SUSE 5151 Published by

Updated java-1_8_0-openjdk packages has been released for SUSE OpenStack Cloud and SUSE Linux Enterprise Desktop/Server



SUSE Security Update: Security update for java-1_8_0-openjdk
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:2175-1
Rating: important
References: #1049302 #1049305 #1049306 #1049307 #1049308
#1049309 #1049310 #1049311 #1049312 #1049313
#1049314 #1049315 #1049316 #1049317 #1049318
#1049319 #1049320 #1049321 #1049322 #1049323
#1049324 #1049325 #1049326 #1049327 #1049328
#1049329 #1049330 #1049331 #1049332
Cross-References: CVE-2017-10053 CVE-2017-10067 CVE-2017-10074
CVE-2017-10078 CVE-2017-10081 CVE-2017-10086
CVE-2017-10087 CVE-2017-10089 CVE-2017-10090
CVE-2017-10096 CVE-2017-10101 CVE-2017-10102
CVE-2017-10105 CVE-2017-10107 CVE-2017-10108
CVE-2017-10109 CVE-2017-10110 CVE-2017-10111
CVE-2017-10114 CVE-2017-10115 CVE-2017-10116
CVE-2017-10118 CVE-2017-10125 CVE-2017-10135
CVE-2017-10176 CVE-2017-10193 CVE-2017-10198
CVE-2017-10243
Affected Products:
SUSE OpenStack Cloud 6
SUSE Linux Enterprise Server for SAP 12-SP1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2
SUSE Linux Enterprise Server 12-SP3
SUSE Linux Enterprise Server 12-SP2
SUSE Linux Enterprise Server 12-SP1-LTSS
SUSE Linux Enterprise Desktop 12-SP3
SUSE Linux Enterprise Desktop 12-SP2
______________________________________________________________________________

An update that solves 28 vulnerabilities and has one errata
is now available.

Description:

This java-1_8_0-openjdk update to version jdk8u141 (icedtea 3.5.0) fixes
the following issues:

Security issues fixed:
- CVE-2017-10053: Improved image post-processing steps (bsc#1049305)
- CVE-2017-10067: Additional jar validation steps (bsc#1049306)
- CVE-2017-10074: Image conversion improvements (bsc#1049307)
- CVE-2017-10078: Better script accessibility for JavaScript (bsc#1049308)
- CVE-2017-10081: Right parenthesis issue (bsc#1049309)
- CVE-2017-10086: Unspecified vulnerability in subcomponent JavaFX
(bsc#1049310)
- CVE-2017-10087: Better Thread Pool execution (bsc#1049311)
- CVE-2017-10089: Service Registration Lifecycle (bsc#1049312)
- CVE-2017-10090: Better handling of channel groups (bsc#1049313)
- CVE-2017-10096: Transform Transformer Exceptions (bsc#1049314)
- CVE-2017-10101: Better reading of text catalogs (bsc#1049315)
- CVE-2017-10102: Improved garbage collection (bsc#1049316)
- CVE-2017-10105: Unspecified vulnerability in subcomponent deployment
(bsc#1049317)
- CVE-2017-10107: Less Active Activations (bsc#1049318)
- CVE-2017-10108: Better naming attribution (bsc#1049319)
- CVE-2017-10109: Better sourcing of code (bsc#1049320)
- CVE-2017-10110: Better image fetching (bsc#1049321)
- CVE-2017-10111: Rearrange MethodHandle arrangements (bsc#1049322)
- CVE-2017-10114: Unspecified vulnerability in subcomponent JavaFX
(bsc#1049323)
- CVE-2017-10115: Higher quality DSA operations (bsc#1049324)
- CVE-2017-10116: Proper directory lookup processing (bsc#1049325)
- CVE-2017-10118: Higher quality ECDSA operations (bsc#1049326)
- CVE-2017-10125: Unspecified vulnerability in subcomponent deployment
(bsc#1049327)
- CVE-2017-10135: Better handling of PKCS8 material (bsc#1049328)
- CVE-2017-10176: Additional elliptic curve support (bsc#1049329)
- CVE-2017-10193: Improve algorithm constraints implementation
(bsc#1049330)
- CVE-2017-10198: Clear certificate chain connections (bsc#1049331)
- CVE-2017-10243: Unspecified vulnerability in subcomponent JAX-WS
(bsc#1049332)

Bug fixes:
- Check registry registration location
- Improved certificate processing
- JMX diagnostic improvements
- Update to libpng 1.6.28
- Import of OpenJDK 8 u141 build 15 (bsc#1049302)

New features:
- Support using RSAandMGF1 with the SHA hash algorithms in the PKCS11
provider


Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- SUSE OpenStack Cloud 6:

zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1337=1

- SUSE Linux Enterprise Server for SAP 12-SP1:

zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1337=1

- SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:

zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1337=1

- SUSE Linux Enterprise Server 12-SP3:

zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1337=1

- SUSE Linux Enterprise Server 12-SP2:

zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1337=1

- SUSE Linux Enterprise Server 12-SP1-LTSS:

zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1337=1

- SUSE Linux Enterprise Desktop 12-SP3:

zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1337=1

- SUSE Linux Enterprise Desktop 12-SP2:

zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1337=1

To bring your system up-to-date, use "zypper patch".


Package List:

- SUSE OpenStack Cloud 6 (x86_64):

java-1_8_0-openjdk-1.8.0.144-27.5.3
java-1_8_0-openjdk-debuginfo-1.8.0.144-27.5.3
java-1_8_0-openjdk-debugsource-1.8.0.144-27.5.3
java-1_8_0-openjdk-demo-1.8.0.144-27.5.3
java-1_8_0-openjdk-demo-debuginfo-1.8.0.144-27.5.3
java-1_8_0-openjdk-devel-1.8.0.144-27.5.3
java-1_8_0-openjdk-headless-1.8.0.144-27.5.3
java-1_8_0-openjdk-headless-debuginfo-1.8.0.144-27.5.3

- SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64):

java-1_8_0-openjdk-1.8.0.144-27.5.3
java-1_8_0-openjdk-debuginfo-1.8.0.144-27.5.3
java-1_8_0-openjdk-debugsource-1.8.0.144-27.5.3
java-1_8_0-openjdk-demo-1.8.0.144-27.5.3
java-1_8_0-openjdk-demo-debuginfo-1.8.0.144-27.5.3
java-1_8_0-openjdk-devel-1.8.0.144-27.5.3
java-1_8_0-openjdk-headless-1.8.0.144-27.5.3
java-1_8_0-openjdk-headless-debuginfo-1.8.0.144-27.5.3

- SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64):

java-1_8_0-openjdk-1.8.0.144-27.5.3
java-1_8_0-openjdk-debuginfo-1.8.0.144-27.5.3
java-1_8_0-openjdk-debugsource-1.8.0.144-27.5.3
java-1_8_0-openjdk-demo-1.8.0.144-27.5.3
java-1_8_0-openjdk-demo-debuginfo-1.8.0.144-27.5.3
java-1_8_0-openjdk-devel-1.8.0.144-27.5.3
java-1_8_0-openjdk-devel-debuginfo-1.8.0.144-27.5.3
java-1_8_0-openjdk-headless-1.8.0.144-27.5.3
java-1_8_0-openjdk-headless-debuginfo-1.8.0.144-27.5.3

- SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64):

java-1_8_0-openjdk-1.8.0.144-27.5.3
java-1_8_0-openjdk-debuginfo-1.8.0.144-27.5.3
java-1_8_0-openjdk-debugsource-1.8.0.144-27.5.3
java-1_8_0-openjdk-demo-1.8.0.144-27.5.3
java-1_8_0-openjdk-demo-debuginfo-1.8.0.144-27.5.3
java-1_8_0-openjdk-devel-1.8.0.144-27.5.3
java-1_8_0-openjdk-devel-debuginfo-1.8.0.144-27.5.3
java-1_8_0-openjdk-headless-1.8.0.144-27.5.3
java-1_8_0-openjdk-headless-debuginfo-1.8.0.144-27.5.3

- SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64):

java-1_8_0-openjdk-1.8.0.144-27.5.3
java-1_8_0-openjdk-debuginfo-1.8.0.144-27.5.3
java-1_8_0-openjdk-debugsource-1.8.0.144-27.5.3
java-1_8_0-openjdk-demo-1.8.0.144-27.5.3
java-1_8_0-openjdk-demo-debuginfo-1.8.0.144-27.5.3
java-1_8_0-openjdk-devel-1.8.0.144-27.5.3
java-1_8_0-openjdk-devel-debuginfo-1.8.0.144-27.5.3
java-1_8_0-openjdk-headless-1.8.0.144-27.5.3
java-1_8_0-openjdk-headless-debuginfo-1.8.0.144-27.5.3

- SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64):

java-1_8_0-openjdk-1.8.0.144-27.5.3
java-1_8_0-openjdk-debuginfo-1.8.0.144-27.5.3
java-1_8_0-openjdk-debugsource-1.8.0.144-27.5.3
java-1_8_0-openjdk-demo-1.8.0.144-27.5.3
java-1_8_0-openjdk-demo-debuginfo-1.8.0.144-27.5.3
java-1_8_0-openjdk-devel-1.8.0.144-27.5.3
java-1_8_0-openjdk-headless-1.8.0.144-27.5.3
java-1_8_0-openjdk-headless-debuginfo-1.8.0.144-27.5.3

- SUSE Linux Enterprise Desktop 12-SP3 (x86_64):

java-1_8_0-openjdk-1.8.0.144-27.5.3
java-1_8_0-openjdk-debuginfo-1.8.0.144-27.5.3
java-1_8_0-openjdk-debugsource-1.8.0.144-27.5.3
java-1_8_0-openjdk-headless-1.8.0.144-27.5.3
java-1_8_0-openjdk-headless-debuginfo-1.8.0.144-27.5.3

- SUSE Linux Enterprise Desktop 12-SP2 (x86_64):

java-1_8_0-openjdk-1.8.0.144-27.5.3
java-1_8_0-openjdk-debuginfo-1.8.0.144-27.5.3
java-1_8_0-openjdk-debugsource-1.8.0.144-27.5.3
java-1_8_0-openjdk-headless-1.8.0.144-27.5.3
java-1_8_0-openjdk-headless-debuginfo-1.8.0.144-27.5.3


References:

https://www.suse.com/security/cve/CVE-2017-10053.html
https://www.suse.com/security/cve/CVE-2017-10067.html
https://www.suse.com/security/cve/CVE-2017-10074.html
https://www.suse.com/security/cve/CVE-2017-10078.html
https://www.suse.com/security/cve/CVE-2017-10081.html
https://www.suse.com/security/cve/CVE-2017-10086.html
https://www.suse.com/security/cve/CVE-2017-10087.html
https://www.suse.com/security/cve/CVE-2017-10089.html
https://www.suse.com/security/cve/CVE-2017-10090.html
https://www.suse.com/security/cve/CVE-2017-10096.html
https://www.suse.com/security/cve/CVE-2017-10101.html
https://www.suse.com/security/cve/CVE-2017-10102.html
https://www.suse.com/security/cve/CVE-2017-10105.html
https://www.suse.com/security/cve/CVE-2017-10107.html
https://www.suse.com/security/cve/CVE-2017-10108.html
https://www.suse.com/security/cve/CVE-2017-10109.html
https://www.suse.com/security/cve/CVE-2017-10110.html
https://www.suse.com/security/cve/CVE-2017-10111.html
https://www.suse.com/security/cve/CVE-2017-10114.html
https://www.suse.com/security/cve/CVE-2017-10115.html
https://www.suse.com/security/cve/CVE-2017-10116.html
https://www.suse.com/security/cve/CVE-2017-10118.html
https://www.suse.com/security/cve/CVE-2017-10125.html
https://www.suse.com/security/cve/CVE-2017-10135.html
https://www.suse.com/security/cve/CVE-2017-10176.html
https://www.suse.com/security/cve/CVE-2017-10193.html
https://www.suse.com/security/cve/CVE-2017-10198.html
https://www.suse.com/security/cve/CVE-2017-10243.html
https://bugzilla.suse.com/1049302
https://bugzilla.suse.com/1049305
https://bugzilla.suse.com/1049306
https://bugzilla.suse.com/1049307
https://bugzilla.suse.com/1049308
https://bugzilla.suse.com/1049309
https://bugzilla.suse.com/1049310
https://bugzilla.suse.com/1049311
https://bugzilla.suse.com/1049312
https://bugzilla.suse.com/1049313
https://bugzilla.suse.com/1049314
https://bugzilla.suse.com/1049315
https://bugzilla.suse.com/1049316
https://bugzilla.suse.com/1049317
https://bugzilla.suse.com/1049318
https://bugzilla.suse.com/1049319
https://bugzilla.suse.com/1049320
https://bugzilla.suse.com/1049321
https://bugzilla.suse.com/1049322
https://bugzilla.suse.com/1049323
https://bugzilla.suse.com/1049324
https://bugzilla.suse.com/1049325
https://bugzilla.suse.com/1049326
https://bugzilla.suse.com/1049327
https://bugzilla.suse.com/1049328
https://bugzilla.suse.com/1049329
https://bugzilla.suse.com/1049330
https://bugzilla.suse.com/1049331
https://bugzilla.suse.com/1049332
  Java-1_8_0-openjdk Update for SUSE Linux Enterprise and OpenStack Cloud