Mailinglist Archive: opensuse-updates (130 mails)

< Previous Next >
openSUSE-SU-2013:1968-1: moderate: update for openjdk with icedtea
openSUSE Security Update: update for openjdk with icedtea
______________________________________________________________________________

Announcement ID: openSUSE-SU-2013:1968-1
Rating: moderate
References:
Cross-References: CVE-2013-3829 CVE-2013-4002 CVE-2013-5772
CVE-2013-5774 CVE-2013-5778 CVE-2013-5780
CVE-2013-5782 CVE-2013-5783 CVE-2013-5784
CVE-2013-5790 CVE-2013-5797 CVE-2013-5802
CVE-2013-5803 CVE-2013-5804 CVE-2013-5809
CVE-2013-5814 CVE-2013-5817 CVE-2013-5820
CVE-2013-5823 CVE-2013-5825 CVE-2013-5829
CVE-2013-5830 CVE-2013-5840 CVE-2013-5842
CVE-2013-5849 CVE-2013-5850 CVE-2013-5851

Affected Products:
openSUSE 11.4
______________________________________________________________________________

An update that fixes 27 vulnerabilities is now available.

Description:

This release updates OpenJDK 6 support of icedtea version
1.12.7 with the October 2013 security errata and a number
of bug fixes:

Security fixes S8006900, CVE-2013-3829: Add new
date/time capability S8008589: Better MBean permission
validation S8011071, CVE-2013-5780: Better crypto provider
handling S8011081, CVE-2013-5772: Improve jhat S8011157,
CVE-2013-5814: Improve CORBA portablility S8012071,
CVE-2013-5790: Better Building of Beans S8012147: Improve
tool support S8012277: CVE-2013-5849: Improve AWT
DataFlavor S8012425, CVE-2013-5802: Transform
TransformerFactory S8013503, CVE-2013-5851: Improve stream
factories S8013506: Better Pack200 data handling S8013510,
CVE-2013-5809: Augment image writing code S8013514: Improve
stability of cmap class S8013739, CVE-2013-5817: Better
LDAP resource management S8013744, CVE-2013-5783: Better
tabling for AWT S8014085: Better serialization support in
JMX classes S8014093, CVE-2013-5782: Improve parsing of
images S8014102, CVE-2013-5778: Improve image conversion
S8014341, CVE-2013-5803: Better service from Kerberos
servers S8014349, CVE-2013-5840: (cl)
Class.getDeclaredClass problematic in some class loader
configurations S8014530, CVE-2013-5825: Better digital
signature processing S8014534: Better profiling support
S8014987, CVE-2013-5842: Augment serialization handling
S8015614: Update build settings S8015731: Subject
java.security.auth.subject to improvements S8015743,
CVE-2013-5774: Address internet addresses S8016256: Make
finalization final S8016653, CVE-2013-5804: javadoc should
ignore ignoreable characters in names S8016675,
CVE-2013-5797: Make Javadoc pages more robust S8017196,
CVE-2013-5850: Ensure Proxies are handled appropriately
S8017287, CVE-2013-5829: Better resource disposal S8017291,
CVE-2013-5830: Cast Proxies Aside S8017298, CVE-2013-4002:
Better XML support S8017300, CVE-2013-5784: Improve
Interface Implementation S8017505, CVE-2013-5820: Better
Client Service S8019292: Better Attribute Value Exceptions
S8019617: Better view of objects S8020293: JVM crash
S8021290, CVE-2013-5823: Better signature validation
S8022940: Enhance CORBA translations S8023683: Enhance
class file parsing Backports S4075303: Use javap to enquire
about a specific inner class S4111861: static final field
contents are not displayed S4348375: Javap is not
internationalized S4459541: “javap -l” shows line numbers
as signed short; they should be unsigned S4501660: change
diagnostic of -help as ‘print this help message and exit’
S4501661: disallow mixing -public, -private, and -protected
options at the same time S4776241: unused source file in
javap… S4870651: javap should recognize generics, varargs,
enum S4876942: javap invoked without args does not print
help screen S4880663: javap could output whitespace between
class name and opening brace S4884240: additional option
required for javap S4893408: JPEGReader throws
IllegalArgException when setting the destination to
BYTE_GRAY S4975569: javap doesn’t print new flag bits
S6271787: javap dumps LocalVariableTypeTable attribute in
hex, needs to print a table S6305779: javap: support
annotations S6439940: Clean up javap implementation
S6469569: wrong check of searchpath in JavapEnvironment
S6474890: javap does not open .zip files in -classpath
S6563752: Build and test JDK7 with Sun Studio 12 Express
compilers (prep makefiles) S6587786: Javap throws error :
“ERROR:Could not find <classname>” for JRE classes
S6622215: javap ignores certain relevant access flags
S6622216: javap names some attributes incorrectly S6622232:
javap gets whitespace confused S6622260: javap prints
negative bytes incorrectly in hex S6631559: Registration of
ImageIO plugins should not cause loading of jpeg.dlli and
cmm.dll S6636331: ConcurrentModificationException in
AppContext code S6636370: minor corrections and
simplification of code in AppContext S6708729: update jdk
Makefiles for new javap S6715767: javap on
java.lang.ClassLoader crashes S6729772: 64-bit build with
SS12 compiler: SIGSEGV (0xb) at pc=0×0000000000000048,
pid=14826, tid=2 S6791502: IIOException “Invalid icc
profile” on jpeg after update from JDK5 to JDK6 S6793818:
JpegImageReader is too greedy creating color profiles
S6799141: Build with –hash-style=both so that binaries can
work on SuSE 10 S6816311: Changes to allow builds with
latest Windows SDK 6.1 on 64bit Windows 2003 S6819246:
improve support for decoding instructions in classfile
library S6824493: experimental support for additional info
for instructions S6840152: JVM crashes when heavyweight
monitors are used S6841419: classfile: add constant pool
iterator S6841420: classfile: add new methods to
ConstantClassInfo S6843013: missing files in fix for
6824493 S6852856: javap changes to facilitate subclassing
javap for variants S6867671: javap whitespace formatting
issues S6868539: javap should use current names for
constant pool tags S6888215: memory leak in jpeg plugin
S6902264: fix indentation of tableswitch and lookupswitch
S6925851: Localize JRE into pt_BR S6954275: XML signatures
with reference data larger 16KB and cacheRef on fails to
validate S6974017: Upgrade required Solaris Studio
compilers to 5.10 (12 update 1 + patches) S6980281: SWAT:
SwingSet2 got core dumped in Solaris-AMD64 using b107 swat
build S6989760: cmm native compiler warnings S6989774:
imageio compiler warnings in native code S7000225: Sanity
check on sane-alsa-headers is broken S7013519: [parfait]
Integer overflows in 2D code S7018912: [parfait] potential
buffer overruns in imageio jpeg S7022999: Can’t build with
FORCE_TIERED=0 S7035073: Add missing timezones to
TimeZoneNames_pt_BR.java S7038711: Fix CC_VER checks for
compiler options, fix use of -Wno-clobber S7146431:
java.security files out-of-sync S7196533:
TimeZone.getDefault() slow due to synchronization
bottleneck S8000450: Restrict access to
com/sun/corba/se/impl package S8002070: Remove the stack
search for a resource bundle for Logger to use S8003992:
File and other classes in java.io do not handle embedded
nulls properly S8004188: Rename
src/share/lib/security/java.security to java.security-linux
S8005194: [parfait] #353 sun/awt/image/jpeg/imageioJPEG.c
Memory leak of pointer ‘scale’ allocated with calloc()
S8006882: Proxy generated classes in sun.proxy package
breaks JMockit S8010118: Annotate jdk caller sensitive
methods with @sun.reflect.CallerSensitive S8010727: WLS
fails to add a logger with “” in its own LogManager
subclass instance S8010939: Deadlock in LogManager
S8011139: (reflect) Revise checking in getEnclosingClass
S8011950: java.io.File.createTempFile enters infinite loop
when passed invalid data S8011990: TEST_BUG:
java/util/logging/bundlesearch/ResourceBundleSearchTest.java
fails on Windows S8012243: about 30% regression on
specjvm2008.serial on 7u25 comparing 7u21 S8012453:
(process) Runtime.exec(String) fails if command contains
spaces [win] S8012617: ArrayIndexOutOfBoundsException with
some fonts using LineBreakMeasurer S8013380: Removal of
stack walk to find resource bundle breaks Glassfish startup
S8013827: File.createTempFile hangs with temp file starting
with ‘com1.4′ S8014469: (tz) Support tzdata2013c S8014718:
Netbeans IDE begins to throw a lot exceptions since 7u25
b10 S8014745: Provide a switch to allow stack walk search
of resource bundle S8015144: Performance regression in ICU
OpenType Layout library S8015965: (process) Typo in name of
property to allow ambiguous commands S8015978: Incorrect
transformation of XPath expression “string(-0)” S8016357:
Update hotspot diagnostic class S8017566: Backout 8000450 –
Cannot access to com.sun.corba.se.impl.orb.ORBImpl
S8019584:
javax/management/remote/mandatory/loading/MissingClassTest.j
ava failed in nightly against jdk7u45:
java.io.InvalidObjectException: Invalid notification: null
S8019969:
nioNetworkChannelInet6/SetOptionGetOptionTestInet6 test
case crashes S8019979: Replace CheckPackageAccess test with
better one from closed repo S8020054: (tz) Support
tzdata2013d S8020983, RH976897: OutOfMemoryError caused by
non garbage collected JPEGImageWriter Instances S8021355:
REGRESSION: Five closed/java/awt/SplashScreen tests fail
since 7u45 b01 on Linux, Solaris S8021366:
java_util/Properties/PropertiesWithOtherEncodings fails
during 7u45 nightly testing S8021577: JCK test
api/javax_management/jmx_serial/modelmbean/ModelMBeanNotific
ationInfo/serial/index.html#Input has failed since jdk 7u45
b01 S8021933: Add extra check for fix # JDK-8014530
S8021969: The index_AccessAllowed jnlp can not load
successfully with exception thrown in the log. S8022661:
InetAddress.writeObject() performs flush() on object output
stream S8022682: Supporting XOM S8023964:
java/io/IOException/LastErrorString.java should be
@ignore-d S8024914: Swapped usage of idx_t and bm_word_t
types in bitMap.inline.hpp S8025128: File.createTempFile
fails if prefix is absolute path S8025255: (tz) Support
tzdata2013g OJ19: Fix test cases from 8010118 to work with
OpenJDK 6 OJ20: Resolve merge issues with JAXP security
fixes OJ21: Remove @Override annotation added on interface
by 2013/10/15 security fixes Bug fixes PR1188: ASM
Interpreter and Thumb2 JIT javac miscompile modulo reminder
on armel. RH995488: Java thinks that the default timezone
is Busingen instead of Zurich D729448: 32-bit alignment on
mips and mipsel


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 11.4:

zypper in -t patch 2013-176

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 11.4 (i586 x86_64):

java-1_6_0-openjdk-1.6.0.0_b27.1.12.7-45.1
java-1_6_0-openjdk-debuginfo-1.6.0.0_b27.1.12.7-45.1
java-1_6_0-openjdk-debugsource-1.6.0.0_b27.1.12.7-45.1
java-1_6_0-openjdk-demo-1.6.0.0_b27.1.12.7-45.1
java-1_6_0-openjdk-demo-debuginfo-1.6.0.0_b27.1.12.7-45.1
java-1_6_0-openjdk-devel-1.6.0.0_b27.1.12.7-45.1
java-1_6_0-openjdk-devel-debuginfo-1.6.0.0_b27.1.12.7-45.1
java-1_6_0-openjdk-javadoc-1.6.0.0_b27.1.12.7-45.1
java-1_6_0-openjdk-src-1.6.0.0_b27.1.12.7-45.1


References:

http://support.novell.com/security/cve/CVE-2013-3829.html
http://support.novell.com/security/cve/CVE-2013-4002.html
http://support.novell.com/security/cve/CVE-2013-5772.html
http://support.novell.com/security/cve/CVE-2013-5774.html
http://support.novell.com/security/cve/CVE-2013-5778.html
http://support.novell.com/security/cve/CVE-2013-5780.html
http://support.novell.com/security/cve/CVE-2013-5782.html
http://support.novell.com/security/cve/CVE-2013-5783.html
http://support.novell.com/security/cve/CVE-2013-5784.html
http://support.novell.com/security/cve/CVE-2013-5790.html
http://support.novell.com/security/cve/CVE-2013-5797.html
http://support.novell.com/security/cve/CVE-2013-5802.html
http://support.novell.com/security/cve/CVE-2013-5803.html
http://support.novell.com/security/cve/CVE-2013-5804.html
http://support.novell.com/security/cve/CVE-2013-5809.html
http://support.novell.com/security/cve/CVE-2013-5814.html
http://support.novell.com/security/cve/CVE-2013-5817.html
http://support.novell.com/security/cve/CVE-2013-5820.html
http://support.novell.com/security/cve/CVE-2013-5823.html
http://support.novell.com/security/cve/CVE-2013-5825.html
http://support.novell.com/security/cve/CVE-2013-5829.html
http://support.novell.com/security/cve/CVE-2013-5830.html
http://support.novell.com/security/cve/CVE-2013-5840.html
http://support.novell.com/security/cve/CVE-2013-5842.html
http://support.novell.com/security/cve/CVE-2013-5849.html
http://support.novell.com/security/cve/CVE-2013-5850.html
http://support.novell.com/security/cve/CVE-2013-5851.html


< Previous Next >
This Thread
  • No further messages