patchinfo - openSUSE Build Service

Overview Details Repositories Revisions Requests Users Attributes Meta

Security update for java-1_8_0-openjdk

This java-1_8_0-openjdk update to version jdk8u141 (icedtea 3.5.0) fixes the following issues:

Security issues fixed:
- CVE-2017-10053: Improved image post-processing steps (bsc#1049305)
- CVE-2017-10067: Additional jar validation steps (bsc#1049306)
- CVE-2017-10074: Image conversion improvements (bsc#1049307)
- CVE-2017-10078: Better script accessibility for JavaScript (bsc#1049308)
- CVE-2017-10081: Right parenthesis issue (bsc#1049309)
- CVE-2017-10086: Unspecified vulnerability in subcomponent JavaFX (bsc#1049310)
- CVE-2017-10087: Better Thread Pool execution (bsc#1049311)
- CVE-2017-10089: Service Registration Lifecycle (bsc#1049312)
- CVE-2017-10090: Better handling of channel groups (bsc#1049313)
- CVE-2017-10096: Transform Transformer Exceptions (bsc#1049314)
- CVE-2017-10101: Better reading of text catalogs (bsc#1049315)
- CVE-2017-10102: Improved garbage collection (bsc#1049316)
- CVE-2017-10105: Unspecified vulnerability in subcomponent deployment (bsc#1049317)
- CVE-2017-10107: Less Active Activations (bsc#1049318)
- CVE-2017-10108: Better naming attribution (bsc#1049319)
- CVE-2017-10109: Better sourcing of code (bsc#1049320)
- CVE-2017-10110: Better image fetching (bsc#1049321)
- CVE-2017-10111: Rearrange MethodHandle arrangements (bsc#1049322)
- CVE-2017-10114: Unspecified vulnerability in subcomponent JavaFX (bsc#1049323)
- CVE-2017-10115: Higher quality DSA operations (bsc#1049324)
- CVE-2017-10116: Proper directory lookup processing (bsc#1049325)
- CVE-2017-10118: Higher quality ECDSA operations (bsc#1049326)
- CVE-2017-10125: Unspecified vulnerability in subcomponent deployment (bsc#1049327)
- CVE-2017-10135: Better handling of PKCS8 material (bsc#1049328)
- CVE-2017-10176: Additional elliptic curve support (bsc#1049329)
- CVE-2017-10193: Improve algorithm constraints implementation (bsc#1049330)
- CVE-2017-10198: Clear certificate chain connections (bsc#1049331)
- CVE-2017-10243: Unspecified vulnerability in subcomponent JAX-WS (bsc#1049332)

Bug fixes:
- Check registry registration location
- Improved certificate processing
- JMX diagnostic improvements
- Update to libpng 1.6.28
- Import of OpenJDK 8 u141 build 15 (bsc#1049302)

New features:
- Support using RSAandMGF1 with the SHA hash algorithms in the PKCS11 provider

This update was imported from the SUSE:SLE-12-SP1:Update update project.

Submitted by Fridrich Strba (fstrba)

Fixed bugs

VUL-0: CVE-2017-10193: java-1_8_0-openjdk,java-1_7_0-openjdk: Incorrect key size constraint check

VUL-0: CVE-2017-10067: java-1_8_0-openjdk,java-1_7_0-openjdk: JAR verifier incorrect handling of missing digest

VUL-0: CVE-2017-10074: java-1_8_0-openjdk,java-1_7_0-openjdk: Integer overflows in range check loop predicates

VUL-0: CVE-2017-10053: java-1_8_0-openjdk,java-1_7_0-openjdk: Reading of unprocessed image data in JPEGImageReader

[Build 20170717] Java 8 patchlevel outdataed - openQA test fails in firefox_java

VUL-0: CVE-2017-10078: java-1_8_0-openjdk: Nashorn incompletely blocking access to Java APIs

VUL-0: CVE-2017-10081: java-1_8_0-openjdk,java-1_7_0-openjdk: Incorrect bracket processing in function signature handling

VUL-0: CVE-2017-10135: java-1_8_0-openjdk,java-1_7_0-openjdk: PKCS#8 implementation timing attack

VUL-0: CVE-2017-10176: java-1_8_0-openjdk,java-1_7_0-openjdk: Incorrect handling of certain EC points

VUL-0: CVE-2017-10115: java-1_8_0-openjdk,java-1_7_0-openjdk: Unspecified vulnerability in subcomponent JCE

VUL-0: CVE-2017-10116: java-1_8_0-openjdk,java-1_7_0-openjdk: LDAPCertStore following referrals to non-LDAP URL

VUL-0: CVE-2017-10118: java-1_8_0-openjdk,java-1_7_0-openjdk: ECDSA implementation timing attack

VUL-0: CVE-2017-10125: java-1_8_0-openjdk,java-1_7_0-openjdk: Unspecified vulnerability in subcomponent deployment

VUL-0: CVE-2017-10109: java-1_8_0-openjdk,java-1_7_0-openjdk: Unbounded memory allocation in CodeSource deserialization

VUL-0: CVE-2017-10110: java-1_8_0-openjdk,java-1_7_0-openjdk: Insufficient access control checks in ImageWatched

VUL-0: CVE-2017-10111: java-1_8_0-openjdk: Incorrect range checks in LambdaFormEditor

VUL-0: CVE-2017-10114: java-1_8_0-openjdk,java-1_7_0-openjdk: Unspecified vulnerability in subcomponent JavaFX

VUL-0: CVE-2017-10243: java-1_8_0-openjdk,java-1_7_0-openjdk: Unspecified vulnerability in subcomponent JAX-WS

VUL-0: CVE-2017-10108: java-1_8_0-openjdk,java-1_7_0-openjdk: Unbounded memory allocation in BasicAttribute deserialization

VUL-0: CVE-2017-10107: java-1_8_0-openjdk,java-1_7_0-openjdk: Insufficient access control checks in ActivationID

VUL-0: CVE-2017-10198: java-1_8_0-openjdk,java-1_7_0-openjdk: Incorrect enforcement of certificate path restrictions

VUL-0: CVE-2017-10087: java-1_8_0-openjdk,java-1_7_0-openjdk: Insufficient access control checks in ThreadPoolExecutor

VUL-0: CVE-2017-10086: java-1_8_0-openjdk,java-1_7_0-openjdk: Unspecified in subcomponent JavaFX

VUL-0: CVE-2017-10090: java-1_8_0-openjdk,java-1_7_0-openjdk: Insufficient access control checks in AsynchronousChannelGroupImpl

VUL-0: CVE-2017-10089: java-1_8_0-openjdk,java-1_7_0-openjdk: Insufficient access control checks in ServiceRegistry

VUL-0: CVE-2017-10101: java-1_8_0-openjdk,java-1_7_0-openjdk: Unrestricted access to com.sun.org.apache.xml.internal.resolver

VUL-0: CVE-2017-10096: java-1_8_0-openjdk,java-1_7_0-openjdk: Insufficient access control checks in XML transformations

VUL-0: CVE-2017-10105: java-1_8_0-openjdk,java-1_7_0-openjdk: Unspecified vulnerability in subcomponent deployment

VUL-0: CVE-2017-10102: java-1_8_0-openjdk,java-1_7_0-openjdk: Incorrect handling of references in DGC

Selected Binaries

openSUSE Build Service is sponsored by