Security update for java-1_7_0-openjdk

SUSE Security Update: Security update for java-1_7_0-openjdk
Announcement ID: SUSE-SU-2018:0005-1
Rating: important
References: #1049305 #1049306 #1049307 #1049309 #1049310 #1049311 #1049312 #1049313 #1049314 #1049315 #1049316 #1049317 #1049318 #1049319 #1049320 #1049321 #1049322 #1049323 #1049324 #1049325 #1049326 #1049327 #1049328 #1049329 #1049330 #1049331 #1049332 #1052318 #1064071 #1064072 #1064073 #1064075 #1064077 #1064078 #1064079 #1064080 #1064081 #1064082 #1064083 #1064084 #1064085 #1064086
Affected Products:
  • SUSE OpenStack Cloud 6
  • SUSE Linux Enterprise Server for SAP 12-SP1
  • SUSE Linux Enterprise Server for SAP 12
  • SUSE Linux Enterprise Server for Raspberry Pi 12-SP2
  • SUSE Linux Enterprise Server 12-SP3
  • SUSE Linux Enterprise Server 12-SP2
  • SUSE Linux Enterprise Server 12-SP1-LTSS
  • SUSE Linux Enterprise Server 12-LTSS
  • SUSE Linux Enterprise Desktop 12-SP3
  • SUSE Linux Enterprise Desktop 12-SP2

  • An update that fixes 46 vulnerabilities is now available.

    Description:

    This update for java-1_7_0-openjdk fixes the following issues:

    Security issues fixed:

    - CVE-2017-10356: Fix issue inside subcomponent Security (bsc#1064084).
    - CVE-2017-10274: Fix issue inside subcomponent Smart Card IO
    (bsc#1064071).
    - CVE-2017-10281: Fix issue inside subcomponent Serialization
    (bsc#1064072).
    - CVE-2017-10285: Fix issue inside subcomponent RMI (bsc#1064073).
    - CVE-2017-10295: Fix issue inside subcomponent Networking (bsc#1064075).
    - CVE-2017-10388: Fix issue inside subcomponent Libraries (bsc#1064086).
    - CVE-2017-10346: Fix issue inside subcomponent Hotspot (bsc#1064078).
    - CVE-2017-10350: Fix issue inside subcomponent JAX-WS (bsc#1064082).
    - CVE-2017-10347: Fix issue inside subcomponent Serialization
    (bsc#1064079).
    - CVE-2017-10349: Fix issue inside subcomponent JAXP (bsc#1064081).
    - CVE-2017-10345: Fix issue inside subcomponent Serialization
    (bsc#1064077).
    - CVE-2017-10348: Fix issue inside subcomponent Libraries (bsc#1064080).
    - CVE-2017-10357: Fix issue inside subcomponent Serialization
    (bsc#1064085).
    - CVE-2017-10355: Fix issue inside subcomponent Networking (bsc#1064083).
    - CVE-2017-10102: Fix incorrect handling of references in DGC
    (bsc#1049316).
    - CVE-2017-10053: Fix reading of unprocessed image data in JPEGImageReader
    (bsc#1049305).
    - CVE-2017-10067: Fix JAR verifier incorrect handling of missing digest
    (bsc#1049306).
    - CVE-2017-10081: Fix incorrect bracket processing in function signature
    handling (bsc#1049309).
    - CVE-2017-10087: Fix insufficient access control checks in
    ThreadPoolExecutor (bsc#1049311).
    - CVE-2017-10089: Fix insufficient access control checks in
    ServiceRegistry (bsc#1049312).
    - CVE-2017-10090: Fix insufficient access control checks in
    AsynchronousChannelGroupImpl (bsc#1049313).
    - CVE-2017-10096: Fix insufficient access control checks in XML
    transformations (bsc#1049314).
    - CVE-2017-10101: Fix unrestricted access to
    com.sun.org.apache.xml.internal.resolver (bsc#1049315).
    - CVE-2017-10107: Fix insufficient access control checks in ActivationID
    (bsc#1049318).
    - CVE-2017-10074: Fix integer overflows in range check loop predicates
    (bsc#1049307).
    - CVE-2017-10110: Fix insufficient access control checks in ImageWatched
    (bsc#1049321).
    - CVE-2017-10108: Fix unbounded memory allocation in BasicAttribute
    deserialization (bsc#1049319).
    - CVE-2017-10109: Fix unbounded memory allocation in CodeSource
    deserialization (bsc#1049320).
    - CVE-2017-10115: Fix unspecified vulnerability in subcomponent JCE
    (bsc#1049324).
    - CVE-2017-10118: Fix ECDSA implementation timing attack (bsc#1049326).
    - CVE-2017-10116: Fix LDAPCertStore following referrals to non-LDAP URL
    (bsc#1049325).
    - CVE-2017-10135: Fix PKCS#8 implementation timing attack (bsc#1049328).
    - CVE-2017-10176: Fix incorrect handling of certain EC points
    (bsc#1049329).
    - CVE-2017-10074: Fix integer overflows in range check loop predicates
    (bsc#1049307).
    - CVE-2017-10074: Fix integer overflows in range check loop predicates
    (bsc#1049307).
    - CVE-2017-10111: Fix checks in LambdaFormEditor (bsc#1049322).
    - CVE-2017-10243: Fix unspecified vulnerability in subcomponent JAX-WS
    (bsc#1049332).
    - CVE-2017-10125: Fix unspecified vulnerability in subcomponent deployment
    (bsc#1049327).
    - CVE-2017-10114: Fix unspecified vulnerability in subcomponent JavaFX
    (bsc#1049323).
    - CVE-2017-10105: Fix unspecified vulnerability in subcomponent deployment
    (bsc#1049317).
    - CVE-2017-10086: Fix unspecified in subcomponent JavaFX (bsc#1049310).
    - CVE-2017-10198: Fix incorrect enforcement of certificate path
    restrictions (bsc#1049331).
    - CVE-2017-10193: Fix incorrect key size constraint check (bsc#1049330).

    Bug fixes:

    - Drop Exec Shield workaround to fix crashes on recent kernels, where Exec
    Shield is gone (bsc#1052318).

    Patch Instructions:

    To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product:

    • SUSE OpenStack Cloud 6:
      zypper in -t patch SUSE-OpenStack-Cloud-6-2018-6=1
    • SUSE Linux Enterprise Server for SAP 12-SP1:
      zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-6=1
    • SUSE Linux Enterprise Server for SAP 12:
      zypper in -t patch SUSE-SLE-SAP-12-2018-6=1
    • SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:
      zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-6=1
    • SUSE Linux Enterprise Server 12-SP3:
      zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-6=1
    • SUSE Linux Enterprise Server 12-SP2:
      zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-6=1
    • SUSE Linux Enterprise Server 12-SP1-LTSS:
      zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-6=1
    • SUSE Linux Enterprise Server 12-LTSS:
      zypper in -t patch SUSE-SLE-SERVER-12-2018-6=1
    • SUSE Linux Enterprise Desktop 12-SP3:
      zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-6=1
    • SUSE Linux Enterprise Desktop 12-SP2:
      zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-6=1

    To bring your system up-to-date, use "zypper patch".

    Package List:

    • SUSE OpenStack Cloud 6 (x86_64):
      • java-1_7_0-openjdk-1.7.0.161-43.7.6
      • java-1_7_0-openjdk-debuginfo-1.7.0.161-43.7.6
      • java-1_7_0-openjdk-debugsource-1.7.0.161-43.7.6
      • java-1_7_0-openjdk-demo-1.7.0.161-43.7.6
      • java-1_7_0-openjdk-demo-debuginfo-1.7.0.161-43.7.6
      • java-1_7_0-openjdk-devel-1.7.0.161-43.7.6
      • java-1_7_0-openjdk-devel-debuginfo-1.7.0.161-43.7.6
      • java-1_7_0-openjdk-headless-1.7.0.161-43.7.6
      • java-1_7_0-openjdk-headless-debuginfo-1.7.0.161-43.7.6
    • SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64):
      • java-1_7_0-openjdk-1.7.0.161-43.7.6
      • java-1_7_0-openjdk-debuginfo-1.7.0.161-43.7.6
      • java-1_7_0-openjdk-debugsource-1.7.0.161-43.7.6
      • java-1_7_0-openjdk-demo-1.7.0.161-43.7.6
      • java-1_7_0-openjdk-demo-debuginfo-1.7.0.161-43.7.6
      • java-1_7_0-openjdk-devel-1.7.0.161-43.7.6
      • java-1_7_0-openjdk-devel-debuginfo-1.7.0.161-43.7.6
      • java-1_7_0-openjdk-headless-1.7.0.161-43.7.6
      • java-1_7_0-openjdk-headless-debuginfo-1.7.0.161-43.7.6
    • SUSE Linux Enterprise Server for SAP 12 (x86_64):
      • java-1_7_0-openjdk-1.7.0.161-43.7.6
      • java-1_7_0-openjdk-debuginfo-1.7.0.161-43.7.6
      • java-1_7_0-openjdk-debugsource-1.7.0.161-43.7.6
      • java-1_7_0-openjdk-demo-1.7.0.161-43.7.6
      • java-1_7_0-openjdk-demo-debuginfo-1.7.0.161-43.7.6
      • java-1_7_0-openjdk-devel-1.7.0.161-43.7.6
      • java-1_7_0-openjdk-devel-debuginfo-1.7.0.161-43.7.6
      • java-1_7_0-openjdk-headless-1.7.0.161-43.7.6
      • java-1_7_0-openjdk-headless-debuginfo-1.7.0.161-43.7.6
    • SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64):
      • java-1_7_0-openjdk-1.7.0.161-43.7.6
      • java-1_7_0-openjdk-debuginfo-1.7.0.161-43.7.6
      • java-1_7_0-openjdk-debugsource-1.7.0.161-43.7.6
      • java-1_7_0-openjdk-demo-1.7.0.161-43.7.6
      • java-1_7_0-openjdk-demo-debuginfo-1.7.0.161-43.7.6
      • java-1_7_0-openjdk-devel-1.7.0.161-43.7.6
      • java-1_7_0-openjdk-devel-debuginfo-1.7.0.161-43.7.6
      • java-1_7_0-openjdk-headless-1.7.0.161-43.7.6
      • java-1_7_0-openjdk-headless-debuginfo-1.7.0.161-43.7.6
    • SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64):
      • java-1_7_0-openjdk-1.7.0.161-43.7.6
      • java-1_7_0-openjdk-debuginfo-1.7.0.161-43.7.6
      • java-1_7_0-openjdk-debugsource-1.7.0.161-43.7.6
      • java-1_7_0-openjdk-demo-1.7.0.161-43.7.6
      • java-1_7_0-openjdk-demo-debuginfo-1.7.0.161-43.7.6
      • java-1_7_0-openjdk-devel-1.7.0.161-43.7.6
      • java-1_7_0-openjdk-devel-debuginfo-1.7.0.161-43.7.6
      • java-1_7_0-openjdk-headless-1.7.0.161-43.7.6
      • java-1_7_0-openjdk-headless-debuginfo-1.7.0.161-43.7.6
    • SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64):
      • java-1_7_0-openjdk-1.7.0.161-43.7.6
      • java-1_7_0-openjdk-debuginfo-1.7.0.161-43.7.6
      • java-1_7_0-openjdk-debugsource-1.7.0.161-43.7.6
      • java-1_7_0-openjdk-demo-1.7.0.161-43.7.6
      • java-1_7_0-openjdk-demo-debuginfo-1.7.0.161-43.7.6
      • java-1_7_0-openjdk-devel-1.7.0.161-43.7.6
      • java-1_7_0-openjdk-devel-debuginfo-1.7.0.161-43.7.6
      • java-1_7_0-openjdk-headless-1.7.0.161-43.7.6
      • java-1_7_0-openjdk-headless-debuginfo-1.7.0.161-43.7.6
    • SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64):
      • java-1_7_0-openjdk-1.7.0.161-43.7.6
      • java-1_7_0-openjdk-debuginfo-1.7.0.161-43.7.6
      • java-1_7_0-openjdk-debugsource-1.7.0.161-43.7.6
      • java-1_7_0-openjdk-demo-1.7.0.161-43.7.6
      • java-1_7_0-openjdk-demo-debuginfo-1.7.0.161-43.7.6
      • java-1_7_0-openjdk-devel-1.7.0.161-43.7.6
      • java-1_7_0-openjdk-devel-debuginfo-1.7.0.161-43.7.6
      • java-1_7_0-openjdk-headless-1.7.0.161-43.7.6
      • java-1_7_0-openjdk-headless-debuginfo-1.7.0.161-43.7.6
    • SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64):
      • java-1_7_0-openjdk-1.7.0.161-43.7.6
      • java-1_7_0-openjdk-debuginfo-1.7.0.161-43.7.6
      • java-1_7_0-openjdk-debugsource-1.7.0.161-43.7.6
      • java-1_7_0-openjdk-demo-1.7.0.161-43.7.6
      • java-1_7_0-openjdk-demo-debuginfo-1.7.0.161-43.7.6
      • java-1_7_0-openjdk-devel-1.7.0.161-43.7.6
      • java-1_7_0-openjdk-devel-debuginfo-1.7.0.161-43.7.6
      • java-1_7_0-openjdk-headless-1.7.0.161-43.7.6
      • java-1_7_0-openjdk-headless-debuginfo-1.7.0.161-43.7.6
    • SUSE Linux Enterprise Desktop 12-SP3 (x86_64):
      • java-1_7_0-openjdk-1.7.0.161-43.7.6
      • java-1_7_0-openjdk-debuginfo-1.7.0.161-43.7.6
      • java-1_7_0-openjdk-debugsource-1.7.0.161-43.7.6
      • java-1_7_0-openjdk-headless-1.7.0.161-43.7.6
      • java-1_7_0-openjdk-headless-debuginfo-1.7.0.161-43.7.6
    • SUSE Linux Enterprise Desktop 12-SP2 (x86_64):
      • java-1_7_0-openjdk-1.7.0.161-43.7.6
      • java-1_7_0-openjdk-debuginfo-1.7.0.161-43.7.6
      • java-1_7_0-openjdk-debugsource-1.7.0.161-43.7.6
      • java-1_7_0-openjdk-headless-1.7.0.161-43.7.6
      • java-1_7_0-openjdk-headless-debuginfo-1.7.0.161-43.7.6

    References: