SUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2016:1997-1)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Synopsis :

The remote SUSE host is missing one or more security updates.

Description :

This update for java-1_7_0-openjdk fixes the following issues :

- Update to 2.6.7 - OpenJDK 7u111

- Security fixes

- S8079718, CVE-2016-3458: IIOP Input Stream Hooking

- S8145446, CVE-2016-3485: Perfect pipe placement (Windows
only) (bsc#989734)

- S8147771: Construction of static protection domains
under Javax custom policy

- S8148872, CVE-2016-3500: Complete name checking

- S8149962, CVE-2016-3508: Better delineation of XML
processing (bsc#989731)

- S8150752: Share Class Data

- S8151925: Font reference improvements

- S8152479, CVE-2016-3550: Coded byte streams (bsc#989733)

- S8155981, CVE-2016-3606: Bolster bytecode verification

- S8155985, CVE-2016-3598: Persistent Parameter Processing

- S8158571, CVE-2016-3610: Additional method handle
validation (bsc#989725)

- CVE-2016-3511 (bsc#989727)

- CVE-2016-3503 (bsc#989728)

- CVE-2016-3498 (bsc#989729)

- Import of OpenJDK 7 u111 build 0

- S6953295: Move few{util, x509, pkcs}
classes used by keytool/jarsigner to another package

- S7060849: Eliminate pack200 build warnings

- S7064075: Security libraries don't build with javac

-Xlint:all,-deprecation -Werror

- S7069870: Parts of the JDK erroneously rely on generic
array initializers with diamond

- S7102686: Restructure timestamp code so that jars and
modules can more easily share the same code

- S7105780: Add SSLSocket client/SSLEngine server to
templates directory

- S7142339: is needlessly creating SHA1PRNG
SecureRandom instances when timestamping is not done

- S7152582: PKCS11 tests should use the NSS libraries
available in the OS

- S7192202: Make sure keytool prints both unknown and
unparseable extensions

- S7194449: String resources for Key Tool and Policy Tool
should be in their respective packages

- S7196855: fails on ubuntu because not found

- S7200682: TEST_BUG: keytool/ still has
problems with

- S8002306: (se) fails if invoked with
thread interrupt status set [win]

- S8009636: JARSigner including TimeStamp PolicyID
(TSAPolicyID) as defined in RFC3161

- S8019341: Update CookieHttpsClientTest to use the newer

- S8022228: Intermittent test failures in

- S8022439: Fix lint warnings in

- S8022594: Potential deadlock in <clinit> of

- S8023546: sun/security/mscapi/ fails

- S8036612: [parfait] JNI exception pending in

- S8037557: test timeout

- S8038837: Add support to jarsigner for specifying
timestamp hash algorithm

- S8079410: Hotspot version to share the same update and
build version from JDK

- S8130735: javax.swing.TimerQueue: timer fires late when
another timer starts

- S8139436: might load
incomplete data

- S8144313: Test SessionTimeOutTests can be timeout

- S8146387: Test SSLSession/SessionCacheSizeTests socket
accept timed out

- S8146669: Test SessionTimeOutTests fails intermittently

- S8146993: Several javax/management/remote/mandatory
regression tests fail after JDK-8138811

- S8147857: [TEST] RMIConnector logs attribute names

- S8151841, PR3098: Build needs additional flags to
compile with GCC 6

- S8151876: (tz) Support tzdata2016d

- S8157077: 8u101 L10n resource file updates

- S8161262: Fix jdk build with gcc 4.1.2:
-fno-strict-overflow not known.

- Import of OpenJDK 7 u111 build 1

- S7081817:
test/sun/security/provider/certpath/X509CertPath/Illegal f ailing

- S8140344: add support for 3 digit update release numbers

- S8145017: Add support for 3 digit hotspot minor version

- S8162344: The API changes made by CR 7064075 need to be

- Backports

- S2178143, PR2958: JVM crashes if the number of bound
CPUs changed during runtime

- S4900206, PR3101: Include worst-case rounding tests for
Math library functions

- S6260348, PR3067: GTK+ L&F JTextComponent not respecting
desktop caret blink rate

- S6934604, PR3075: enable parts of EliminateAutoBox by

- S7043064, PR3020: sun/java2d/cmm/ tests failed against
RI b141 & b138-nightly

- S7051394, PR3020: NullPointerException when running
regression tests LoadProfileTest by using openjdk-7-b144

- S7086015, PR3013: fix

- S7119487, PR3013: test fails on
Windows platforms

- S7124245, PR3020: [lcms] ColorConvertOp to color space
CS_GRAY apparently converts orange to 244,244,0

- S7159445, PR3013: (javac) emits inaccurate diagnostics
for enhanced for-loops

- S7175845, PR1437, RH1207129: 'jar uf' changes file
permissions unexpectedly

- S8005402, PR3020: Need to provide benchmarks for color

- S8005530, PR3020: [lcms] Improve performance of
ColorConverOp for default destinations

- S8005930, PR3020: [lcms] ColorConvertOp: Alpha channel
is not transferred from source to destination.

- S8013430, PR3020: REGRESSION:
closed/java/awt/color/ICC_Profile/LoadProfileTest/LoadPr fail s with invalid type code: EE
since 8b87

- S8014286, PR3075: failed java/lang/Math/
after 6934604 changes

- S8014959, PR3075:
(uint)MaxNodeLimit) failed: Live Node limit exceeded

- S8019247, PR3075: SIGSEGV in compiled method

- S8024511, PR3020: Crash during color profile destruction

- S8025429, PR3020: [parfait] warnings from b107 for
sun.java2d.cmm: JNI exception pending

- S8026702, PR3020: Fix for 8025429 breaks jdk build on

- S8026780, PR3020, RH1142587: Crash on PPC and PPC v2 for
Java_awt test suit

- S8047066, PR3020: Test
test/sun/awt/image/ fails with

- S8069181, PR3012, RH1015612: java.lang.AssertionError
when compiling JDK 1.4 code in JDK 8

- S8158260, PR2992, RH1341258: PPC64: unaligned
Unsafe.getInt can lead to the generation of illegal
instructions (bsc#988651)

- S8159244, PR3075: Partially initialized string object
created by C2's string concat optimization may escape

- Bug fixes

- PR2799, RH1195203: Files are missing from resources.jar

- PR2900: Don't use WithSeed versions of NSS functions as
they don't fully process the seed

- PR3091: SystemTap is heavily confused by multiple JDKs

- PR3102: Extend 8022594 to AixPollPort

- PR3103: Handle case in clean-fonts where has not been

- PR3111: Provide option to disable SystemTap tests

- PR3114: Don't assume system mime.types supports

- PR3115: Add check for elliptic curve cryptography

- PR3116: Add tests for Java debug info and source files

- PR3118: Path to agpl-3.0.txt not updated

- PR3119: Makefile handles cacerts as a symlink, but the
configure check doesn't

- AArch64 port

- S8148328, PR3100: aarch64: redundant lsr instructions in
stub code.

- S8148783, PR3100: aarch64: SEGV running SpecJBB2013

- S8148948, PR3100: aarch64: generate_copy_longs calls
align() incorrectly

- S8150045, PR3100: arraycopy causes segfaults in SATB
during garbage collection

- S8154537, PR3100: AArch64: some integer rotate
instructions are never emitted

- S8154739, PR3100: AArch64: TemplateTable::fast_xaccess
loads in wrong mode

- S8157906, PR3100: aarch64: some more integer rotate
instructions are never emitted

- Enable SunEC for SLE12 and Leap (bsc#982366)

- Fix aarch64 running with 48 bits va space

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server 12-SP1:zypper in -t patch

SUSE Linux Enterprise Desktop 12-SP1:zypper in -t patch

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

High / CVSS Base Score : 9.3
CVSS Temporal Score : 6.9
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now