Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:Update
patchinfo.5234
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.5234
<patchinfo incident="5234"> <issue id="1049330" tracker="bnc">VUL-0: CVE-2017-10193: java-1_8_0-openjdk,java-1_7_0-openjdk: Incorrect key size constraint check</issue> <issue id="1049306" tracker="bnc">VUL-0: CVE-2017-10067: java-1_8_0-openjdk,java-1_7_0-openjdk: JAR verifier incorrect handling of missing digest</issue> <issue id="1049307" tracker="bnc">VUL-0: CVE-2017-10074: java-1_8_0-openjdk,java-1_7_0-openjdk: Integer overflows in range check loop predicates</issue> <issue id="1049305" tracker="bnc">VUL-0: CVE-2017-10053: java-1_8_0-openjdk,java-1_7_0-openjdk: Reading of unprocessed image data in JPEGImageReader</issue> <issue id="1049302" tracker="bnc">[Build 20170717] Java 8 patchlevel outdataed - openQA test fails in firefox_java</issue> <issue id="1049308" tracker="bnc">VUL-0: CVE-2017-10078: java-1_8_0-openjdk: Nashorn incompletely blocking access to Java APIs</issue> <issue id="1049309" tracker="bnc">VUL-0: CVE-2017-10081: java-1_8_0-openjdk,java-1_7_0-openjdk: Incorrect bracket processing in function signature handling</issue> <issue id="1049328" tracker="bnc">VUL-0: CVE-2017-10135: java-1_8_0-openjdk,java-1_7_0-openjdk: PKCS#8 implementation timing attack</issue> <issue id="1049329" tracker="bnc">VUL-0: CVE-2017-10176: java-1_8_0-openjdk,java-1_7_0-openjdk: Incorrect handling of certain EC points</issue> <issue id="1049324" tracker="bnc">VUL-0: CVE-2017-10115: java-1_8_0-openjdk,java-1_7_0-openjdk: Unspecified vulnerability in subcomponent JCE</issue> <issue id="1049325" tracker="bnc">VUL-0: CVE-2017-10116: java-1_8_0-openjdk,java-1_7_0-openjdk: LDAPCertStore following referrals to non-LDAP URL</issue> <issue id="1049326" tracker="bnc">VUL-0: CVE-2017-10118: java-1_8_0-openjdk,java-1_7_0-openjdk: ECDSA implementation timing attack</issue> <issue id="1049327" tracker="bnc">VUL-0: CVE-2017-10125: java-1_8_0-openjdk,java-1_7_0-openjdk: Unspecified vulnerability in subcomponent deployment</issue> <issue id="1049320" tracker="bnc">VUL-0: CVE-2017-10109: java-1_8_0-openjdk,java-1_7_0-openjdk: Unbounded memory allocation in CodeSource deserialization</issue> <issue id="1049321" tracker="bnc">VUL-0: CVE-2017-10110: java-1_8_0-openjdk,java-1_7_0-openjdk: Insufficient access control checks in ImageWatched</issue> <issue id="1049322" tracker="bnc">VUL-0: CVE-2017-10111: java-1_8_0-openjdk: Incorrect range checks in LambdaFormEditor</issue> <issue id="1049323" tracker="bnc">VUL-0: CVE-2017-10114: java-1_8_0-openjdk,java-1_7_0-openjdk: Unspecified vulnerability in subcomponent JavaFX</issue> <issue id="1049332" tracker="bnc">VUL-0: CVE-2017-10243: java-1_8_0-openjdk,java-1_7_0-openjdk: Unspecified vulnerability in subcomponent JAX-WS</issue> <issue id="1049319" tracker="bnc">VUL-0: CVE-2017-10108: java-1_8_0-openjdk,java-1_7_0-openjdk: Unbounded memory allocation in BasicAttribute deserialization</issue> <issue id="1049318" tracker="bnc">VUL-0: CVE-2017-10107: java-1_8_0-openjdk,java-1_7_0-openjdk: Insufficient access control checks in ActivationID</issue> <issue id="1049331" tracker="bnc">VUL-0: CVE-2017-10198: java-1_8_0-openjdk,java-1_7_0-openjdk: Incorrect enforcement of certificate path restrictions</issue> <issue id="1049311" tracker="bnc">VUL-0: CVE-2017-10087: java-1_8_0-openjdk,java-1_7_0-openjdk: Insufficient access control checks in ThreadPoolExecutor</issue> <issue id="1049310" tracker="bnc">VUL-0: CVE-2017-10086: java-1_8_0-openjdk,java-1_7_0-openjdk: Unspecified in subcomponent JavaFX</issue> <issue id="1049313" tracker="bnc">VUL-0: CVE-2017-10090: java-1_8_0-openjdk,java-1_7_0-openjdk: Insufficient access control checks in AsynchronousChannelGroupImpl</issue> <issue id="1049312" tracker="bnc">VUL-0: CVE-2017-10089: java-1_8_0-openjdk,java-1_7_0-openjdk: Insufficient access control checks in ServiceRegistry</issue> <issue id="1049315" tracker="bnc">VUL-0: CVE-2017-10101: java-1_8_0-openjdk,java-1_7_0-openjdk: Unrestricted access to com.sun.org.apache.xml.internal.resolver</issue> <issue id="1049314" tracker="bnc">VUL-0: CVE-2017-10096: java-1_8_0-openjdk,java-1_7_0-openjdk: Insufficient access control checks in XML transformations</issue> <issue id="1049317" tracker="bnc">VUL-0: CVE-2017-10105: java-1_8_0-openjdk,java-1_7_0-openjdk: Unspecified vulnerability in subcomponent deployment</issue> <issue id="1049316" tracker="bnc">VUL-0: CVE-2017-10102: java-1_8_0-openjdk,java-1_7_0-openjdk: Incorrect handling of references in DGC</issue> <issue id="2017-10198" tracker="cve" /> <issue id="2017-10053" tracker="cve" /> <issue id="2017-10176" tracker="cve" /> <issue id="2017-10193" tracker="cve" /> <issue id="2017-10096" tracker="cve" /> <issue id="2017-10090" tracker="cve" /> <issue id="2017-10107" tracker="cve" /> <issue id="2017-10105" tracker="cve" /> <issue id="2017-10102" tracker="cve" /> <issue id="2017-10101" tracker="cve" /> <issue id="2017-10125" tracker="cve" /> <issue id="2017-10109" tracker="cve" /> <issue id="2017-10108" tracker="cve" /> <issue id="2017-10067" tracker="cve" /> <issue id="2017-10086" tracker="cve" /> <issue id="2017-10087" tracker="cve" /> <issue id="2017-10081" tracker="cve" /> <issue id="2017-10089" tracker="cve" /> <issue id="2017-10135" tracker="cve" /> <issue id="2017-10110" tracker="cve" /> <issue id="2017-10111" tracker="cve" /> <issue id="2017-10078" tracker="cve" /> <issue id="2017-10114" tracker="cve" /> <issue id="2017-10115" tracker="cve" /> <issue id="2017-10116" tracker="cve" /> <issue id="2017-10118" tracker="cve" /> <issue id="2017-10243" tracker="cve" /> <issue id="2017-10074" tracker="cve" /> <category>security</category> <rating>important</rating> <packager>fstrba</packager> <description>This java-1_8_0-openjdk update to version jdk8u141 (icedtea 3.5.0) fixes the following issues: Security issues fixed: - CVE-2017-10053: Improved image post-processing steps (bsc#1049305) - CVE-2017-10067: Additional jar validation steps (bsc#1049306) - CVE-2017-10074: Image conversion improvements (bsc#1049307) - CVE-2017-10078: Better script accessibility for JavaScript (bsc#1049308) - CVE-2017-10081: Right parenthesis issue (bsc#1049309) - CVE-2017-10086: Unspecified vulnerability in subcomponent JavaFX (bsc#1049310) - CVE-2017-10087: Better Thread Pool execution (bsc#1049311) - CVE-2017-10089: Service Registration Lifecycle (bsc#1049312) - CVE-2017-10090: Better handling of channel groups (bsc#1049313) - CVE-2017-10096: Transform Transformer Exceptions (bsc#1049314) - CVE-2017-10101: Better reading of text catalogs (bsc#1049315) - CVE-2017-10102: Improved garbage collection (bsc#1049316) - CVE-2017-10105: Unspecified vulnerability in subcomponent deployment (bsc#1049317) - CVE-2017-10107: Less Active Activations (bsc#1049318) - CVE-2017-10108: Better naming attribution (bsc#1049319) - CVE-2017-10109: Better sourcing of code (bsc#1049320) - CVE-2017-10110: Better image fetching (bsc#1049321) - CVE-2017-10111: Rearrange MethodHandle arrangements (bsc#1049322) - CVE-2017-10114: Unspecified vulnerability in subcomponent JavaFX (bsc#1049323) - CVE-2017-10115: Higher quality DSA operations (bsc#1049324) - CVE-2017-10116: Proper directory lookup processing (bsc#1049325) - CVE-2017-10118: Higher quality ECDSA operations (bsc#1049326) - CVE-2017-10125: Unspecified vulnerability in subcomponent deployment (bsc#1049327) - CVE-2017-10135: Better handling of PKCS8 material (bsc#1049328) - CVE-2017-10176: Additional elliptic curve support (bsc#1049329) - CVE-2017-10193: Improve algorithm constraints implementation (bsc#1049330) - CVE-2017-10198: Clear certificate chain connections (bsc#1049331) - CVE-2017-10243: Unspecified vulnerability in subcomponent JAX-WS (bsc#1049332) Bug fixes: - Check registry registration location - Improved certificate processing - JMX diagnostic improvements - Update to libpng 1.6.28 - Import of OpenJDK 8 u141 build 15 (bsc#1049302) New features: - Support using RSAandMGF1 with the SHA hash algorithms in the PKCS11 provider </description> <summary>Security update for java-1_8_0-openjdk</summary> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor