openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2017-954)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This java-1_8_0-openjdk update to version jdk8u141 (icedtea 3.5.0)
fixes the following issues :

Security issues fixed :

- CVE-2017-10053: Improved image post-processing steps
(bsc#1049305)

- CVE-2017-10067: Additional jar validation steps
(bsc#1049306)

- CVE-2017-10074: Image conversion improvements
(bsc#1049307)

- CVE-2017-10078: Better script accessibility for
JavaScript (bsc#1049308)

- CVE-2017-10081: Right parenthesis issue (bsc#1049309)

- CVE-2017-10086: Unspecified vulnerability in
subcomponent JavaFX (bsc#1049310)

- CVE-2017-10087: Better Thread Pool execution
(bsc#1049311)

- CVE-2017-10089: Service Registration Lifecycle
(bsc#1049312)

- CVE-2017-10090: Better handling of channel groups
(bsc#1049313)

- CVE-2017-10096: Transform Transformer Exceptions
(bsc#1049314)

- CVE-2017-10101: Better reading of text catalogs
(bsc#1049315)

- CVE-2017-10102: Improved garbage collection
(bsc#1049316)

- CVE-2017-10105: Unspecified vulnerability in
subcomponent deployment (bsc#1049317)

- CVE-2017-10107: Less Active Activations (bsc#1049318)

- CVE-2017-10108: Better naming attribution (bsc#1049319)

- CVE-2017-10109: Better sourcing of code (bsc#1049320)

- CVE-2017-10110: Better image fetching (bsc#1049321)

- CVE-2017-10111: Rearrange MethodHandle arrangements
(bsc#1049322)

- CVE-2017-10114: Unspecified vulnerability in
subcomponent JavaFX (bsc#1049323)

- CVE-2017-10115: Higher quality DSA operations
(bsc#1049324)

- CVE-2017-10116: Proper directory lookup processing
(bsc#1049325)

- CVE-2017-10118: Higher quality ECDSA operations
(bsc#1049326)

- CVE-2017-10125: Unspecified vulnerability in
subcomponent deployment (bsc#1049327)

- CVE-2017-10135: Better handling of PKCS8 material
(bsc#1049328)

- CVE-2017-10176: Additional elliptic curve support
(bsc#1049329)

- CVE-2017-10193: Improve algorithm constraints
implementation (bsc#1049330)

- CVE-2017-10198: Clear certificate chain connections
(bsc#1049331)

- CVE-2017-10243: Unspecified vulnerability in
subcomponent JAX-WS (bsc#1049332)

Bug fixes :

- Check registry registration location

- Improved certificate processing

- JMX diagnostic improvements

- Update to libpng 1.6.28

- Import of OpenJDK 8 u141 build 15 (bsc#1049302)

New features :

- Support using RSAandMGF1 with the SHA hash algorithms in
the PKCS11 provider

This update was imported from the SUSE:SLE-12-SP1:Update update
project.

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1049302
https://bugzilla.opensuse.org/show_bug.cgi?id=1049305
https://bugzilla.opensuse.org/show_bug.cgi?id=1049306
https://bugzilla.opensuse.org/show_bug.cgi?id=1049307
https://bugzilla.opensuse.org/show_bug.cgi?id=1049308
https://bugzilla.opensuse.org/show_bug.cgi?id=1049309
https://bugzilla.opensuse.org/show_bug.cgi?id=1049310
https://bugzilla.opensuse.org/show_bug.cgi?id=1049311
https://bugzilla.opensuse.org/show_bug.cgi?id=1049312
https://bugzilla.opensuse.org/show_bug.cgi?id=1049313
https://bugzilla.opensuse.org/show_bug.cgi?id=1049314
https://bugzilla.opensuse.org/show_bug.cgi?id=1049315
https://bugzilla.opensuse.org/show_bug.cgi?id=1049316
https://bugzilla.opensuse.org/show_bug.cgi?id=1049317
https://bugzilla.opensuse.org/show_bug.cgi?id=1049318
https://bugzilla.opensuse.org/show_bug.cgi?id=1049319
https://bugzilla.opensuse.org/show_bug.cgi?id=1049320
https://bugzilla.opensuse.org/show_bug.cgi?id=1049321
https://bugzilla.opensuse.org/show_bug.cgi?id=1049322
https://bugzilla.opensuse.org/show_bug.cgi?id=1049323
https://bugzilla.opensuse.org/show_bug.cgi?id=1049324
https://bugzilla.opensuse.org/show_bug.cgi?id=1049325
https://bugzilla.opensuse.org/show_bug.cgi?id=1049326
https://bugzilla.opensuse.org/show_bug.cgi?id=1049327
https://bugzilla.opensuse.org/show_bug.cgi?id=1049328
https://bugzilla.opensuse.org/show_bug.cgi?id=1049329
https://bugzilla.opensuse.org/show_bug.cgi?id=1049330
https://bugzilla.opensuse.org/show_bug.cgi?id=1049331
https://bugzilla.opensuse.org/show_bug.cgi?id=1049332

Solution :

Update the affected java-1_8_0-openjdk packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)