Security update for OpenJDK

SUSE Security Update: Security update for OpenJDK
Announcement ID: SUSE-SU-2014:0639-1
Rating: important
References: #873873
Affected Products:
  • SUSE Linux Enterprise Desktop 11 SP3

  • An update that fixes 26 vulnerabilities is now available.


    This java-1_7_0-openjdk update to version 2.4.7 fixes the following
    security and non-security issues:


    Security fixes

    o S8023046: Enhance splashscreen support o S8025005: Enhance
    CORBA initializations o S8025010, CVE-2014-2412: Enhance AWT contexts o
    S8025030, CVE-2014-2414: Enhance stream handling o S8025152,
    CVE-2014-0458: Enhance activation set up o S8026067: Enhance signed jar
    verification o S8026163, CVE-2014-2427: Enhance media provisioning o
    S8026188, CVE-2014-2423: Enhance envelope factory o S8026200: Enhance
    RowSet Factory o S8026716, CVE-2014-2402: (aio) Enhance asynchronous
    channel handling o S8026736, CVE-2014-2398: Enhance Javadoc pages o
    S8026797, CVE-2014-0451: Enhance data transfers o S8026801, CVE-2014-0452:
    Enhance endpoint addressing o S8027766, CVE-2014-0453: Enhance RSA
    processing o S8027775: Enhance ICU code. o S8027841, CVE-2014-0429:
    Enhance pixel manipulations o S8028385: Enhance RowSet Factory o S8029282,
    CVE-2014-2403: Enhance CharInfo set up o S8029286: Enhance subject
    delegation o S8029699: Update Poller demo o S8029730: Improve audio device
    additions o S8029735: Enhance service mgmt natives o S8029740,
    CVE-2014-0446: Enhance handling of loggers o S8029745, CVE-2014-0454:
    Enhance algorithm checking o S8029750: Enhance LCMS color processing
    (in-tree LCMS) o S8029760, CVE-2013-6629: Enhance AWT image libraries
    (in-tree libjpeg) o S8029844, CVE-2014-0455: Enhance argument validation o
    S8029854, CVE-2014-2421: Enhance JPEG decodings o S8029858, CVE-2014-0456:
    Enhance array copies o S8030731, CVE-2014-0460: Improve name service
    robustness o S8031330: Refactor ObjectFactory o S8031335, CVE-2014-0459:
    Better color profiling (in-tree LCMS) o S8031352, CVE-2013-6954: Enhance
    PNG handling (in-tree libpng) o S8031394, CVE-2014-0457: (sl) Fix
    exception handling in ServiceLoader o S8031395: Enhance LDAP processing o
    S8032686, CVE-2014-2413: Issues with method invoke o S8033618,
    CVE-2014-1876: Correct logging output o S8034926, CVE-2014-2397: Attribute
    classes properly o S8036794, CVE-2014-0461: Manage JavaScript instances


    o S8004145: New improved, ctrl-c now properly
    terminates mercurial processes. o S8007625: race with nested repos in
    /common/bin/ o S8011178: improve common/bin/ python
    detection (MacOS) o S8011342: : 'python --version' not
    supported on older python o S8011350: uses non-POSIX sh
    features that may fail with some shells o S8024200: handle hg wrapper with
    space after #! o S8025796: could trigger unbuffered output
    from hg without complicated machinations o S8028388: 9 jaxws tests failed
    in nightly build with java.lang.ClassCastException o S8031477: [macosx]
    Loading AWT native library fails o S8032370: No "Truncated file" warning
    from IIOReadWarningListener on JPEGImageReader o S8035834:
    InetAddress.getLocalHost() can hang after JDK-8030731 was fixed

    Bug fixes

    o PR1393: JPEG support in build is broken on non-system-libjpeg
    builds o PR1726: configure fails looking for ecj.jar before even trying to
    find javac o Red Hat local: Fix for repo with path statting with / . o
    Remove unused hgforest script

    Security Issue references:

    * CVE-2014-2412

    * CVE-2014-2414

    * CVE-2014-0458

    * CVE-2014-2427

    * CVE-2014-2423

    * CVE-2014-2402

    * CVE-2014-2398

    * CVE-2014-0451

    * CVE-2014-0452

    * CVE-2014-0453

    * CVE-2014-0429

    * CVE-2014-2403

    * CVE-2014-0446

    * CVE-2014-0454

    * CVE-2013-6629

    * CVE-2014-0455

    * CVE-2014-2421

    * CVE-2014-0456

    * CVE-2014-0460

    * CVE-2014-0459

    * CVE-2013-6954

    * CVE-2014-0457

    * CVE-2014-2413

    * CVE-2014-1876

    * CVE-2014-2397

    * CVE-2014-0461

    Patch Instructions:

    To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product:

    • SUSE Linux Enterprise Desktop 11 SP3:
      zypper in -t patch sledsp3-java-1_7_0-openjdk-9209

    To bring your system up-to-date, use "zypper patch".

    Package List:

    • SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64):
    • java-1_7_0-openjdk-
    • java-1_7_0-openjdk-demo-
    • java-1_7_0-openjdk-devel-