openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2017-954)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Synopsis :

The remote openSUSE host is missing a security update.

Description :

This java-1_8_0-openjdk update to version jdk8u141 (icedtea 3.5.0)
fixes the following issues :

Security issues fixed :

- CVE-2017-10053: Improved image post-processing steps

- CVE-2017-10067: Additional jar validation steps

- CVE-2017-10074: Image conversion improvements

- CVE-2017-10078: Better script accessibility for
JavaScript (bsc#1049308)

- CVE-2017-10081: Right parenthesis issue (bsc#1049309)

- CVE-2017-10086: Unspecified vulnerability in
subcomponent JavaFX (bsc#1049310)

- CVE-2017-10087: Better Thread Pool execution

- CVE-2017-10089: Service Registration Lifecycle

- CVE-2017-10090: Better handling of channel groups

- CVE-2017-10096: Transform Transformer Exceptions

- CVE-2017-10101: Better reading of text catalogs

- CVE-2017-10102: Improved garbage collection

- CVE-2017-10105: Unspecified vulnerability in
subcomponent deployment (bsc#1049317)

- CVE-2017-10107: Less Active Activations (bsc#1049318)

- CVE-2017-10108: Better naming attribution (bsc#1049319)

- CVE-2017-10109: Better sourcing of code (bsc#1049320)

- CVE-2017-10110: Better image fetching (bsc#1049321)

- CVE-2017-10111: Rearrange MethodHandle arrangements

- CVE-2017-10114: Unspecified vulnerability in
subcomponent JavaFX (bsc#1049323)

- CVE-2017-10115: Higher quality DSA operations

- CVE-2017-10116: Proper directory lookup processing

- CVE-2017-10118: Higher quality ECDSA operations

- CVE-2017-10125: Unspecified vulnerability in
subcomponent deployment (bsc#1049327)

- CVE-2017-10135: Better handling of PKCS8 material

- CVE-2017-10176: Additional elliptic curve support

- CVE-2017-10193: Improve algorithm constraints
implementation (bsc#1049330)

- CVE-2017-10198: Clear certificate chain connections

- CVE-2017-10243: Unspecified vulnerability in
subcomponent JAX-WS (bsc#1049332)

Bug fixes :

- Check registry registration location

- Improved certificate processing

- JMX diagnostic improvements

- Update to libpng 1.6.28

- Import of OpenJDK 8 u141 build 15 (bsc#1049302)

New features :

- Support using RSAandMGF1 with the SHA hash algorithms in
the PKCS11 provider

This update was imported from the SUSE:SLE-12-SP1:Update update

See also :

Solution :

Update the affected java-1_8_0-openjdk packages.

Risk factor :

Medium / CVSS Base Score : 6.8