openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2017-629)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update for java-1_7_0-openjdk fixes the following issues :

- Update to 2.6.10 - OpenJDK 7u141 (bsc#1034849)

- Security fixes

- S8163520, CVE-2017-3509: Reuse cache entries

- S8163528, CVE-2017-3511: Better library loading

- S8165626, CVE-2017-3512: Improved window framing

- S8167110, CVE-2017-3514: Windows peering issue

- S8169011, CVE-2017-3526: Resizing XML parse trees

- S8170222, CVE-2017-3533: Better transfers of files

- S8171121, CVE-2017-3539: Enhancing jar checking

- S8171533, CVE-2017-3544: Better email transfer

- S8172299: Improve class processing

- New features

- PR3347: jstack.stp should support AArch64

- Import of OpenJDK 7 u141 build 0

- S4717864: setFont() does not update Fonts of Menus
already on screen

- S6474807: (smartcardio) CardTerminal.connect() throws
CardException instead of CardNotPresentException

- S6518907: cleanup IA64 specific code in Hotspot

- S6869327: Add new C2 flag to keep safepoints in counted
loops.

- S7112912: Message 'Error occurred during initialization
of VM' on boxes with lots of RAM

- S7124213: [macosx] pack() does ignore size of a
component; doesn't on the other platforms

- S7124219: [macosx] Unable to draw images to fullscreen

- S7124552: [macosx] NullPointerException in
getBufferStrategy()

- S7148275: [macosx] setIconImages() not working correctly
(distorted icon when minimized)

- S7154841: [macosx] Popups appear behind taskbar

- S7155957:
closed/java/awt/MenuBar/MenuBarStress1/MenuBarStress1.ja
va hangs on win 64 bit with jdk8

- S7160627: [macosx] TextArea has wrong initial size

- S7167293: FtpURLConnection connection leak on
FileNotFoundException

- S7168851: [macosx] Netbeans crashes in
CImage.nativeCreateNSImageFromArray

- S7197203: sun/misc/URLClassPath/ClassnameCharTest.sh
failed, compile error

- S8005255: [macosx] Cleanup warnings in sun.lwawt

- S8006088: Incompatible heap size flags accepted by VM

- S8007295: Reduce number of warnings in awt classes

- S8010722: assert: failed: heap size is too big for
compressed oops

- S8011059: [macosx] Support automatic @2x images loading
on Mac OS X

- S8014058: Regression tests for 8006088

- S8014489:
tests/gc/arguments/Test(Serial|CMS|Parallel|G1)HeapSizeF
lags jtreg tests invoke wrong class

- S8016302: Change type of the number of GC workers to
unsigned int (2)

- S8024662: gc/arguments/TestUseCompressedOopsErgo.java
does not compile.

- S8024669: Native OOME when allocating after changes to
maximum heap supporting Coops sizing on sparcv9

- S8024926: [macosx] AquaIcon HiDPI support

- S8025974: l10n for policytool

- S8027025: [macosx] getLocationOnScreen returns 0 if
parent invisible

- S8028212: Custom cursor HiDPI support

- S8028471: PPC64 (part 215): opto: Extend
ImplicitNullCheck optimization.

- S8031573: [macosx] Checkmarks of JCheckBoxMenuItems
aren't rendered in high resolution on Retina

- S8033534: [macosx] Get MultiResolution image from native
system

- S8033786: White flashing when opening Dialogs and Menus
using Nimbus with dark background

- S8035568: [macosx] Cursor management unification

- S8041734: JFrame in full screen mode leaves empty
workspace after close

- S8059803: Update use of GetVersionEx to get correct
Windows version in hs_err files

- S8066504: GetVersionEx in
java.base/windows/native/libjava/java_props_md.c might
not get correct Windows version 0

- S8079595: Resizing dialog which is JWindow parent makes
JVM crash

- S8080729: [macosx] java 7 and 8 JDialogs on multiscreen
jump to parent frame on focus

- S8130769: The new menu can't be shown on the menubar
after clicking the 'Add' button.

- S8133357: 8u65 l10n resource file translation update

- S8146602:
jdk/test/sun/misc/URLClassPath/ClassnameCharTest.java
test fails with NullPointerException

- S8147842: IME Composition Window is displayed at
incorrect location

- S8147910: Cache initial active_processor_count

- S8150490: Update OS detection code to recognize Windows
Server 2016

- S8161147: jvm crashes when -XX:+UseCountedLoopSafepoints
is enabled

- S8161195: Regression:
closed/javax/swing/text/FlowView/LayoutTest.java

- S8161993: G1 crashes if active_processor_count changes
during startup

- S8162603: Unrecognized VM option
'UseCountedLoopSafepoints'

- S8162876: [TEST_BUG]
sun/net/www/protocol/http/HttpInputStream.java fails
intermittently

- S8164533:
sun/security/ssl/SSLSocketImpl/CloseSocket.java failed
with 'Error while cleaning up threads after test'

- S8167179: Make XSL generated namespace prefixes local to
transformation process

- S8169465: Deadlock in com.sun.jndi.ldap.pool.Connections

- S8169589: [macosx] Activating a JDialog puts to back
another dialog

- S8170307: Stack size option -Xss is ignored

- S8170316: (tz) Support tzdata2016j

- S8170814: Reuse cache entries (part II)

- S8171388: Update JNDI Thread contexts

- S8171949: [macosx] AWT_ZoomFrame Automated tests fail
with error: The bitwise mask Frame.ICONIFIED is not
setwhen the frame is in ICONIFIED state

- S8171952: [macosx]
AWT_Modality/Automated/ModalExclusion/NoExclusion/Modele
ssDialog test fails as DummyButton on Dialog did not
gain focus when clicked.

- S8173931: 8u131 L10n resource file update

- S8174844: Incorrect GPL header causes RE script to miss
swap to commercial header for licensee source bundle

- S8175087: [bsd] Fix build after '8024900: PPC64: Enable
new build on AIX (jdk part)'

- S8175163: [bsd] Fix build after '8005629: javac warnings
compiling java.awt.EventDispatchThread...'

- S8176044: (tz) Support tzdata2017a

- Import of OpenJDK 7 u141 build 1

- S8043723: max_heap_for_compressed_oops() declared with
size_t, but defined with uintx

- Import of OpenJDK 7 u141 build 2

- S8011123: serialVersionUID of
java.awt.dnd.InvalidDnDOperationException changed in
JDK8-b82

- Backports

- S6515172, PR3362: Runtime.availableProcessors() ignores
Linux taskset command

- S8022284, PR3209: Hide internal data structure in
PhaseCFG

- S8023003, PR3209: Cleanup the public interface to
PhaseCFG

- S8023691, PR3209: Create interface for nodes in class
Block

- S8023988, PR3209: Move local scheduling of nodes to the
CFG creation and code motion phase (PhaseCFG)

- S8043780, PR3369: Use open(O_CLOEXEC) instead of
fcntl(FD_CLOEXEC)

- S8157306, PR3209: Random infrequent NULL pointer
exceptions in javac

- S8173783, PR3329: IllegalArgumentException:
jdk.tls.namedGroups

- S8173941, PR3330: SA does not work if executable is DSO

- S8174729, PR3361: Race Condition in
java.lang.reflect.WeakCache

- Bug fixes

- PR3349: Architectures unsupported by SystemTap tapsets
throw a parse error

- PR3370: Disable ARM32 JIT by default in
jdk_generic_profile.sh

- PR3379: Perl should be mandatory

- PR3390: javac.in and javah.in should use @[email protected] rather
than a hardcoded path

- CACAO

- PR2732: Raise javadoc memory limits for CACAO again!

- AArch64 port

- S8177661, PR3367: Correct ad rule output register types
from iRegX to iRegXNoSp

- Get ecj.jar path from gcj, use the gcc variant that
provides Java to build C code to make sure jni.h is
available.

- S8167104, CVE-2017-3289: Additional class construction

- S6253144: Long narrowing conversion should describe the

- S6328537: Improve javadocs for Socket class by adding

- S6978886: javadoc shows stacktrace after print error

- S6995421: Eliminate the static dependency to

- S7027045: (doc) java/awt/Window.java has several typos
in

- S7054969: Null-check-in-finally pattern in java/security

- S7072353: JNDI libraries do not build with javac
-Xlint:all

- S7092447: Clarify the default locale used in each locale

- S7103570: AtomicIntegerFieldUpdater does not work when

- S7187144: JavaDoc for ScriptEngineFactory.getProgram()

- S8000418: javadoc should used a standard 'generated by

- S8000666: javadoc should write directly to Writer
instead of

- S8000970: break out auxiliary classes that will prevent

- S8001669: javadoc internal DocletAbortException should
set

- S8011402: Move blacklisting certificate logic from hard
code

- S8011547: Update XML Signature implementation to Apache

- S8012288: XML DSig API allows wrong tag names and extra

- S8017325: Cleanup of the javadoc <code> tag in

- S8017326: Cleanup of the javadoc <code> tag in

- S8019772: Fix doclint issues in javax.crypto and

- S8020688: Broken links in documentation at

- S8021108: Clean up doclint warnings and errors in
java.text

- S8022120: JCK test
api/javax_xml/crypto/dsig/TransformService/index_ParamMe
thods

- S8025409: Fix javadoc comments errors and warning
reported by

- S8026021: more fix of javadoc errors and warnings
reported by

- S8037099: [macosx] Remove all references to GC from
native

- S8038184: XMLSignature throws
StringIndexOutOfBoundsException

- S8038349: Signing XML with DSA throws Exception when key
is

- S8049244: XML Signature performance issue caused by

- S8050893: (smartcardio) Invert reset argument in tests
in

- S8059212: Modify sun/security/smartcardio manual
regression

- S8068279: (typo in the spec)

- S8068491: Update the protocol for references of

- S8069038: javax/net/ssl/TLS/TLSClientPropertyTest.java
needs

- S8076369: Introduce the jdk.tls.client.protocols system

- S8139565: Restrict certificates with DSA keys less than
1024

- S8140422: Add mechanism to allow non default root CAs to
be

- S8140587: Atomic*FieldUpdaters should use
Class.isInstance

- S8149029: Secure validation of XML based digital
signature

- S8151893: Add security property to configure XML
Signature

- S8161228: URL objects with custom protocol handlers have
port

- S8163304: jarsigner -verbose -verify should print the

- S8164908: ReflectionFactory support for IIOP and custom

- S8165230: RMIConnection addNotificationListeners failing
with

- S8166393: disabledAlgorithms property should not be
strictly

- S8166591: [macos 10.12] Trackpad scrolling of text on OS
X

- S8166739: Improve extensibility of ObjectInputFilter

- S8167356: Follow up fix for jdk8 backport of 8164143.
Changes

- S8167459: Add debug output for indicating if a chosen

- S8168861: AnchorCertificates uses hardcoded password for

- S8169688: Backout (remove) MD5 from

- S8169911: Enhanced tests for jarsigner -verbose -verify
after

- S8170131: Certificates not being blocked by

- S8173854: [TEST] Update DHEKeySizing test case following

- S7102489, PR3316, RH1390708: RFE: cleanup jlong typedef
on

- S8000351, PR3316, RH1390708: Tenuring threshold should
be

- S8153711, PR3315, RH1284948: [REDO] JDWP: Memory Leak :

- S8170888, PR3316, RH1390708: [linux] Experimental
support for

- PR3318: Replace 'infinality' with 'improved font
rendering'

- PR3324: Fix NSS_LIBDIR substitution in

- S8165673, PR3320: AArch64: Fix JNI floating point
argument

+ S6604109, PR3162 :

- Add -fno-delete-null-pointer-checks -fno-lifetime-dse to
try to directory to be specified versions of IcedTea

This update was imported from the SUSE:SLE-12:Update update project.

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1034849

Solution :

Update the affected java-1_7_0-openjdk packages.

Risk factor :

High / CVSS Base Score : 7.1
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C)

Family: SuSE Local Security Checks

Nessus Plugin ID: 100503 ()

Bugtraq ID:

CVE ID: CVE-2017-3289
CVE-2017-3509
CVE-2017-3511
CVE-2017-3512
CVE-2017-3514
CVE-2017-3526
CVE-2017-3533
CVE-2017-3539
CVE-2017-3544

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now