openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2016-1444)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update for java-1_7_0-openjdk fixes the following issues :

- Update to 2.6.8 - OpenJDK 7u121

- Security fixes

+ S8151921: Improved page resolution

+ S8155968: Update command line options

+ S8155973, CVE-2016-5542: Tighten jar checks
(bsc#1005522)

+ S8157176: Improved classfile parsing

+ S8157739, CVE-2016-5554: Classloader Consistency
Checking (bsc#1005523)

+ S8157749: Improve handling of DNS error replies

+ S8157753: Audio replay enhancement

+ S8157759: LCMS Transform Sampling Enhancement

+ S8157764: Better handling of interpolation plugins

+ S8158302: Handle contextual glyph substitutions

+ S8158993, CVE-2016-5568: Service Menu services
(bsc#1005525)

+ S8159495: Fix index offsets

+ S8159503: Amend Annotation Actions

+ S8159511: Stack map validation

+ S8159515: Improve indy validation

+ S8159519, CVE-2016-5573: Reformat JDWP messages
(bsc#1005526)

+ S8160090: Better signature handling in pack200

+ S8160094: Improve pack200 layout

+ S8160098: Clean up color profiles

+ S8160591, CVE-2016-5582: Improve internal array handling
(bsc#1005527)

+ S8160838, CVE-2016-5597: Better HTTP service
(bsc#1005528)

+ PR3207, RH1367357: lcms2: Out-of-bounds read in
Type_MLU_Read()

+ CVE-2016-5556 (bsc#1005524)

- Import of OpenJDK 7 u121 build 0

+ S6624200: Regression test fails:
test/closed/javax/swing/JMenuItem/4654927/bug4654927.jav
a

+ S6882559: new JEditorPane('text/plain','') fails for
null context class loader

+ S7090158: Networking Libraries don't build with javac
-Werror

+ S7125055: ContentHandler.getContent API changed in error

+ S7145960: sun/security/mscapi/ShortRSAKey1024.sh failing
on windows

+ S7187051: ShortRSAKeynnn.sh tests should do cleanup
before start test

+ S8000626: Implement dead key detection for KeyEvent on
Linux

+ S8003890: corelibs test scripts should pass TESTVMOPTS

+ S8005629: javac warnings compiling
java.awt.EventDispatchThread and sun.awt.X11.XIconWindow

+ S8010297: Missing isLoggable() checks in logging code

+ S8010782: clean up source files containing carriage
return characters

+ S8014431: cleanup warnings indicated by the
-Wunused-value compiler option on linux

+ S8015265: revise the fix for 8007037

+ S8016747: Replace deprecated PlatformLogger
isLoggable(int) with isLoggable(Level)

+ S8020708: NLS mnemonics missing in
SwingSet2/JInternalFrame demo

+ S8024756: method grouping tabs are not selectable

+ S8026741: jdk8 l10n resource file translation update 5

+ S8048147: Privilege tests with JAAS Subject.doAs

+ S8048357: PKCS basic tests

+ S8049171: Additional tests for jarsigner's warnings

+ S8059177: jdk8u40 l10n resource file translation update
1

+ S8075584: test for 8067364 depends on hardwired text
advance

+ S8076486: [TESTBUG]
javax/security/auth/Subject/doAs/NestedActions.java
fails if extra VM options are given

+ S8077953: [TEST_BUG]
com/sun/management/OperatingSystemMXBean/TestTotalSwap.j
ava Compilation failed after JDK-8077387

+ S8080628: No mnemonics on Open and Save buttons in
JFileChooser

+ S8083601: jdk8u60 l10n resource file translation update
2

+ S8140530: Creating a VolatileImage with size 0,0 results
in no longer working g2d.drawString

+ S8142926: OutputAnalyzer's shouldXXX() calls return this

+ S8143134: L10n resource file translation update

+ S8147077: IllegalArgumentException thrown by
api/java_awt/Component/FlipBufferStrategy/indexTGF_Gener
al

+ S8148127: IllegalArgumentException thrown by JCK test
api/java_awt/Component/FlipBufferStrategy/indexTGF_Gener
al in opengl pipeline

+ S8150611: Security problem on
sun.misc.resources.Messages*

+ S8157653: [Parfait] Uninitialised variable in
awt_Font.cpp

+ S8158734: JEditorPane.createEditorKitForContentType
throws NPE after 6882559

+ S8159684: (tz) Support tzdata2016f

+ S8160934: isnan() is not available on older MSVC
compilers

+ S8162411: Service Menu services 2

+ S8162419:
closed/com/oracle/jfr/runtime/TestVMInfoEvent.sh failing
after JDK-8155968

+ S8162511: 8u111 L10n resource file updates

+ S8162792: Remove constraint DSA keySize < 1024 from
jdk.jar.disabledAlgorithms in jdk8

+ S8164452: 8u111 L10n resource file update - msgdrop 20

+ S8165816: jarsigner -verify shows jar unsigned if it was
signed with a weak algorithm

+ S8166381: Back out changes to the java.security file to
not disable MD5

- Backports

+ S6604109, PR3162:
javax.print.PrintServiceLookup.lookupPrintServices fails
SOMETIMES for Cups

+ S6907252, PR3162: ZipFileInputStream Not Thread-Safe

+ S8024046, PR3162: Test
sun/security/krb5/runNameEquals.sh failed on 7u45
Embedded linux-ppc*

+ S8028479, PR3162: runNameEquals still cannot precisely
detect if a usable native krb5 is available

+ S8034057, PR3162: Files.getFileStore and
Files.isWritable do not work with SUBST'ed drives (win)

+ S8038491, PR3162: Improve synchronization in
ZipFile.read()

+ S8038502, PR3162: Deflater.needsInput() should use
synchronization

+ S8059411, PR3162: RowSetWarning does not correctly chain
warnings

+ S8062198, PR3162: Add RowSetMetaDataImpl Tests and add
column range validation to isdefinitlyWritable

+ S8066188, PR3162: BaseRowSet returns the wrong default
value for escape processing

+ S8072466, PR3162: Deadlock when initializing
MulticastSocket and DatagramSocket

+ S8075118, PR3162: JVM stuck in infinite loop during
verification

+ S8076579, PR3162: Popping a stack frame after exception
breakpoint sets last method param to exception

+ S8078495, PR3162: End time checking for native TGT is
wrong

+ S8078668, PR3162: jar usage string mentions unsupported
option '-n'

+ S8080115, PR3162: (fs) Crash in libgio when calling
Files.probeContentType(path) from parallel threads

+ S8081794, PR3162: ParsePosition getErrorIndex returns 0
for TimeZone parsing problem

+ S8129957, PR3162: Deadlock in JNDI LDAP implementation
when closing the LDAP context

+ S8130136, PR3162: Swing window sometimes fails to
repaint partially when it becomes exposed

+ S8130274, PR3162: java/nio/file/FileStore/Basic.java
fails when two successive stores in an iteration are
determined to be equal

+ S8132551, PR3162: Initialize local variables before
returning them in p11_convert.c

+ S8133207, PR3162: [TEST_BUG] ParallelProbes.java test
fails after changes for JDK-8080115

+ S8133666, PR3162: OperatingSystemMXBean reports
abnormally high machine CPU consumption on Linux

+ S8135002, PR3162: Fix or remove broken links in
objectMonitor.cpp comments

+ S8137121, PR3162: (fc) Infinite loop
FileChannel.truncate

+ S8137230, PR3162: TEST_BUG:
java/nio/channels/FileChannel/LoopingTruncate.java timed
out

+ S8139373, PR3162: [TEST_BUG]
java/net/MulticastSocket/MultiDead.java failed with
timeout

+ S8140249, PR3162: JVM Crashing During startUp If Flight
Recording is enabled

+ S8141491, PR3160, G592292: Unaligned memory access in
Bits.c

+ S8144483, PR3162: One long Safepoint pause directly
after each GC log rotation

+ S8149611, PR3160, G592292: Add tests for
Unsafe.copySwapMemory

- Bug fixes

+ S8078628, PR3151: Zero build fails with pre-compiled
headers disabled

+ PR3128: pax-mark-vm script calls 'exit -1' which is
invalid in dash

+ PR3131: PaX marking fails on filesystems which don't
support extended attributes

+ PR3135: Makefile.am rule
stamps/add/tzdata-support-debug.stamp has a typo in
add-tzdata dependency

+ PR3141: Pass $(CC) and $(CXX) to OpenJDK build

+ PR3166: invalid zip timestamp handling leads to error
building bootstrap-javac

+ PR3202: Update infinality configure test

+ PR3212: Disable ARM32 JIT by default

- CACAO

+ PR3136: CACAO is broken due to 2 new native methods in
sun.misc.Unsafe (from S8158260)

- JamVM

+ PR3134: JamVM is broken due to 2 new native methods in
sun.misc.Unsafe (from S8158260)

- AArch64 port

+ S8167200, PR3204: AArch64: Broken stack pointer
adjustment in interpreter

+ S8168888: Port 8160591: Improve internal array handling
to AArch64.

+ PR3211: AArch64 build fails with pre-compiled headers
disabled

- Changed patch :

- java-1_7_0-openjdk-gcc6.patch

+ Rediff to changed context

- Disable arm32 JIT, since its build broken
(http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=2
942)

This update was imported from the SUSE:SLE-12:Update update project.

See also :

http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=2942
https://bugzilla.opensuse.org/show_bug.cgi?id=1005522
https://bugzilla.opensuse.org/show_bug.cgi?id=1005523
https://bugzilla.opensuse.org/show_bug.cgi?id=1005524
https://bugzilla.opensuse.org/show_bug.cgi?id=1005525
https://bugzilla.opensuse.org/show_bug.cgi?id=1005526
https://bugzilla.opensuse.org/show_bug.cgi?id=1005527
https://bugzilla.opensuse.org/show_bug.cgi?id=1005528

Solution :

Update the affected java-1_7_0-openjdk packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

Family: SuSE Local Security Checks

Nessus Plugin ID: 95750 ()

Bugtraq ID:

CVE ID: CVE-2016-5542
CVE-2016-5554
CVE-2016-5556
CVE-2016-5568
CVE-2016-5573
CVE-2016-5582
CVE-2016-5597

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now