openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2017-662)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update for java-1_8_0-openjdk fixes the following issues :

- Upgrade to version jdk8u131 (icedtea 3.4.0) -
bsc#1034849

- Security fixes

- S8163520, CVE-2017-3509: Reuse cache entries

- S8163528, CVE-2017-3511: Better library loading

- S8165626, CVE-2017-3512: Improved window framing

- S8167110, CVE-2017-3514: Windows peering issue

- S8168699: Validate special case invocations

- S8169011, CVE-2017-3526: Resizing XML parse trees

- S8170222, CVE-2017-3533: Better transfers of files

- S8171121, CVE-2017-3539: Enhancing jar checking

- S8171533, CVE-2017-3544: Better email transfer

- S8172299: Improve class processing

- New features

- PR1969: Add AArch32 JIT port

- PR3297: Allow Shenandoah to be used on AArch64

- PR3340: jstack.stp should support AArch64

- Import of OpenJDK 8 u131 build 11

- S6474807: (smartcardio) CardTerminal.connect() throws
CardException instead of CardNotPresentException

- S6515172, PR3346: Runtime.availableProcessors() ignores
Linux taskset command

- S7155957:
closed/java/awt/MenuBar/MenuBarStress1/MenuBarStress1.ja
va hangs on win 64 bit with jdk8

- S7167293: FtpURLConnection connection leak on
FileNotFoundException

- S8035568: [macosx] Cursor management unification

- S8079595: Resizing dialog which is JWindow parent makes
JVM crash

- S8130769: The new menu can't be shown on the menubar
after clicking the 'Add' button.

- S8146602:
jdk/test/sun/misc/URLClassPath/ClassnameCharTest.java
test fails with NullPointerException

- S8147842: IME Composition Window is displayed at
incorrect location

- S8147910, PR3346: Cache initial active_processor_count

- S8150490: Update OS detection code to recognize Windows
Server 2016

- S8160951: [TEST_BUG]
javax/xml/bind/marshal/8134111/UnmarshalTest.java should
be added into :needs_jre group

- S8160958: [TEST_BUG]
java/net/SetFactoryPermission/SetFactoryPermission.java
should be added into :needs_compact2 group

- S8161147: jvm crashes when -XX:+UseCountedLoopSafepoints
is enabled

- S8161195: Regression:
closed/javax/swing/text/FlowView/LayoutTest.java

- S8161993, PR3346: G1 crashes if active_processor_count
changes during startup

- S8162876: [TEST_BUG]
sun/net/www/protocol/http/HttpInputStream.java fails
intermittently

- S8162916: Test sun/security/krb5/auto/UnboundSSL.java
fails

- S8164533:
sun/security/ssl/SSLSocketImpl/CloseSocket.java failed
with 'Error while cleaning up threads after test'

- S8167179: Make XSL generated namespace prefixes local to
transformation process

- S8168774: Polymorhic signature method check crashes
javac

- S8169465: Deadlock in com.sun.jndi.ldap.pool.Connections

- S8169589: [macosx] Activating a JDialog puts to back
another dialog

- S8170307: Stack size option -Xss is ignored

- S8170316: (tz) Support tzdata2016j

- S8170814: Reuse cache entries (part II)

- S8170888, PR3314, RH1284948: [linux] Experimental
support for cgroup memory limits in container (ie
Docker) environments

- S8171388: Update JNDI Thread contexts

- S8171949: [macosx] AWT_ZoomFrame Automated tests fail
with error: The bitwise mask Frame.ICONIFIED is not
setwhen the frame is in ICONIFIED state

- S8171952: [macosx]
AWT_Modality/Automated/ModalExclusion/NoExclusion/Modele
ssDialog test fails as DummyButton on Dialog did not
gain focus when 	 clicked.

- S8173030: Temporary backout fix #8035568 from 8u131-b03

- S8173031: Temporary backout fix #8171952 from 8u131-b03

- S8173783, PR3328: IllegalArgumentException:
jdk.tls.namedGroups

- S8173931: 8u131 L10n resource file update

- S8174844: Incorrect GPL header causes RE script to miss
swap to commercial header for licensee source bundle

- S8174985: NTLM authentication doesn't work with IIS if
NTLM cache is disabled

- S8176044: (tz) Support tzdata2017a

- Backports

- S6457406, PR3335: javadoc doesn't handle <a
href='http://...'> properly in producing index pages

- S8030245, PR3335: Update langtools to use
try-with-resources and multi-catch

- S8030253, PR3335: Update langtools to use
strings-in-switch

- S8030262, PR3335: Update langtools to use foreach loops

- S8031113, PR3337: TEST_BUG:
java/nio/channels/AsynchronousChannelGroup/Basic.java
fails intermittently

- S8031625, PR3335: javadoc problems referencing inner
class constructors

- S8031649, PR3335: Clean up javadoc tests

- S8031670, PR3335: Remove unneeded -source options in
javadoc tests

- S8032066, PR3335: Serialized form has broken links to
non private inner classes of package private

- S8034174, PR2290: Remove use of JVM_* functions from
java.net code

- S8034182, PR2290: Misc. warnings in java.net code

- S8035876, PR2290: AIX build issues after '8034174:
Remove use of JVM_* functions from java.net code'

- S8038730, PR3335: Clean up the way JavadocTester is
invoked, and checks for errors.

- S8040903, PR3335: Clean up use of BUG_ID in javadoc
tests

- S8040904, PR3335: Ensure javadoc tests do not overwrite
results within tests

- S8040908, PR3335: javadoc test TestDocEncoding should
use

-notimestamp

- S8041150, PR3335: Avoid silly use of static methods in
JavadocTester

- S8041253, PR3335: Avoid redundant synonyms of NO_TEST

- S8043780, PR3368: Use open(O_CLOEXEC) instead of
fcntl(FD_CLOEXEC)

- S8061305, PR3335: Javadoc crashes when method name ends
with 'Property'

- S8072452, PR3337: Support DHE sizes up to 8192-bits and
DSA sizes up to 3072-bits

- S8075565, PR3337: Define @intermittent jtreg keyword and
mark intermittently failing jdk tests

- S8075670, PR3337: Remove intermittent keyword from some
tests

- S8078334, PR3337: Mark regression tests using randomness

- S8078880, PR3337: Mark a few more intermittently
failuring security-libs

- S8133318, PR3337: Exclude intermittent failing PKCS11
tests on Solaris SPARC 11.1 and earlier

- S8144539, PR3337: Update PKCS11 tests to run with
security manager

- S8144566, PR3352: Custom HostnameVerifier disables SNI
extension

- S8153711, PR3313, RH1284948: [REDO] JDWP: Memory Leak:
GlobalRefs never deleted when processing invokeMethod
command

- S8155049, PR3352: New tests from 8144566 fail with 'No
expected Server Name Indication'

- S8173941, PR3326: SA does not work if executable is DSO

- S8174164, PR3334, RH1417266:
SafePointNode::_replaced_nodes breaks with irreducible
loops

- S8174729, PR3336, RH1420518: Race Condition in
java.lang.reflect.WeakCache

- S8175097, PR3334, RH1417266: [TESTBUG] 8174164 fix
missed the test

- Bug fixes

- PR3348: Architectures unsupported by SystemTap tapsets
throw a parse error

- PR3378: Perl should be mandatory

- PR3389: javac.in and javah.in should use @[email protected] rather
than a hardcoded path

- AArch64 port

- S8168699, PR3372: Validate special case invocations
[AArch64 support]

- S8170100, PR3372: AArch64: Crash in C1-compiled code
accessing References

- S8172881, PR3372: AArch64: assertion failure: the int
pressure is incorrect

- S8173472, PR3372: AArch64: C1 comparisons with null only
use 32-bit instructions

- S8177661, PR3372: Correct ad rule output register types
from iRegX to iRegXNoSp

- AArch32 port

- PR3380: Zero should not be enabled by default on arm
with the AArch32 HotSpot build

- PR3384, S8139303, S8167584: Add support for AArch32
architecture to configure and jdk makefiles

- PR3385: aarch32 does not support -Xshare:dump

- PR3386, S8164652: AArch32 jvm.cfg wrong for C1 build

- PR3387: Installation fails on arm with AArch32 port as
INSTALL_ARCH_DIR is arm, not aarch32

- PR3388: Wrong path for jvm.cfg being used on arm with
AArch32 build

- Shenandoah

- Fix Shenandoah argument checking on 32bit builds.

- Import from Shenandoah tag
aarch64-shenandoah-jdk8u101-b14-shenandoah-merge-2016-07
-25

- Import from Shenandoah tag
aarch64-shenandoah-jdk8u121-b14-shenandoah-merge-2017-02
-20

- Import from Shenandoah tag
aarch64-shenandoah-jdk8u121-b14-shenandoah-merge-2017-03
-06

- Import from Shenandoah tag
aarch64-shenandoah-jdk8u121-b14-shenandoah-merge-2017-03
-09

- Import from Shenandoah tag
aarch64-shenandoah-jdk8u121-b14-shenandoah-merge-2017-03
-23

This update was imported from the SUSE:SLE-12-SP1:Update update
project.

See also :

http://...'
https://bugzilla.opensuse.org/show_bug.cgi?id=1034849

Solution :

Update the affected java-1_8_0-openjdk packages.

Risk factor :

High / CVSS Base Score : 7.1
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C)

Family: SuSE Local Security Checks

Nessus Plugin ID: 100707 ()

Bugtraq ID:

CVE ID: CVE-2017-3509
CVE-2017-3511
CVE-2017-3512
CVE-2017-3514
CVE-2017-3526
CVE-2017-3533
CVE-2017-3539
CVE-2017-3544

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now