SuSE: 2018:0005-1: important: java-1_7_0-openjdk
Summary
This update for java-1_7_0-openjdk fixes the following issues: Security issues fixed: - CVE-2017-10356: Fix issue inside subcomponent Security (bsc#1064084). - CVE-2017-10274: Fix issue inside subcomponent Smart Card IO (bsc#1064071). - CVE-2017-10281: Fix issue inside subcomponent Serialization (bsc#1064072). - CVE-2017-10285: Fix issue inside subcomponent RMI (bsc#1064073). - CVE-2017-10295: Fix issue inside subcomponent Networking (bsc#1064075). - CVE-2017-10388: Fix issue inside subcomponent Libraries (bsc#1064086). - CVE-2017-10346: Fix issue inside subcomponent Hotspot (bsc#1064078). - CVE-2017-10350: Fix issue inside subcomponent JAX-WS (bsc#1064082). - CVE-2017-10347: Fix issue inside subcomponent Serialization (bsc#1064079). - CVE-2017-10349: Fix issue inside subcomponent JAXP (bsc#1064081). - CVE-2017-10345: Fix issue inside subcomponent Serialization (bsc#1064077). - CVE-2017-10348: Fix issue inside subcomponent Libraries (bsc#1064080). - CVE-2017-10357: Fix issue inside subcomponent Serialization (bsc#1064085). - CVE-2017-10355: Fix issue inside subcomponent Networking (bsc#1064083). - CVE-2017-10102: Fix incorrect handling of references in DGC (bsc#1049316). - CVE-2017-10053: Fix reading of unprocessed image data in JPEGImageReader (bsc#1049305). - CVE-2017-10067: Fix JAR verifier incorrect handling of missing digest (bsc#1049306). - CVE-2017-10081: Fix incorrect bracket processing in function signature handling (bsc#1049309). - CVE-2017-10087: Fix insufficient access control checks in ThreadPoolExecutor (bsc#1049311). - CVE-2017-10089: Fix insufficient access control checks in ServiceRegistry (bsc#1049312). - CVE-2017-10090: Fix insufficient access control checks in AsynchronousChannelGroupImpl (bsc#1049313). - CVE-2017-10096: Fix insufficient access control checks in XML transformations (bsc#1049314). - CVE-2017-10101: Fix unrestricted access to com.sun.org.apache.xml.internal.resolver (bsc#1049315). - CVE-2017-10107: Fix insufficient access control checks in ActivationID (bsc#1049318). - CVE-2017-10074: Fix integer overflows in range check loop predicates (bsc#1049307). - CVE-2017-10110: Fix insufficient access control checks in ImageWatched (bsc#1049321). - CVE-2017-10108: Fix unbounded memory allocation in BasicAttribute deserialization (bsc#1049319). - CVE-2017-10109: Fix unbounded memory allocation in CodeSource deserialization (bsc#1049320). - CVE-2017-10115: Fix unspecified vulnerability in subcomponent JCE (bsc#1049324). - CVE-2017-10118: Fix ECDSA implementation timing attack (bsc#1049326). - CVE-2017-10116: Fix LDAPCertStore following referrals to non-LDAP URL (bsc#1049325). - CVE-2017-10135: Fix PKCS#8 implementation timing attack (bsc#1049328). - CVE-2017-10176: Fix incorrect handling of certain EC points (bsc#1049329). - CVE-2017-10074: Fix integer overflows in range check loop predicates (bsc#1049307). - CVE-2017-10074: Fix integer overflows in range check loop predicates (bsc#1049307). - CVE-2017-10111: Fix checks in LambdaFormEditor (bsc#1049322). - CVE-2017-10243: Fix unspecified vulnerability in subcomponent JAX-WS (bsc#1049332). - CVE-2017-10125: Fix unspecified vulnerability in subcomponent deployment (bsc#1049327). - CVE-2017-10114: Fix unspecified vulnerability in subcomponent JavaFX (bsc#1049323). - CVE-2017-10105: Fix unspecified vulnerability in subcomponent deployment (bsc#1049317). - CVE-2017-10086: Fix unspecified in subcomponent JavaFX (bsc#1049310). - CVE-2017-10198: Fix incorrect enforcement of certificate path restrictions (bsc#1049331). - CVE-2017-10193: Fix incorrect key size constraint check (bsc#1049330). Bug fixes: - Drop Exec Shield workaround to fix crashes on recent kernels, where Exec Shield is gone (bsc#1052318). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2018-6=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-6=1 - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2018-6=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-6=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-6=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-6=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-6=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-6=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-6=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-6=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): java-1_7_0-openjdk-1.7.0.161-43.7.6 java-1_7_0-openjdk-debuginfo-1.7.0.161-43.7.6 java-1_7_0-openjdk-debugsource-1.7.0.161-43.7.6 java-1_7_0-openjdk-demo-1.7.0.161-43.7.6 java-1_7_0-openjdk-demo-debuginfo-1.7.0.161-43.7.6 java-1_7_0-openjdk-devel-1.7.0.161-43.7.6 java-1_7_0-openjdk-devel-debuginfo-1.7.0.161-43.7.6 java-1_7_0-openjdk-headless-1.7.0.161-43.7.6 java-1_7_0-openjdk-headless-debuginfo-1.7.0.161-43.7.6 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): java-1_7_0-openjdk-1.7.0.161-43.7.6 java-1_7_0-openjdk-debuginfo-1.7.0.161-43.7.6 java-1_7_0-openjdk-debugsource-1.7.0.161-43.7.6 java-1_7_0-openjdk-demo-1.7.0.161-43.7.6 java-1_7_0-openjdk-demo-debuginfo-1.7.0.161-43.7.6 java-1_7_0-openjdk-devel-1.7.0.161-43.7.6 java-1_7_0-openjdk-devel-debuginfo-1.7.0.161-43.7.6 java-1_7_0-openjdk-headless-1.7.0.161-43.7.6 java-1_7_0-openjdk-headless-debuginfo-1.7.0.161-43.7.6 - SUSE Linux Enterprise Server for SAP 12 (x86_64): java-1_7_0-openjdk-1.7.0.161-43.7.6 java-1_7_0-openjdk-debuginfo-1.7.0.161-43.7.6 java-1_7_0-openjdk-debugsource-1.7.0.161-43.7.6 java-1_7_0-openjdk-demo-1.7.0.161-43.7.6 java-1_7_0-openjdk-demo-debuginfo-1.7.0.161-43.7.6 java-1_7_0-openjdk-devel-1.7.0.161-43.7.6 java-1_7_0-openjdk-devel-debuginfo-1.7.0.161-43.7.6 java-1_7_0-openjdk-headless-1.7.0.161-43.7.6 java-1_7_0-openjdk-headless-debuginfo-1.7.0.161-43.7.6 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): java-1_7_0-openjdk-1.7.0.161-43.7.6 java-1_7_0-openjdk-debuginfo-1.7.0.161-43.7.6 java-1_7_0-openjdk-debugsource-1.7.0.161-43.7.6 java-1_7_0-openjdk-demo-1.7.0.161-43.7.6 java-1_7_0-openjdk-demo-debuginfo-1.7.0.161-43.7.6 java-1_7_0-openjdk-devel-1.7.0.161-43.7.6 java-1_7_0-openjdk-devel-debuginfo-1.7.0.161-43.7.6 java-1_7_0-openjdk-headless-1.7.0.161-43.7.6 java-1_7_0-openjdk-headless-debuginfo-1.7.0.161-43.7.6 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): java-1_7_0-openjdk-1.7.0.161-43.7.6 java-1_7_0-openjdk-debuginfo-1.7.0.161-43.7.6 java-1_7_0-openjdk-debugsource-1.7.0.161-43.7.6 java-1_7_0-openjdk-demo-1.7.0.161-43.7.6 java-1_7_0-openjdk-demo-debuginfo-1.7.0.161-43.7.6 java-1_7_0-openjdk-devel-1.7.0.161-43.7.6 java-1_7_0-openjdk-devel-debuginfo-1.7.0.161-43.7.6 java-1_7_0-openjdk-headless-1.7.0.161-43.7.6 java-1_7_0-openjdk-headless-debuginfo-1.7.0.161-43.7.6 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): java-1_7_0-openjdk-1.7.0.161-43.7.6 java-1_7_0-openjdk-debuginfo-1.7.0.161-43.7.6 java-1_7_0-openjdk-debugsource-1.7.0.161-43.7.6 java-1_7_0-openjdk-demo-1.7.0.161-43.7.6 java-1_7_0-openjdk-demo-debuginfo-1.7.0.161-43.7.6 java-1_7_0-openjdk-devel-1.7.0.161-43.7.6 java-1_7_0-openjdk-devel-debuginfo-1.7.0.161-43.7.6 java-1_7_0-openjdk-headless-1.7.0.161-43.7.6 java-1_7_0-openjdk-headless-debuginfo-1.7.0.161-43.7.6 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): java-1_7_0-openjdk-1.7.0.161-43.7.6 java-1_7_0-openjdk-debuginfo-1.7.0.161-43.7.6 java-1_7_0-openjdk-debugsource-1.7.0.161-43.7.6 java-1_7_0-openjdk-demo-1.7.0.161-43.7.6 java-1_7_0-openjdk-demo-debuginfo-1.7.0.161-43.7.6 java-1_7_0-openjdk-devel-1.7.0.161-43.7.6 java-1_7_0-openjdk-devel-debuginfo-1.7.0.161-43.7.6 java-1_7_0-openjdk-headless-1.7.0.161-43.7.6 java-1_7_0-openjdk-headless-debuginfo-1.7.0.161-43.7.6 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): java-1_7_0-openjdk-1.7.0.161-43.7.6 java-1_7_0-openjdk-debuginfo-1.7.0.161-43.7.6 java-1_7_0-openjdk-debugsource-1.7.0.161-43.7.6 java-1_7_0-openjdk-demo-1.7.0.161-43.7.6 java-1_7_0-openjdk-demo-debuginfo-1.7.0.161-43.7.6 java-1_7_0-openjdk-devel-1.7.0.161-43.7.6 java-1_7_0-openjdk-devel-debuginfo-1.7.0.161-43.7.6 java-1_7_0-openjdk-headless-1.7.0.161-43.7.6 java-1_7_0-openjdk-headless-debuginfo-1.7.0.161-43.7.6 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): java-1_7_0-openjdk-1.7.0.161-43.7.6 java-1_7_0-openjdk-debuginfo-1.7.0.161-43.7.6 java-1_7_0-openjdk-debugsource-1.7.0.161-43.7.6 java-1_7_0-openjdk-headless-1.7.0.161-43.7.6 java-1_7_0-openjdk-headless-debuginfo-1.7.0.161-43.7.6 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): java-1_7_0-openjdk-1.7.0.161-43.7.6 java-1_7_0-openjdk-debuginfo-1.7.0.161-43.7.6 java-1_7_0-openjdk-debugsource-1.7.0.161-43.7.6 java-1_7_0-openjdk-headless-1.7.0.161-43.7.6 java-1_7_0-openjdk-headless-debuginfo-1.7.0.161-43.7.6
References
#1049305 #1049306 #1049307 #1049309 #1049310
#1049311 #1049312 #1049313 #1049314 #1049315
#1049316 #1049317 #1049318 #1049319 #1049320
#1049321 #1049322 #1049323 #1049324 #1049325
#1049326 #1049327 #1049328 #1049329 #1049330
#1049331 #1049332 #1052318 #1064071 #1064072
#1064073 #1064075 #1064077 #1064078 #1064079
#1064080 #1064081 #1064082 #1064083 #1064084
#1064085 #1064086
Cross- CVE-2016-10165 CVE-2016-9840 CVE-2016-9841
CVE-2016-9842 CVE-2016-9843 CVE-2017-10053
CVE-2017-10067 CVE-2017-10074 CVE-2017-10081
CVE-2017-10086 CVE-2017-10087 CVE-2017-10089
CVE-2017-10090 CVE-2017-10096 CVE-2017-10101
CVE-2017-10102 CVE-2017-10105 CVE-2017-10107
CVE-2017-10108 CVE-2017-10109 CVE-2017-10110
CVE-2017-10111 CVE-2017-10114 CVE-2017-10115
CVE-2017-10116 CVE-2017-10118 CVE-2017-10125
CVE-2017-10135 CVE-2017-10176 CVE-2017-10193
CVE-2017-10198 CVE-2017-10243 CVE-2017-10274
CVE-2017-10281 CVE-2017-10285 CVE-2017-10295
CVE-2017-10345 CVE-2017-10346 CVE-2017-10347
CVE-2017-10348 CVE-2017-10349 CVE-2017-10350
CVE-2017-10355 CVE-2017-10356 CVE-2017-10357
CVE-2017-10388
Affected Products:
SUSE OpenStack Cloud 6
SUSE Linux Enterprise Server for SAP 12-SP1
SUSE Linux Enterprise Server for SAP 12
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2
SUSE Linux Enterprise Server 12-SP3
SUSE Linux Enterprise Server 12-SP2
SUSE Linux Enterprise Server 12-SP1-LTSS
SUSE Linux Enterprise Server 12-LTSS
SUSE Linux Enterprise Desktop 12-SP3
SUSE Linux Enterprise Desktop 12-SP2
https://www.suse.com/security/cve/CVE-2016-10165.html
https://www.suse.com/security/cve/CVE-2016-9840.html
https://www.suse.com/security/cve/CVE-2016-9841.html
https://www.suse.com/security/cve/CVE-2016-9842.html
https://www.suse.com/security/cve/CVE-2016-9843.html
https://www.suse.com/security/cve/CVE-2017-10053.html
https://www.suse.com/security/cve/CVE-2017-10067.html
https://www.suse.com/security/cve/CVE-2017-10074.html
https://www.suse.com/security/cve/CVE-2017-10081.html
https://www.suse.com/security/cve/CVE-2017-10086.html
https://www.suse.com/security/cve/CVE-2017-10087.html
https://www.suse.com/security/cve/CVE-2017-10089.html
https://www.suse.com/security/cve/CVE-2017-10090.html
https://www.suse.com/security/cve/CVE-2017-10096.html
https://www.suse.com/security/cve/CVE-2017-10101.html
https://www.suse.com/security/cve/CVE-2017-10102.html
https://www.suse.com/security/cve/CVE-2017-10105.html
https://www.suse.com/security/cve/CVE-2017-10107.html
https://www.suse.com/security/cve/CVE-2017-10108.html
https://www.suse.com/security/cve/CVE-2017-10109.html
https://www.suse.com/security/cve/CVE-2017-10110.html
https://www.suse.com/security/cve/CVE-2017-10111.html
https://www.suse.com/security/cve/CVE-2017-10114.html
https://www.suse.com/security/cve/CVE-2017-10115.html
https://www.suse.com/security/cve/CVE-2017-10116.html
https://www.suse.com/security/cve/CVE-2017-10118.html
https://www.suse.com/security/cve/CVE-2017-10125.html
https://www.suse.com/security/cve/CVE-2017-10135.html
https://www.suse.com/security/cve/CVE-2017-10176.html
https://www.suse.com/security/cve/CVE-2017-10193.html
https://www.suse.com/security/cve/CVE-2017-10198.html
https://www.suse.com/security/cve/CVE-2017-10243.html
https://www.suse.com/security/cve/CVE-2017-10274.html
https://www.suse.com/security/cve/CVE-2017-10281.html
https://www.suse.com/security/cve/CVE-2017-10285.html
https://www.suse.com/security/cve/CVE-2017-10295.html
https://www.suse.com/security/cve/CVE-2017-10345.html
https://www.suse.com/security/cve/CVE-2017-10346.html
https://www.suse.com/security/cve/CVE-2017-10347.html
https://www.suse.com/security/cve/CVE-2017-10348.html
https://www.suse.com/security/cve/CVE-2017-10349.html
https://www.suse.com/security/cve/CVE-2017-10350.html
https://www.suse.com/security/cve/CVE-2017-10355.html
https://www.suse.com/security/cve/CVE-2017-10356.html
https://www.suse.com/security/cve/CVE-2017-10357.html
https://www.suse.com/security/cve/CVE-2017-10388.html
https://bugzilla.suse.com/1049305
https://bugzilla.suse.com/1049306
https://bugzilla.suse.com/1049307
https://bugzilla.suse.com/1049309
https://bugzilla.suse.com/1049310
https://bugzilla.suse.com/1049311
https://bugzilla.suse.com/1049312
https://bugzilla.suse.com/1049313
https://bugzilla.suse.com/1049314
https://bugzilla.suse.com/1049315
https://bugzilla.suse.com/1049316
https://bugzilla.suse.com/1049317
https://bugzilla.suse.com/1049318
https://bugzilla.suse.com/1049319
https://bugzilla.suse.com/1049320
https://bugzilla.suse.com/1049321
https://bugzilla.suse.com/1049322
https://bugzilla.suse.com/1049323
https://bugzilla.suse.com/1049324
https://bugzilla.suse.com/1049325
https://bugzilla.suse.com/1049326
https://bugzilla.suse.com/1049327
https://bugzilla.suse.com/1049328
https://bugzilla.suse.com/1049329
https://bugzilla.suse.com/1049330
https://bugzilla.suse.com/1049331
https://bugzilla.suse.com/1049332
https://bugzilla.suse.com/1052318
https://bugzilla.suse.com/1064071
https://bugzilla.suse.com/1064072
https://bugzilla.suse.com/1064073
https://bugzilla.suse.com/1064075
https://bugzilla.suse.com/1064077
https://bugzilla.suse.com/1064078
https://bugzilla.suse.com/1064079
https://bugzilla.suse.com/1064080
https://bugzilla.suse.com/1064081
https://bugzilla.suse.com/1064082
https://bugzilla.suse.com/1064083
https://bugzilla.suse.com/1064084
https://bugzilla.suse.com/1064085
https://bugzilla.suse.com/1064086