Mailinglist Archive: opensuse-security-announce (22 mails)

< Previous Next >
[security-announce] SUSE-SU-2014:1422-1: important: Security update for java-1_7_0-openjdk
SUSE Security Update: Security update for java-1_7_0-openjdk

Announcement ID: SUSE-SU-2014:1422-1
Rating: important
References: #901242
Cross-References: CVE-2014-6457 CVE-2014-6502 CVE-2014-6504
CVE-2014-6506 CVE-2014-6511 CVE-2014-6512
CVE-2014-6513 CVE-2014-6517 CVE-2014-6519
CVE-2014-6531 CVE-2014-6558
Affected Products:
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Desktop 12

An update that fixes 11 vulnerabilities is now available.


OpenJDK was updated to icedtea 2.5.3 (OpenJDK 7u71) fixing security issues
and bugs.

* Security:
- S8015256: Better class accessibility
- S8022783, CVE-2014-6504: Optimize C2 optimizations
- S8035162: Service printing service
- S8035781: Improve equality for annotations
- S8036805: Correct linker method lookup.
- S8036810: Correct linker field lookup
- S8036936: Use local locales
- S8037066, CVE-2014-6457: Secure transport layer
- S8037846, CVE-2014-6558: Ensure streaming of input cipher streams
- S8038364: Use certificate exceptions correctly
- S8038899: Safer safepoints
- S8038903: More native monitor monitoring
- S8038908: Make Signature more robust
- S8038913: Bolster XML support
- S8039509, CVE-2014-6512: Wrap sockets more thoroughly
- S8039533, CVE-2014-6517: Higher resolution resolvers
- S8041540, CVE-2014-6511: Better use of pages in font processing
- S8041529: Better parameterization of parameter lists
- S8041545: Better validation of generated rasters
- S8041564, CVE-2014-6506: Improved management of logger resources
- S8041717, CVE-2014-6519: Issue with class file parser
- S8042609, CVE-2014-6513: Limit splashiness of splash images
- S8042797, CVE-2014-6502: Avoid strawberries in LogRecord
- S8044274, CVE-2014-6531: Proper property processing

* Backports:
- S4963723: Implement SHA-224
- S7044060: Need to support NSA Suite B Cryptography algorithms
- S7122142: (ann) Race condition between isAnnotationPresent and
- S7160837: DigestOutputStream does not turn off digest calculation when
"close()" is called
- S8006935: Need to take care of long secret keys in HMAC/PRF computation
- S8012637: Adjust CipherInputStream class to work in AEAD/GCM mode
- S8028192: Use of PKCS11-NSS provider in FIPS mode broken
- S8038000: java.awt.image.RasterFormatException: Incorrect scanline stride
- S8039396: NPE when writing a class descriptor object to a custom
- S8042603: 'SafepointPollOffset' was not declared in static member
function 'static bool Arguments::check_vm_args_consistency()'
- S8042850: Extra unused entries in ICU ScriptCodes enum
- S8052162: REGRESSION: sun/java2d/cmm/ColorConvertOp tests fail since
7u71 b01
- S8053963: (dc) Use DatagramChannel.receive() instead of read() in
- S8055176: 7u71 l10n resource file translation update

* Bugfixes:
- PR1988: C++ Interpreter should no longer be used on ppc64
- PR1989: Make handle missing programs better and
be more verbose
- PR1992, RH735336: Support retrieving proxy settings on GNOME 3.12.2
- PR2000: Synchronise HEAD tarball paths with release branch paths
- PR2002: Fix references to following PR2000
- PR2003: --disable-system-gtk option broken by refactoring in PR1736
- PR2009: Checksum of policy JAR files changes on every build
- PR2014: Use version from to create tarball filename
- PR2015: Update documentation in INSTALL
- PR2025: LCMS_CFLAGS and LCMS_LIBS should not be used unless SYSTEM_LCMS
is enabled
- RH1015432: java-1.7.0-openjdk: Fails on PPC with StackOverflowError
(revised comprehensive fix)

- PR2030, G453612, CA172: ARM hardfloat support for CACAO

* AArch64 port
- AArch64 C2 instruct for smull
- Add frame anchor fences.
- Add MacroAssembler::maybe_isb()
- Add missing instruction synchronization barriers and cache flushes.
- Add support for a few simple intrinsics
- Add support for builtin crc32 instructions
- Add support for Neon implementation of CRC32
- All address constants are 48 bits in size.
- array load must only read 32 bits
- Define uabs(). Use it everywhere an absolute value is wanted.
- Fast string comparison
- Fast String.equals()
- Fix register usage in generate_verify_oop().
- Fix thinko in Atomic::xchg_ptr.
- Fix typo in fsqrts
- Improve C1 performance improvements in ic_cache checks
- Performance improvement and ease of use changes pulled from upstream
- Remove obsolete C1 patching code.
- Replace hotspot jtreg test suite with tests from jdk7u
- S8024648: 7141246 breaks Zero port
- Save intermediate state before removing C1 patching code.
- Unwind native AArch64 frames.
- Use 2- and 3-instruction immediate form of movoop and mov_metadata in
C2-generated code.
- Various concurrency fixes.

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- SUSE Linux Enterprise Server 12:

zypper in -t patch SUSE-SLE-SERVER-12-2014-68

- SUSE Linux Enterprise Desktop 12:

zypper in -t patch SUSE-SLE-DESKTOP-12-2014-68

To bring your system up-to-date, use "zypper patch".

Package List:

- SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64):


- SUSE Linux Enterprise Desktop 12 (x86_64):



To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security-announce+help@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages