SUSE Security Update: Security update for java-1_7_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0005-1 Rating: important References: #1049305 #1049306 #1049307 #1049309 #1049310 #1049311 #1049312 #1049313 #1049314 #1049315 #1049316 #1049317 #1049318 #1049319 #1049320 #1049321 #1049322 #1049323 #1049324 #1049325 #1049326 #1049327 #1049328 #1049329 #1049330 #1049331 #1049332 #1052318 #1064071 #1064072 #1064073 #1064075 #1064077 #1064078 #1064079 #1064080 #1064081 #1064082 #1064083 #1064084 #1064085 #1064086 Cross-References: CVE-2016-10165 CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 CVE-2017-10053 CVE-2017-10067 CVE-2017-10074 CVE-2017-10081 CVE-2017-10086 CVE-2017-10087 CVE-2017-10089 CVE-2017-10090 CVE-2017-10096 CVE-2017-10101 CVE-2017-10102 CVE-2017-10105 CVE-2017-10107 CVE-2017-10108 CVE-2017-10109 CVE-2017-10110 CVE-2017-10111 CVE-2017-10114 CVE-2017-10115 CVE-2017-10116 CVE-2017-10118 CVE-2017-10125 CVE-2017-10135 CVE-2017-10176 CVE-2017-10193 CVE-2017-10198 CVE-2017-10243 CVE-2017-10274 CVE-2017-10281 CVE-2017-10285 CVE-2017-10295 CVE-2017-10345 CVE-2017-10346 CVE-2017-10347 CVE-2017-10348 CVE-2017-10349 CVE-2017-10350 CVE-2017-10355 CVE-2017-10356 CVE-2017-10357 CVE-2017-10388 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes 46 vulnerabilities is now available. Description: This update for java-1_7_0-openjdk fixes the following issues: Security issues fixed: - CVE-2017-10356: Fix issue inside subcomponent Security (bsc#1064084). - CVE-2017-10274: Fix issue inside subcomponent Smart Card IO (bsc#1064071). - CVE-2017-10281: Fix issue inside subcomponent Serialization (bsc#1064072). - CVE-2017-10285: Fix issue inside subcomponent RMI (bsc#1064073). - CVE-2017-10295: Fix issue inside subcomponent Networking (bsc#1064075). - CVE-2017-10388: Fix issue inside subcomponent Libraries (bsc#1064086). - CVE-2017-10346: Fix issue inside subcomponent Hotspot (bsc#1064078). - CVE-2017-10350: Fix issue inside subcomponent JAX-WS (bsc#1064082). - CVE-2017-10347: Fix issue inside subcomponent Serialization (bsc#1064079). - CVE-2017-10349: Fix issue inside subcomponent JAXP (bsc#1064081). - CVE-2017-10345: Fix issue inside subcomponent Serialization (bsc#1064077). - CVE-2017-10348: Fix issue inside subcomponent Libraries (bsc#1064080). - CVE-2017-10357: Fix issue inside subcomponent Serialization (bsc#1064085). - CVE-2017-10355: Fix issue inside subcomponent Networking (bsc#1064083). - CVE-2017-10102: Fix incorrect handling of references in DGC (bsc#1049316). - CVE-2017-10053: Fix reading of unprocessed image data in JPEGImageReader (bsc#1049305). - CVE-2017-10067: Fix JAR verifier incorrect handling of missing digest (bsc#1049306). - CVE-2017-10081: Fix incorrect bracket processing in function signature handling (bsc#1049309). - CVE-2017-10087: Fix insufficient access control checks in ThreadPoolExecutor (bsc#1049311). - CVE-2017-10089: Fix insufficient access control checks in ServiceRegistry (bsc#1049312). - CVE-2017-10090: Fix insufficient access control checks in AsynchronousChannelGroupImpl (bsc#1049313). - CVE-2017-10096: Fix insufficient access control checks in XML transformations (bsc#1049314). - CVE-2017-10101: Fix unrestricted access to com.sun.org.apache.xml.internal.resolver (bsc#1049315). - CVE-2017-10107: Fix insufficient access control checks in ActivationID (bsc#1049318). - CVE-2017-10074: Fix integer overflows in range check loop predicates (bsc#1049307). - CVE-2017-10110: Fix insufficient access control checks in ImageWatched (bsc#1049321). - CVE-2017-10108: Fix unbounded memory allocation in BasicAttribute deserialization (bsc#1049319). - CVE-2017-10109: Fix unbounded memory allocation in CodeSource deserialization (bsc#1049320). - CVE-2017-10115: Fix unspecified vulnerability in subcomponent JCE (bsc#1049324). - CVE-2017-10118: Fix ECDSA implementation timing attack (bsc#1049326). - CVE-2017-10116: Fix LDAPCertStore following referrals to non-LDAP URL (bsc#1049325). - CVE-2017-10135: Fix PKCS#8 implementation timing attack (bsc#1049328). - CVE-2017-10176: Fix incorrect handling of certain EC points (bsc#1049329). - CVE-2017-10074: Fix integer overflows in range check loop predicates (bsc#1049307). - CVE-2017-10074: Fix integer overflows in range check loop predicates (bsc#1049307). - CVE-2017-10111: Fix checks in LambdaFormEditor (bsc#1049322). - CVE-2017-10243: Fix unspecified vulnerability in subcomponent JAX-WS (bsc#1049332). - CVE-2017-10125: Fix unspecified vulnerability in subcomponent deployment (bsc#1049327). - CVE-2017-10114: Fix unspecified vulnerability in subcomponent JavaFX (bsc#1049323). - CVE-2017-10105: Fix unspecified vulnerability in subcomponent deployment (bsc#1049317). - CVE-2017-10086: Fix unspecified in subcomponent JavaFX (bsc#1049310). - CVE-2017-10198: Fix incorrect enforcement of certificate path restrictions (bsc#1049331). - CVE-2017-10193: Fix incorrect key size constraint check (bsc#1049330). Bug fixes: - Drop Exec Shield workaround to fix crashes on recent kernels, where Exec Shield is gone (bsc#1052318). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2018-6=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-6=1 - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2018-6=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-6=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-6=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-6=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-6=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-6=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-6=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-6=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): java-1_7_0-openjdk-1.7.0.161-43.7.6 java-1_7_0-openjdk-debuginfo-1.7.0.161-43.7.6 java-1_7_0-openjdk-debugsource-1.7.0.161-43.7.6 java-1_7_0-openjdk-demo-1.7.0.161-43.7.6 java-1_7_0-openjdk-demo-debuginfo-1.7.0.161-43.7.6 java-1_7_0-openjdk-devel-1.7.0.161-43.7.6 java-1_7_0-openjdk-devel-debuginfo-1.7.0.161-43.7.6 java-1_7_0-openjdk-headless-1.7.0.161-43.7.6 java-1_7_0-openjdk-headless-debuginfo-1.7.0.161-43.7.6 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): java-1_7_0-openjdk-1.7.0.161-43.7.6 java-1_7_0-openjdk-debuginfo-1.7.0.161-43.7.6 java-1_7_0-openjdk-debugsource-1.7.0.161-43.7.6 java-1_7_0-openjdk-demo-1.7.0.161-43.7.6 java-1_7_0-openjdk-demo-debuginfo-1.7.0.161-43.7.6 java-1_7_0-openjdk-devel-1.7.0.161-43.7.6 java-1_7_0-openjdk-devel-debuginfo-1.7.0.161-43.7.6 java-1_7_0-openjdk-headless-1.7.0.161-43.7.6 java-1_7_0-openjdk-headless-debuginfo-1.7.0.161-43.7.6 - SUSE Linux Enterprise Server for SAP 12 (x86_64): java-1_7_0-openjdk-1.7.0.161-43.7.6 java-1_7_0-openjdk-debuginfo-1.7.0.161-43.7.6 java-1_7_0-openjdk-debugsource-1.7.0.161-43.7.6 java-1_7_0-openjdk-demo-1.7.0.161-43.7.6 java-1_7_0-openjdk-demo-debuginfo-1.7.0.161-43.7.6 java-1_7_0-openjdk-devel-1.7.0.161-43.7.6 java-1_7_0-openjdk-devel-debuginfo-1.7.0.161-43.7.6 java-1_7_0-openjdk-headless-1.7.0.161-43.7.6 java-1_7_0-openjdk-headless-debuginfo-1.7.0.161-43.7.6 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): java-1_7_0-openjdk-1.7.0.161-43.7.6 java-1_7_0-openjdk-debuginfo-1.7.0.161-43.7.6 java-1_7_0-openjdk-debugsource-1.7.0.161-43.7.6 java-1_7_0-openjdk-demo-1.7.0.161-43.7.6 java-1_7_0-openjdk-demo-debuginfo-1.7.0.161-43.7.6 java-1_7_0-openjdk-devel-1.7.0.161-43.7.6 java-1_7_0-openjdk-devel-debuginfo-1.7.0.161-43.7.6 java-1_7_0-openjdk-headless-1.7.0.161-43.7.6 java-1_7_0-openjdk-headless-debuginfo-1.7.0.161-43.7.6 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): java-1_7_0-openjdk-1.7.0.161-43.7.6 java-1_7_0-openjdk-debuginfo-1.7.0.161-43.7.6 java-1_7_0-openjdk-debugsource-1.7.0.161-43.7.6 java-1_7_0-openjdk-demo-1.7.0.161-43.7.6 java-1_7_0-openjdk-demo-debuginfo-1.7.0.161-43.7.6 java-1_7_0-openjdk-devel-1.7.0.161-43.7.6 java-1_7_0-openjdk-devel-debuginfo-1.7.0.161-43.7.6 java-1_7_0-openjdk-headless-1.7.0.161-43.7.6 java-1_7_0-openjdk-headless-debuginfo-1.7.0.161-43.7.6 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): java-1_7_0-openjdk-1.7.0.161-43.7.6 java-1_7_0-openjdk-debuginfo-1.7.0.161-43.7.6 java-1_7_0-openjdk-debugsource-1.7.0.161-43.7.6 java-1_7_0-openjdk-demo-1.7.0.161-43.7.6 java-1_7_0-openjdk-demo-debuginfo-1.7.0.161-43.7.6 java-1_7_0-openjdk-devel-1.7.0.161-43.7.6 java-1_7_0-openjdk-devel-debuginfo-1.7.0.161-43.7.6 java-1_7_0-openjdk-headless-1.7.0.161-43.7.6 java-1_7_0-openjdk-headless-debuginfo-1.7.0.161-43.7.6 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): java-1_7_0-openjdk-1.7.0.161-43.7.6 java-1_7_0-openjdk-debuginfo-1.7.0.161-43.7.6 java-1_7_0-openjdk-debugsource-1.7.0.161-43.7.6 java-1_7_0-openjdk-demo-1.7.0.161-43.7.6 java-1_7_0-openjdk-demo-debuginfo-1.7.0.161-43.7.6 java-1_7_0-openjdk-devel-1.7.0.161-43.7.6 java-1_7_0-openjdk-devel-debuginfo-1.7.0.161-43.7.6 java-1_7_0-openjdk-headless-1.7.0.161-43.7.6 java-1_7_0-openjdk-headless-debuginfo-1.7.0.161-43.7.6 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): java-1_7_0-openjdk-1.7.0.161-43.7.6 java-1_7_0-openjdk-debuginfo-1.7.0.161-43.7.6 java-1_7_0-openjdk-debugsource-1.7.0.161-43.7.6 java-1_7_0-openjdk-demo-1.7.0.161-43.7.6 java-1_7_0-openjdk-demo-debuginfo-1.7.0.161-43.7.6 java-1_7_0-openjdk-devel-1.7.0.161-43.7.6 java-1_7_0-openjdk-devel-debuginfo-1.7.0.161-43.7.6 java-1_7_0-openjdk-headless-1.7.0.161-43.7.6 java-1_7_0-openjdk-headless-debuginfo-1.7.0.161-43.7.6 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): java-1_7_0-openjdk-1.7.0.161-43.7.6 java-1_7_0-openjdk-debuginfo-1.7.0.161-43.7.6 java-1_7_0-openjdk-debugsource-1.7.0.161-43.7.6 java-1_7_0-openjdk-headless-1.7.0.161-43.7.6 java-1_7_0-openjdk-headless-debuginfo-1.7.0.161-43.7.6 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): java-1_7_0-openjdk-1.7.0.161-43.7.6 java-1_7_0-openjdk-debuginfo-1.7.0.161-43.7.6 java-1_7_0-openjdk-debugsource-1.7.0.161-43.7.6 java-1_7_0-openjdk-headless-1.7.0.161-43.7.6 java-1_7_0-openjdk-headless-debuginfo-1.7.0.161-43.7.6 References: https://www.suse.com/security/cve/CVE-2016-10165.html https://www.suse.com/security/cve/CVE-2016-9840.html https://www.suse.com/security/cve/CVE-2016-9841.html https://www.suse.com/security/cve/CVE-2016-9842.html https://www.suse.com/security/cve/CVE-2016-9843.html https://www.suse.com/security/cve/CVE-2017-10053.html https://www.suse.com/security/cve/CVE-2017-10067.html https://www.suse.com/security/cve/CVE-2017-10074.html https://www.suse.com/security/cve/CVE-2017-10081.html https://www.suse.com/security/cve/CVE-2017-10086.html https://www.suse.com/security/cve/CVE-2017-10087.html https://www.suse.com/security/cve/CVE-2017-10089.html https://www.suse.com/security/cve/CVE-2017-10090.html https://www.suse.com/security/cve/CVE-2017-10096.html https://www.suse.com/security/cve/CVE-2017-10101.html https://www.suse.com/security/cve/CVE-2017-10102.html https://www.suse.com/security/cve/CVE-2017-10105.html https://www.suse.com/security/cve/CVE-2017-10107.html https://www.suse.com/security/cve/CVE-2017-10108.html https://www.suse.com/security/cve/CVE-2017-10109.html https://www.suse.com/security/cve/CVE-2017-10110.html https://www.suse.com/security/cve/CVE-2017-10111.html https://www.suse.com/security/cve/CVE-2017-10114.html https://www.suse.com/security/cve/CVE-2017-10115.html https://www.suse.com/security/cve/CVE-2017-10116.html https://www.suse.com/security/cve/CVE-2017-10118.html https://www.suse.com/security/cve/CVE-2017-10125.html https://www.suse.com/security/cve/CVE-2017-10135.html https://www.suse.com/security/cve/CVE-2017-10176.html https://www.suse.com/security/cve/CVE-2017-10193.html https://www.suse.com/security/cve/CVE-2017-10198.html https://www.suse.com/security/cve/CVE-2017-10243.html https://www.suse.com/security/cve/CVE-2017-10274.html https://www.suse.com/security/cve/CVE-2017-10281.html https://www.suse.com/security/cve/CVE-2017-10285.html https://www.suse.com/security/cve/CVE-2017-10295.html https://www.suse.com/security/cve/CVE-2017-10345.html https://www.suse.com/security/cve/CVE-2017-10346.html https://www.suse.com/security/cve/CVE-2017-10347.html https://www.suse.com/security/cve/CVE-2017-10348.html https://www.suse.com/security/cve/CVE-2017-10349.html https://www.suse.com/security/cve/CVE-2017-10350.html https://www.suse.com/security/cve/CVE-2017-10355.html https://www.suse.com/security/cve/CVE-2017-10356.html https://www.suse.com/security/cve/CVE-2017-10357.html https://www.suse.com/security/cve/CVE-2017-10388.html https://bugzilla.suse.com/1049305 https://bugzilla.suse.com/1049306 https://bugzilla.suse.com/1049307 https://bugzilla.suse.com/1049309 https://bugzilla.suse.com/1049310 https://bugzilla.suse.com/1049311 https://bugzilla.suse.com/1049312 https://bugzilla.suse.com/1049313 https://bugzilla.suse.com/1049314 https://bugzilla.suse.com/1049315 https://bugzilla.suse.com/1049316 https://bugzilla.suse.com/1049317 https://bugzilla.suse.com/1049318 https://bugzilla.suse.com/1049319 https://bugzilla.suse.com/1049320 https://bugzilla.suse.com/1049321 https://bugzilla.suse.com/1049322 https://bugzilla.suse.com/1049323 https://bugzilla.suse.com/1049324 https://bugzilla.suse.com/1049325 https://bugzilla.suse.com/1049326 https://bugzilla.suse.com/1049327 https://bugzilla.suse.com/1049328 https://bugzilla.suse.com/1049329 https://bugzilla.suse.com/1049330 https://bugzilla.suse.com/1049331 https://bugzilla.suse.com/1049332 https://bugzilla.suse.com/1052318 https://bugzilla.suse.com/1064071 https://bugzilla.suse.com/1064072 https://bugzilla.suse.com/1064073 https://bugzilla.suse.com/1064075 https://bugzilla.suse.com/1064077 https://bugzilla.suse.com/1064078 https://bugzilla.suse.com/1064079 https://bugzilla.suse.com/1064080 https://bugzilla.suse.com/1064081 https://bugzilla.suse.com/1064082 https://bugzilla.suse.com/1064083 https://bugzilla.suse.com/1064084 https://bugzilla.suse.com/1064085 https://bugzilla.suse.com/1064086 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org