SUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2016:2953-1)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Synopsis :

The remote SUSE host is missing one or more security updates.

Description :

This update for java-1_7_0-openjdk fixes the following issues :

- Update to 2.6.8 - OpenJDK 7u121

- Security fixes

+ S8151921: Improved page resolution

+ S8155968: Update command line options

+ S8155973, CVE-2016-5542: Tighten jar checks

+ S8157176: Improved classfile parsing

+ S8157739, CVE-2016-5554: Classloader Consistency
Checking (bsc#1005523)

+ S8157749: Improve handling of DNS error replies

+ S8157753: Audio replay enhancement

+ S8157759: LCMS Transform Sampling Enhancement

+ S8157764: Better handling of interpolation plugins

+ S8158302: Handle contextual glyph substitutions

+ S8158993, CVE-2016-5568: Service Menu services

+ S8159495: Fix index offsets

+ S8159503: Amend Annotation Actions

+ S8159511: Stack map validation

+ S8159515: Improve indy validation

+ S8159519, CVE-2016-5573: Reformat JDWP messages

+ S8160090: Better signature handling in pack200

+ S8160094: Improve pack200 layout

+ S8160098: Clean up color profiles

+ S8160591, CVE-2016-5582: Improve internal array handling

+ S8160838, CVE-2016-5597: Better HTTP service

+ PR3207, RH1367357: lcms2: Out-of-bounds read in

+ CVE-2016-5556 (bsc#1005524)

- Import of OpenJDK 7 u121 build 0

+ S6624200: Regression test fails:

+ S6882559: new JEditorPane('text/plain','') fails for
null context class loader

+ S7090158: Networking Libraries don't build with javac

+ S7125055: ContentHandler.getContent API changed in error

+ S7145960: sun/security/mscapi/ failing
on windows

+ S7187051: tests should do cleanup
before start test

+ S8000626: Implement dead key detection for KeyEvent on

+ S8003890: corelibs test scripts should pass TESTVMOPTS

+ S8005629: javac warnings compiling
java.awt.EventDispatchThread and sun.awt.X11.XIconWindow

+ S8010297: Missing isLoggable() checks in logging code

+ S8010782: clean up source files containing carriage
return characters

+ S8014431: cleanup warnings indicated by the
-Wunused-value compiler option on linux

+ S8015265: revise the fix for 8007037

+ S8016747: Replace deprecated PlatformLogger
isLoggable(int) with isLoggable(Level)

+ S8020708: NLS mnemonics missing in
SwingSet2/JInternalFrame demo

+ S8024756: method grouping tabs are not selectable

+ S8026741: jdk8 l10n resource file translation update 5

+ S8048147: Privilege tests with JAAS Subject.doAs

+ S8048357: PKCS basic tests

+ S8049171: Additional tests for jarsigner's warnings

+ S8059177: jdk8u40 l10n resource file translation update

+ S8075584: test for 8067364 depends on hardwired text

+ S8076486: [TESTBUG]
fails if extra VM options are given

+ S8077953: [TEST_BUG]
ava Compilation failed after JDK-8077387

+ S8080628: No mnemonics on Open and Save buttons in

+ S8083601: jdk8u60 l10n resource file translation update

+ S8140530: Creating a VolatileImage with size 0,0 results
in no longer working g2d.drawString

+ S8142926: OutputAnalyzer's shouldXXX() calls return this

+ S8143134: L10n resource file translation update

+ S8147077: IllegalArgumentException thrown by

+ S8148127: IllegalArgumentException thrown by JCK test
al in opengl pipeline

+ S8150611: Security problem on

+ S8157653: [Parfait] Uninitialised variable in

+ S8158734: JEditorPane.createEditorKitForContentType
throws NPE after 6882559

+ S8159684: (tz) Support tzdata2016f

+ S8160934: isnan() is not available on older MSVC

+ S8162411: Service Menu services 2

+ S8162419:
closed/com/oracle/jfr/runtime/ failing
after JDK-8155968

+ S8162511: 8u111 L10n resource file updates

+ S8162792: Remove constraint DSA keySize
jdk.jar.disabledAlgorithms in jdk8

+ S8164452: 8u111 L10n resource file update - msgdrop 20

+ S8165816: jarsigner -verify shows jar unsigned if it was
signed with a weak algorithm

+ S8166381: Back out changes to the file to
not disable MD5

- Backports

+ S6604109, PR3162:
javax.print.PrintServiceLookup.lookupPrintServices fails

+ S6907252, PR3162: ZipFileInputStream Not Thread-Safe

+ S8024046, PR3162: Test
sun/security/krb5/ failed on 7u45
Embedded linux-ppc*

+ S8028479, PR3162: runNameEquals still cannot precisely
detect if a usable native krb5 is available

+ S8034057, PR3162: Files.getFileStore and
Files.isWritable do not work with SUBST'ed drives (win)

+ S8038491, PR3162: Improve synchronization in

+ S8038502, PR3162: Deflater.needsInput() should use

+ S8059411, PR3162: RowSetWarning does not correctly chain

+ S8062198, PR3162: Add RowSetMetaDataImpl Tests and add
column range validation to isdefinitlyWritable

+ S8066188, PR3162: BaseRowSet returns the wrong default
value for escape processing

+ S8072466, PR3162: Deadlock when initializing
MulticastSocket and DatagramSocket

+ S8075118, PR3162: JVM stuck in infinite loop during

+ S8076579, PR3162: Popping a stack frame after exception
breakpoint sets last method param to exception

+ S8078495, PR3162: End time checking for native TGT is

+ S8078668, PR3162: jar usage string mentions unsupported
option '-n'

+ S8080115, PR3162: (fs) Crash in libgio when calling
Files.probeContentType(path) from parallel threads

+ S8081794, PR3162: ParsePosition getErrorIndex returns 0
for TimeZone parsing problem

+ S8129957, PR3162: Deadlock in JNDI LDAP implementation
when closing the LDAP context

+ S8130136, PR3162: Swing window sometimes fails to
repaint partially when it becomes exposed

+ S8130274, PR3162: java/nio/file/FileStore/
fails when two successive stores in an iteration are
determined to be equal

+ S8132551, PR3162: Initialize local variables before
returning them in p11_convert.c

+ S8133207, PR3162: [TEST_BUG] test
fails after changes for JDK-8080115

+ S8133666, PR3162: OperatingSystemMXBean reports
abnormally high machine CPU consumption on Linux

+ S8135002, PR3162: Fix or remove broken links in
objectMonitor.cpp comments

+ S8137121, PR3162: (fc) Infinite loop

+ S8137230, PR3162: TEST_BUG:
java/nio/channels/FileChannel/ timed

+ S8139373, PR3162: [TEST_BUG]
java/net/MulticastSocket/ failed with

+ S8140249, PR3162: JVM Crashing During startUp If Flight
Recording is enabled

+ S8141491, PR3160, G592292: Unaligned memory access in

+ S8144483, PR3162: One long Safepoint pause directly
after each GC log rotation

+ S8149611, PR3160, G592292: Add tests for

- Bug fixes

+ S8078628, PR3151: Zero build fails with pre-compiled
headers disabled

+ PR3128: pax-mark-vm script calls 'exit -1' which is
invalid in dash

+ PR3131: PaX marking fails on filesystems which don't
support extended attributes

+ PR3135: rule
stamps/add/tzdata-support-debug.stamp has a typo in
add-tzdata dependency

+ PR3141: Pass $(CC) and $(CXX) to OpenJDK build

+ PR3166: invalid zip timestamp handling leads to error
building bootstrap-javac

+ PR3202: Update infinality configure test

+ PR3212: Disable ARM32 JIT by default


+ PR3136: CACAO is broken due to 2 new native methods in
sun.misc.Unsafe (from S8158260)

- JamVM

+ PR3134: JamVM is broken due to 2 new native methods in
sun.misc.Unsafe (from S8158260)

- AArch64 port

+ S8167200, PR3204: AArch64: Broken stack pointer
adjustment in interpreter

+ S8168888: Port 8160591: Improve internal array handling
to AArch64.

+ PR3211: AArch64 build fails with pre-compiled headers

- Changed patch :

- java-1_7_0-openjdk-gcc6.patch

+ Rediff to changed context

- Disable arm32 JIT, since its build broken

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t
patch SUSE-SLE-RPI-12-SP2-2016-1727=1

SUSE Linux Enterprise Server 12-SP2:zypper in -t patch

SUSE Linux Enterprise Server 12-SP1:zypper in -t patch

SUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch

SUSE Linux Enterprise Desktop 12-SP1:zypper in -t patch

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.3
Public Exploit Available : true

Family: SuSE Local Security Checks

Nessus Plugin ID: 95423 ()

Bugtraq ID:

CVE ID: CVE-2016-5542

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now