Detections
Analytics

openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2017-629)

critical Nessus Plugin ID 100503

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for java-1_7_0-openjdk fixes the following issues :

 - Update to 2.6.10 - OpenJDK 7u141 (bsc#1034849)

 - Security fixes

 - S8163520, CVE-2017-3509: Reuse cache entries

 - S8163528, CVE-2017-3511: Better library loading

 - S8165626, CVE-2017-3512: Improved window framing

 - S8167110, CVE-2017-3514: Windows peering issue

 - S8169011, CVE-2017-3526: Resizing XML parse trees

 - S8170222, CVE-2017-3533: Better transfers of files

 - S8171121, CVE-2017-3539: Enhancing jar checking

 - S8171533, CVE-2017-3544: Better email transfer

 - S8172299: Improve class processing

 - New features

 - PR3347: jstack.stp should support AArch64

 - Import of OpenJDK 7 u141 build 0

 - S4717864: setFont() does not update Fonts of Menus already on screen

 - S6474807: (smartcardio) CardTerminal.connect() throws CardException instead of CardNotPresentException

 - S6518907: cleanup IA64 specific code in Hotspot

 - S6869327: Add new C2 flag to keep safepoints in counted loops.

 - S7112912: Message 'Error occurred during initialization of VM' on boxes with lots of RAM

 - S7124213: [macosx] pack() does ignore size of a component; doesn't on the other platforms

 - S7124219: [macosx] Unable to draw images to fullscreen

 - S7124552: [macosx] NullPointerException in getBufferStrategy()

 - S7148275: [macosx] setIconImages() not working correctly (distorted icon when minimized)

 - S7154841: [macosx] Popups appear behind taskbar

 - S7155957:
 closed/java/awt/MenuBar/MenuBarStress1/MenuBarStress1.ja va hangs on win 64 bit with jdk8

 - S7160627: [macosx] TextArea has wrong initial size

 - S7167293: FtpURLConnection connection leak on FileNotFoundException

 - S7168851: [macosx] Netbeans crashes in CImage.nativeCreateNSImageFromArray

 - S7197203: sun/misc/URLClassPath/ClassnameCharTest.sh failed, compile error

 - S8005255: [macosx] Cleanup warnings in sun.lwawt

 - S8006088: Incompatible heap size flags accepted by VM

 - S8007295: Reduce number of warnings in awt classes

 - S8010722: assert: failed: heap size is too big for compressed oops

 - S8011059: [macosx] Support automatic @2x images loading on Mac OS X

 - S8014058: Regression tests for 8006088

 - S8014489:
 tests/gc/arguments/Test(Serial|CMS|Parallel|G1)HeapSizeF lags jtreg tests invoke wrong class

 - S8016302: Change type of the number of GC workers to unsigned int (2)

 - S8024662: gc/arguments/TestUseCompressedOopsErgo.java does not compile.

 - S8024669: Native OOME when allocating after changes to maximum heap supporting Coops sizing on sparcv9

 - S8024926: [macosx] AquaIcon HiDPI support

 - S8025974: l10n for policytool

 - S8027025: [macosx] getLocationOnScreen returns 0 if parent invisible

 - S8028212: Custom cursor HiDPI support

 - S8028471: PPC64 (part 215): opto: Extend ImplicitNullCheck optimization.

 - S8031573: [macosx] Checkmarks of JCheckBoxMenuItems aren't rendered in high resolution on Retina

 - S8033534: [macosx] Get MultiResolution image from native system

 - S8033786: White flashing when opening Dialogs and Menus using Nimbus with dark background

 - S8035568: [macosx] Cursor management unification

 - S8041734: JFrame in full screen mode leaves empty workspace after close

 - S8059803: Update use of GetVersionEx to get correct Windows version in hs_err files

 - S8066504: GetVersionEx in java.base/windows/native/libjava/java_props_md.c might not get correct Windows version 0

 - S8079595: Resizing dialog which is JWindow parent makes JVM crash

 - S8080729: [macosx] java 7 and 8 JDialogs on multiscreen jump to parent frame on focus

 - S8130769: The new menu can't be shown on the menubar after clicking the 'Add' button.

 - S8133357: 8u65 l10n resource file translation update

 - S8146602:
 jdk/test/sun/misc/URLClassPath/ClassnameCharTest.java test fails with NullPointerException

 - S8147842: IME Composition Window is displayed at incorrect location

 - S8147910: Cache initial active_processor_count

 - S8150490: Update OS detection code to recognize Windows Server 2016

 - S8161147: jvm crashes when -XX:+UseCountedLoopSafepoints is enabled

 - S8161195: Regression:
 closed/javax/swing/text/FlowView/LayoutTest.java

 - S8161993: G1 crashes if active_processor_count changes during startup

 - S8162603: Unrecognized VM option 'UseCountedLoopSafepoints'

 - S8162876: [TEST_BUG] sun/net/www/protocol/http/HttpInputStream.java fails intermittently

 - S8164533:
 sun/security/ssl/SSLSocketImpl/CloseSocket.java failed with 'Error while cleaning up threads after test'

 - S8167179: Make XSL generated namespace prefixes local to transformation process

 - S8169465: Deadlock in com.sun.jndi.ldap.pool.Connections

 - S8169589: [macosx] Activating a JDialog puts to back another dialog

 - S8170307: Stack size option -Xss is ignored

 - S8170316: (tz) Support tzdata2016j

 - S8170814: Reuse cache entries (part II)

 - S8171388: Update JNDI Thread contexts

 - S8171949: [macosx] AWT_ZoomFrame Automated tests fail with error: The bitwise mask Frame.ICONIFIED is not setwhen the frame is in ICONIFIED state

 - S8171952: [macosx] AWT_Modality/Automated/ModalExclusion/NoExclusion/Modele ssDialog test fails as DummyButton on Dialog did not gain focus when clicked.

 - S8173931: 8u131 L10n resource file update

 - S8174844: Incorrect GPL header causes RE script to miss swap to commercial header for licensee source bundle

 - S8175087: [bsd] Fix build after '8024900: PPC64: Enable new build on AIX (jdk part)'

 - S8175163: [bsd] Fix build after '8005629: javac warnings compiling java.awt.EventDispatchThread...'

 - S8176044: (tz) Support tzdata2017a

 - Import of OpenJDK 7 u141 build 1

 - S8043723: max_heap_for_compressed_oops() declared with size_t, but defined with uintx

 - Import of OpenJDK 7 u141 build 2

 - S8011123: serialVersionUID of java.awt.dnd.InvalidDnDOperationException changed in JDK8-b82

 - Backports

 - S6515172, PR3362: Runtime.availableProcessors() ignores Linux taskset command

 - S8022284, PR3209: Hide internal data structure in PhaseCFG

 - S8023003, PR3209: Cleanup the public interface to PhaseCFG

 - S8023691, PR3209: Create interface for nodes in class Block

 - S8023988, PR3209: Move local scheduling of nodes to the CFG creation and code motion phase (PhaseCFG)

 - S8043780, PR3369: Use open(O_CLOEXEC) instead of fcntl(FD_CLOEXEC)

 - S8157306, PR3209: Random infrequent NULL pointer exceptions in javac

 - S8173783, PR3329: IllegalArgumentException:
 jdk.tls.namedGroups

 - S8173941, PR3330: SA does not work if executable is DSO

 - S8174729, PR3361: Race Condition in java.lang.reflect.WeakCache

 - Bug fixes

 - PR3349: Architectures unsupported by SystemTap tapsets throw a parse error

 - PR3370: Disable ARM32 JIT by default in jdk_generic_profile.sh

 - PR3379: Perl should be mandatory

 - PR3390: javac.in and javah.in should use @PERL@ rather than a hardcoded path

 - CACAO

 - PR2732: Raise javadoc memory limits for CACAO again!

 - AArch64 port

 - S8177661, PR3367: Correct ad rule output register types from iRegX to iRegXNoSp

 - Get ecj.jar path from gcj, use the gcc variant that provides Java to build C code to make sure jni.h is available.

 - S8167104, CVE-2017-3289: Additional class construction

 - S6253144: Long narrowing conversion should describe the

 - S6328537: Improve javadocs for Socket class by adding

 - S6978886: javadoc shows stacktrace after print error

 - S6995421: Eliminate the static dependency to

 - S7027045: (doc) java/awt/Window.java has several typos in

 - S7054969: Null-check-in-finally pattern in java/security

 - S7072353: JNDI libraries do not build with javac
 -Xlint:all

 - S7092447: Clarify the default locale used in each locale

 - S7103570: AtomicIntegerFieldUpdater does not work when

 - S7187144: JavaDoc for ScriptEngineFactory.getProgram()

 - S8000418: javadoc should used a standard 'generated by

 - S8000666: javadoc should write directly to Writer instead of

 - S8000970: break out auxiliary classes that will prevent

 - S8001669: javadoc internal DocletAbortException should set

 - S8011402: Move blacklisting certificate logic from hard code

 - S8011547: Update XML Signature implementation to Apache

 - S8012288: XML DSig API allows wrong tag names and extra

 - S8017325: Cleanup of the javadoc <code> tag in

 - S8017326: Cleanup of the javadoc <code> tag in

 - S8019772: Fix doclint issues in javax.crypto and

 - S8020688: Broken links in documentation at

 - S8021108: Clean up doclint warnings and errors in java.text

 - S8022120: JCK test api/javax_xml/crypto/dsig/TransformService/index_ParamMe thods

 - S8025409: Fix javadoc comments errors and warning reported by

 - S8026021: more fix of javadoc errors and warnings reported by

 - S8037099: [macosx] Remove all references to GC from native

 - S8038184: XMLSignature throws StringIndexOutOfBoundsException

 - S8038349: Signing XML with DSA throws Exception when key is

 - S8049244: XML Signature performance issue caused by

 - S8050893: (smartcardio) Invert reset argument in tests in

 - S8059212: Modify sun/security/smartcardio manual regression

 - S8068279: (typo in the spec)

 - S8068491: Update the protocol for references of

 - S8069038: javax/net/ssl/TLS/TLSClientPropertyTest.java needs

 - S8076369: Introduce the jdk.tls.client.protocols system

 - S8139565: Restrict certificates with DSA keys less than 1024

 - S8140422: Add mechanism to allow non default root CAs to be

 - S8140587: Atomic*FieldUpdaters should use Class.isInstance

 - S8149029: Secure validation of XML based digital signature

 - S8151893: Add security property to configure XML Signature

 - S8161228: URL objects with custom protocol handlers have port

 - S8163304: jarsigner -verbose -verify should print the

 - S8164908: ReflectionFactory support for IIOP and custom

 - S8165230: RMIConnection addNotificationListeners failing with

 - S8166393: disabledAlgorithms property should not be strictly

 - S8166591: [macos 10.12] Trackpad scrolling of text on OS X

 - S8166739: Improve extensibility of ObjectInputFilter

 - S8167356: Follow up fix for jdk8 backport of 8164143.
 Changes

 - S8167459: Add debug output for indicating if a chosen

 - S8168861: AnchorCertificates uses hardcoded password for

 - S8169688: Backout (remove) MD5 from

 - S8169911: Enhanced tests for jarsigner -verbose -verify after

 - S8170131: Certificates not being blocked by

 - S8173854: [TEST] Update DHEKeySizing test case following

 - S7102489, PR3316, RH1390708: RFE: cleanup jlong typedef on

 - S8000351, PR3316, RH1390708: Tenuring threshold should be

 - S8153711, PR3315, RH1284948: [REDO] JDWP: Memory Leak :

 - S8170888, PR3316, RH1390708: [linux] Experimental support for

 - PR3318: Replace 'infinality' with 'improved font rendering'

 - PR3324: Fix NSS_LIBDIR substitution in

 - S8165673, PR3320: AArch64: Fix JNI floating point argument

 + S6604109, PR3162 :

 - Add -fno-delete-null-pointer-checks -fno-lifetime-dse to try to directory to be specified versions of IcedTea

This update was imported from the SUSE:SLE-12:Update update project.

Solution

Update the affected java-1_7_0-openjdk packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1034849

Plugin Details

Severity: Critical

ID: 100503

File Name: openSUSE-2017-629.nasl

Version: 3.4

Type: local

Agent: unix

Published: 5/30/2017

Updated: 12/17/2025

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.1

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2017-3289

CVSS v3

Risk Factor: Critical

Base Score: 9.6

Temporal Score: 8.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-devel-debuginfo, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-demo-debuginfo, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-headless-debuginfo, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-src, cpe:/o:novell:opensuse:42.2, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debuginfo, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-devel-debuginfo, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-debugsource, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debugsource, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-headless-debuginfo, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-debuginfo, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-devel, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-headless, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-demo, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-devel, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-accessibility, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-javadoc, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-headless, p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/27/2017

Reference Information

CVE: CVE-2017-3289, CVE-2017-3509, CVE-2017-3511, CVE-2017-3512, CVE-2017-3514, CVE-2017-3526, CVE-2017-3533, CVE-2017-3539, CVE-2017-3544