibility issues
       + JDK-8245471: Revert JDK-8148188
       + JDK-8245472: Backport JDK-8038893 to JDK8
       + JDK-8245473: OCSP stapling support
       + JDK-8245474: Add TLS_KRB5 cipher suites support according to RFC-2712
       + JDK-8245476: Disable TLSv1.3 protocol in the ClientHello message by
       + JDK-8245477: Adjust TLS tests location
       + JDK-8245653: Remove 8u TLS tests
       + JDK-8245681: Add TLSv1.3 regression test from 11.0.7
       + JDK-8251117: Cannot check P11Key size in P11Cipher and P11AEADCipher
       + JDK-8251120, PR3793: [8u] HotSpot build assumes ENABLE_JFR is set to
         either true or false
       + JDK-8251341: Minimal Java specification change
       + JDK-8251478: Backport TLSv1.3 regression tests to JDK8u
     * Import of OpenJDK 8 u272 build 07
       + JDK-8246193: Possible NPE in ENC-PA-REP search in AS-REQ
     * Import of OpenJDK 8 u272 build 08
       + JDK-8062947: Fix exception message to correctly represent LDAP
         connection failure
       + JDK-8151678: com/sun/jndi/ldap/ failed due to
         timeout on DeadServerNoTimeoutTest is incorrect
       + JDK-8252573: 8u: Windows build failed after 8222079 backport
     * Import of OpenJDK 8 u272 build 09
       + JDK-8252886: [TESTBUG] sun/security/ec/ : Compilation
     * Import of OpenJDK 8 u272 build 10
       + JDK-8254673: Call to JvmtiExport::post_vm_start() was removed by the
         fix for JDK-8249158
       + JDK-8254937: Revert JDK-8148854 for 8u272
     * Backports
       + JDK-8038723, PR3806: Openup some PrinterJob tests
       + JDK-8041480, PR3806: ArrayIndexOutOfBoundsException when JTable
         contains certain string
       + JDK-8058779, PR3805: Faster implementation of
         String.replace(CharSequence, CharSequence)
       + JDK-8130125, PR3806: [TEST_BUG] add @modules to the several client
         tests unaffected by the automated bulk update
       + JDK-8144015, PR3806: [PIT] failures of text layout font tests
       + JDK-8144023, PR3806: [PIT] failure of text measurements in
       + JDK-8144240, PR3806: [macosx][PIT] AIOOB in
       + JDK-8145542, PR3806: The case failed automatically and thrown
         java.lang.ArrayIndexOutOfBoundsException exception
       + JDK-8151725, PR3806: [macosx] ArrayIndexOOB exception when
         displaying Devanagari text in JEditorPane
       + JDK-8152358, PR3800: code and comment cleanups found during the hunt
         for 8077392
       + JDK-8152545, PR3804: Use preprocessor instead of compiling a program
         to generate native nio constants
       + JDK-8152680, PR3806: Regression in GlyphVector.getGlyphCharIndex
       + JDK-8158924, PR3806: Incorrect i18n text document layout
       + JDK-8166003, PR3806: [PIT][TEST_BUG] missing helper for
       + JDK-8166068, PR3806: test/java/awt/font/GlyphVector/
         / does not compile
       + JDK-8169879, PR3806: [TEST_BUG] javax/swing/text/
         /GlyphPainter2/6427244/ - compilation failed
       + JDK-8191512, PR3806: T2K font rasterizer code removal
       + JDK-8191522, PR3806: Remove Bigelow&Holmes Lucida fonts from JDK
       + JDK-8236512, PR3801: PKCS11 Connection closed after Cipher.doFinal
         and NoPadding
       + JDK-8254177, PR3809: (tz) Upgrade time-zone data to tzdata2020b
     * Bug fixes
       + PR3798: Fix format-overflow error on GCC 10, caused by passing NULL
         to a '%s' directive
       + PR3795: ECDSAUtils for XML digital signatures should support the
         same curve set as the rest of the JDK
       + PR3799: Adapt elliptic curve patches to JDK-8245468: Add TLSv1.3
         implementation classes from 11.0.7
       + PR3808: IcedTea does not install the JFR *.jfc files
       + PR3810: Enable JFR on x86 (32-bit) now that JDK-8252096 has fixed
         its use with Shenandoah
       + PR3811: Don't attempt to install JFR files when JFR is disabled
     * Shenandoah
       + [backport] 8221435: Shenandoah should not mark through weak roots
       + [backport] 8221629: Shenandoah: Cleanup class unloading logic
       + [backport] 8222992: Shenandoah: Pre-evacuate all roots
       + [backport] 8223215: Shenandoah: Support verifying subset of roots
       + [backport] 8223774: Shenandoah: Refactor ShenandoahRootProcessor and
       + [backport] 8224210: Shenandoah: Refactor ShenandoahRootScanner to
         support scanning CSet codecache roots
       + [backport] 8224508: Shenandoah: Need to update thread roots in final
         mark for piggyback ref update cycle
       + [backport] 8224579: ResourceMark not declared in
         shenandoahRootProcessor.inline.hpp with
       + [backport] 8224679: Shenandoah: Make
         ShenandoahParallelCodeCacheIterator noncopyable
       + [backport] 8224751: Shenandoah: Shenandoah Verifier should select
         proper roots according to current GC cycle
       + [backport] 8225014: Separate ShenandoahRootScanner method for
       + [backport] 8225216: gc/logging/ doesn't work
         for Shenandoah
       + [backport] 8225573: Shenandoah: Enhance ShenandoahVerifier to ensure
         roots to-space invariant
       + [backport] 8225590: Shenandoah: Refactor
         ShenandoahClassLoaderDataRoots API
       + [backport] 8226413: Shenandoah: Separate root scanner for
       + [backport] 8230853: Shenandoah: replace leftover assert(is_in(...))
         with rich asserts
       + [backport] 8231198: Shenandoah: heap walking should visit all roots
         most of the time
       + [backport] 8231244: Shenandoah: all-roots heap walking misses some
         weak roots
       + [backport] 8237632: Shenandoah: accept NULL fwdptr to cooperate with
         JVMTI and JFR
       + [backport] 8239786: Shenandoah: print per-cycle statistics
       + [backport] 8239926: Shenandoah: Shenandoah needs to mark nmethod's
       + [backport] 8240671: Shenandoah: refactor ShenandoahPhaseTimings
       + [backport] 8240749: Shenandoah: refactor ShenandoahUtils
       + [backport] 8240750: Shenandoah: remove leftover files and mentions
         of ShenandoahAllocTracker
       + [backport] 8240868: Shenandoah: remove CM-with-UR piggybacking cycles
       + [backport] 8240872: Shenandoah: Avoid updating new regions from
         start of evacuation
       + [backport] 8240873: Shenandoah: Short-cut arraycopy barriers
       + [backport] 8240915: Shenandoah: Remove unused fields in init mark
       + [backport] 8240948: Shenandoah: cleanup not-forwarded-objects paths
         after JDK-8240868
       + [backport] 8241007: Shenandoah: remove
         ShenandoahCriticalControlThreadPriority support
       + [backport] 8241062: Shenandoah: rich asserts trigger "empty
         statement" inspection
       + [backport] 8241081: Shenandoah: Do not modify update-watermark
       + [backport] 8241093: Shenandoah: editorial changes in flag
       + [backport] 8241139: Shenandoah: distribute mark-compact work exactly
         to minimize fragmentation
       + [backport] 8241142: Shenandoah: should not use parallel reference
         processing with single GC thread
       + [backport] 8241351: Shenandoah: fragmentation metrics overhaul
       + [backport] 8241435: Shenandoah: avoid disabling pacing with
       + [backport] 8241520: Shenandoah: simplify region sequence numbers
       + [backport] 8241534: Shenandoah: region status should include update
       + [backport] 8241574: Shenandoah: remove ShenandoahAssertToSpaceClosure
       + [backport] 8241583: Shenandoah: turn heap lock asserts into macros
       + [backport] 8241668: Shenandoah: make ShenandoahHeapRegion not derive
         from ContiguousSpace
       + [backport] 8241673: Shenandoah: refactor anti-false-sharing padding
       + [backport] 8241675: Shenandoah: assert(n->outcnt() > 0) at
         shenandoahSupport.cpp:2858 with
       + [backport] 8241692: Shenandoah: remove
       + [backport] 8241700: Shenandoah: Fold ShenandoahKeepAliveBarrier flag
         into ShenandoahSATBBarrier
       + [backport] 8241740: Shenandoah: remove ShenandoahHeapRegion::_heap
       + [backport] 8241743: Shenandoah: refactor and inline
       + [backport] 8241748: Shenandoah: inline MarkingContext TAMS methods
       + [backport] 8241838: Shenandoah: no need to trash cset during final
       + [backport] 8241841: Shenandoah: ditch one of allocation type
         counters in ShenandoahHeapRegion
       + [backport] 8241842: Shenandoah: inline
       + [backport] 8241844: Shenandoah: rename
       + [backport] 8241845: Shenandoah: align ShenandoahHeapRegions to cache
       + [backport] 8241926: Shenandoah: only print heap changes for
         operations that directly affect it
       + [backport] 8241983: Shenandoah: simplify FreeSet logging
       + [backport] 8241985: Shenandoah: simplify collectable garbage logging
       + [backport] 8242040: Shenandoah: print allocation failure type
       + [backport] 8242041: Shenandoah: adaptive heuristics should account
         evac reserve in free target
       + [backport] 8242042: Shenandoah: tune down ShenandoahGarbageThreshold
       + [backport] 8242054: Shenandoah: New incremental-update mode
       + [backport] 8242075: Shenandoah: rename ShenandoahHeapRegionSize flag
       + [backport] 8242082: Shenandoah: Purge Traversal mode
       + [backport] 8242083: Shenandoah: split "Prepare Evacuation" tracking
         into cset/freeset counters
       + [backport] 8242089: Shenandoah: per-worker stats should be summed
         up, not averaged
       + [backport] 8242101: Shenandoah: coalesce and parallelise heap region
         walks during the pauses
       + [backport] 8242114: Shenandoah: remove
       + [backport] 8242130: Shenandoah: Simplify arraycopy-barrier
       + [backport] 8242211: Shenandoah: remove
       + [backport] 8242212: Shenandoah: initialize
         ShenandoahHeuristics::_region_data eagerly
       + [backport] 8242213: Shenandoah: remove
       + [backport] 8242217: Shenandoah: Enable GC mode to be
         diagnostic/experimental and have a name
       + [backport] 8242227: Shenandoah: transit regions to cset state when
         adding to collection set
       + [backport] 8242228: Shenandoah: remove unused
         ShenandoahCollectionSet methods
       + [backport] 8242229: Shenandoah: inline ShenandoahHeapRegion
         liveness-related methods
       + [backport] 8242267: Shenandoah: regions space needs to be aligned by
       + [backport] 8242271: Shenandoah: add test to verify GC mode unlock
       + [backport] 8242273: Shenandoah: accept either SATB or IU barriers,
         but not both
       + [backport] 8242301: Shenandoah: Inline LRB runtime call
       + [backport] 8242316: Shenandoah: Turn NULL-check into assert in SATB
         slow-path entry
       + [backport] 8242353: Shenandoah: micro-optimize region liveness
       + [backport] 8242365: Shenandoah: use uint16_t instead of jushort for
         liveness cache
       + [backport] 8242375: Shenandoah: Remove
         ShenandoahHeuristic::record_gc_start/end methods
       + [backport] 8242641: Shenandoah: clear live data and update TAMS
       + [backport] 8243238: Shenandoah: explicit GC request should wait for
         a complete GC cycle
       + [backport] 8243301: Shenandoah: ditch ShenandoahAllowMixedAllocs
       + [backport] 8243307: Shenandoah: remove ShCollectionSet::live_data
       + [backport] 8243395: Shenandoah: demote guarantee in
       + [backport] 8243463: Shenandoah: ditch total_pause counters
       + [backport] 8243464: Shenandoah: print statistic counters in time
       + [backport] 8243465: Shenandoah: ditch unused pause_other, conc_other
       + [backport] 8243487: Shenandoah: make _num_phases illegal phase type
       + [backport] 8243494: Shenandoah: set counters once per cycle
       + [backport] 8243573: Shenandoah: rename GCParPhases and related code
       + [backport] 8243848: Shenandoah: Windows build fails after JDK-8239786
       + [backport] 8244180: Shenandoah: carry Phase to
         ShWorkerTimingsTracker explicitly
       + [backport] 8244200: Shenandoah: build breakages after JDK-8241743
       + [backport] 8244226: Shenandoah: per-cycle statistics contain worker
         data from previous cycles
       + [backport] 8244326: Shenandoah: global statistics should not accept
         bogus samples
       + [backport] 8244509: Shenandoah: refactor
         ShenandoahBarrierC2Support::test_* methods
       + [backport] 8244551: Shenandoah: Fix racy update of update_watermark
       + [backport] 8244667: Shenandoah: SBC2Support::test_gc_state takes
         loop for wrong control
       + [backport] 8244730: Shenandoah: gc/shenandoah/options/
         / should only verify the heuristics
       + [backport] 8244732: Shenandoah: move heuristics code to
       + [backport] 8244737: Shenandoah: move mode code to gc/shenandoah/mode
       + [backport] 8244739: Shenandoah: break superclass dependency
         on ShenandoahNormalMode
       + [backport] 8244740: Shenandoah: rename ShenandoahNormalMode to
       + [backport] 8245461: Shenandoah: refine mode name()-s
       + [backport] 8245463: Shenandoah: refine ShenandoahPhaseTimings
         constructor arguments
       + [backport] 8245464: Shenandoah: allocate collection set bitmap at
         lower addresses
       + [backport] 8245465: Shenandoah: test_in_cset can use more efficient
       + [backport] 8245726: Shenandoah: lift/cleanup ShenandoahHeuristics
         names and properties
       + [backport] 8245754: Shenandoah: ditch ShenandoahAlwaysPreTouch
       + [backport] 8245757: Shenandoah: AlwaysPreTouch should not disable
         heap resizing or uncommits
       + [backport] 8245773: Shenandoah: Windows assertion failure after
       + [backport] 8245812: Shenandoah: compute root phase parallelism
       + [backport] 8245814: Shenandoah: reconsider format specifiers for
       + [backport] 8245825: Shenandoah: Remove diagnostic flag
       + [backport] 8246162: Shenandoah: full GC does not mark code roots
         when class unloading is off
       + [backport] 8247310: Shenandoah: pacer should not affect interrupt
       + [backport] 8247358: Shenandoah: reconsider free budget slice for
       + [backport] 8247367: Shenandoah: pacer should wait on lock instead of
         exponential backoff
       + [backport] 8247474: Shenandoah: Windows build warning after
       + [backport] 8247560: Shenandoah: heap iteration holds root locks all
         the time
       + [backport] 8247593: Shenandoah: should not block pacing reporters
       + [backport] 8247751: Shenandoah: options tests should run with
         smaller heaps
       + [backport] 8247754: Shenandoah: mxbeans tests can be shorter
       + [backport] 8247757: Shenandoah: split heavy tests by heuristics to
         improve parallelism
       + [backport] 8247860: Shenandoah: add update watermark line in rich
         assert failure message
       + [backport] 8248041: Shenandoah: pre-Full GC root updates may miss
         some roots
       + [backport] 8248652: Shenandoah: SATB buffer handling may assume no
         forwarded objects
       + [backport] 8249560: Shenandoah: Fix racy GC request handling
       + [backport] 8249649: Shenandoah: provide per-cycle pacing stats
       + [backport] 8249801: Shenandoah: Clear soft-refs on requested GC cycle
       + [backport] 8249953: Shenandoah: gc/shenandoah/mxbeans tests should
         account for corner cases
       + Fix slowdebug build after JDK-8230853 backport
       + JDK-8252096: Shenandoah: adjust SerialPageShiftCount for x86_32 and
       + JDK-8252366: Shenandoah: revert/cleanup changes in graphKit.cpp
       + Shenandoah: add JFR roots to root processor after JFR integration
       + Shenandoah: add root statistics for string dedup table/queues
       + Shenandoah: enable low-frequency STW class unloading
       + Shenandoah: fix build failures after JDK-8244737 backport
       + Shenandoah: Fix build failure with +JFR -PCH
       + Shenandoah: fix forceful pacer claim
       + Shenandoah: fix formats in ShenandoahStringSymbolTableUnlinkTask
       + Shenandoah: fix runtime linking failure due to non-compiled
       + Shenandoah: hook statistics printing to PrintGCDetails, not PrintGC
       + Shenandoah: JNI weak roots are always cleared before Full GC mark
       + Shenandoah: missing SystemDictionary roots in
       + Shenandoah: move barrier sets to their proper locations
       + Shenandoah: move parallelCleaning.* to shenandoah/
       + Shenandoah: pacer should use proper Atomics for intptr_t
       + Shenandoah: properly deallocates class loader metadata
       + Shenandoah: specialize String Table scans for better pause
       + Shenandoah: Zero build fails after recent Atomic cleanup in Pacer
     * AArch64 port
       + JDK-8161072, PR3797: AArch64: jtreg
         compiler/uncommontrap/TestDeoptOOM failure
       + JDK-8171537, PR3797: aarch64: compiler/c1/ generates
         guarantee failure in C1
       + JDK-8183925, PR3797: [AArch64] Decouple crash protection from
         watcher thread
       + JDK-8199712, PR3797: [AArch64] Flight Recorder
       + JDK-8203481, PR3797: Incorrect constraint for unextended_sp in
       + JDK-8203699, PR3797: java/lang/invoke/SpecialInterfaceCall fails
         with SIGILL on aarch64
       + JDK-8209413, PR3797: AArch64: NPE in clhsdb jstack command
       + JDK-8215961, PR3797: jdk/jfr/event/os/ fails
         on AArch64
       + JDK-8216989, PR3797:
         does not check for zero length on AARCH64
       + JDK-8217368, PR3797: AArch64: C2 recursive stack locking
         optimisation not triggered
       + JDK-8221658, PR3797: aarch64: add necessary predicate for ubfx
       + JDK-8237512, PR3797: AArch64: aarch64TestHook leaks a BufferBlob
       + JDK-8246482, PR3797: Build failures with +JFR -PCH
       + JDK-8247979, PR3797: aarch64: missing side effect of killing flags
         for clearArray_reg_reg
       + JDK-8248219, PR3797: aarch64: missing memory barrier in
         fast_storefield and fast_accessfield

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server for SAP 15:

      zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-3460=1

   - SUSE Linux Enterprise Server 15-LTSS:

      zypper in -t patch SUSE-SLE-Product-SLES-15-2020-3460=1

   - SUSE Linux Enterprise Module for Legacy Software 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2020-3460=1

   - SUSE Linux Enterprise Module for Legacy Software 15-SP1:

      zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2020-3460=1

Package List:

   - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):


   - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):


   - SUSE Linux Enterprise Module for Legacy Software 15-SP2 (aarch64 ppc64le s390x x86_64):


   - SUSE Linux Enterprise Module for Legacy Software 15-SP1 (aarch64 ppc64le s390x x86_64):



More information about the sle-security-updates mailing list