drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in OpenJDK
Name: |
Mehrere Probleme in OpenJDK |
|
ID: |
SUSE-SU-2017:2175-1 |
|
Distribution: |
SUSE |
|
Plattformen: |
SUSE Linux Enterprise Server for SAP 12-SP1, SUSE OpenStack Cloud 6, SUSE Linux Enterprise Desktop 12-SP2, SUSE Linux Enterprise Server 12-SP2, SUSE Linux Enterprise Server for Raspberry Pi 12-SP2, SUSE Linux Enterprise Server 12-SP1-LTSS, SUSE Linux Enterprise Desktop 12-SP3, SUSE Linux Enterprise Server 12-SP3 |
|
Datum: |
Mi, 16. August 2017, 16:32 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10198
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10053
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10114
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10074
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10086
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10176
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10105
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10081
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10101
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10193
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10116
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10107
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10111
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10109
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10090
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10089
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10067
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10096
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10243
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10118
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10110
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10078
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10087
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10102
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10135
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10115
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10125
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10108 |
|
Applikationen: |
OpenJDK |
|
Originalnachricht |
SUSE Security Update: Security update for java-1_8_0-openjdk ______________________________________________________________________________
Announcement ID: SUSE-SU-2017:2175-1 Rating: important References: #1049302 #1049305 #1049306 #1049307 #1049308 #1049309 #1049310 #1049311 #1049312 #1049313 #1049314 #1049315 #1049316 #1049317 #1049318 #1049319 #1049320 #1049321 #1049322 #1049323 #1049324 #1049325 #1049326 #1049327 #1049328 #1049329 #1049330 #1049331 #1049332 Cross-References: CVE-2017-10053 CVE-2017-10067 CVE-2017-10074 CVE-2017-10078 CVE-2017-10081 CVE-2017-10086 CVE-2017-10087 CVE-2017-10089 CVE-2017-10090 CVE-2017-10096 CVE-2017-10101 CVE-2017-10102 CVE-2017-10105 CVE-2017-10107 CVE-2017-10108 CVE-2017-10109 CVE-2017-10110 CVE-2017-10111 CVE-2017-10114 CVE-2017-10115 CVE-2017-10116 CVE-2017-10118 CVE-2017-10125 CVE-2017-10135 CVE-2017-10176 CVE-2017-10193 CVE-2017-10198 CVE-2017-10243 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________
An update that solves 28 vulnerabilities and has one errata is now available.
Description:
This java-1_8_0-openjdk update to version jdk8u141 (icedtea 3.5.0) fixes the following issues:
Security issues fixed: - CVE-2017-10053: Improved image post-processing steps (bsc#1049305) - CVE-2017-10067: Additional jar validation steps (bsc#1049306) - CVE-2017-10074: Image conversion improvements (bsc#1049307) - CVE-2017-10078: Better script accessibility for JavaScript (bsc#1049308) - CVE-2017-10081: Right parenthesis issue (bsc#1049309) - CVE-2017-10086: Unspecified vulnerability in subcomponent JavaFX (bsc#1049310) - CVE-2017-10087: Better Thread Pool execution (bsc#1049311) - CVE-2017-10089: Service Registration Lifecycle (bsc#1049312) - CVE-2017-10090: Better handling of channel groups (bsc#1049313) - CVE-2017-10096: Transform Transformer Exceptions (bsc#1049314) - CVE-2017-10101: Better reading of text catalogs (bsc#1049315) - CVE-2017-10102: Improved garbage collection (bsc#1049316) - CVE-2017-10105: Unspecified vulnerability in subcomponent deployment (bsc#1049317) - CVE-2017-10107: Less Active Activations (bsc#1049318) - CVE-2017-10108: Better naming attribution (bsc#1049319) - CVE-2017-10109: Better sourcing of code (bsc#1049320) - CVE-2017-10110: Better image fetching (bsc#1049321) - CVE-2017-10111: Rearrange MethodHandle arrangements (bsc#1049322) - CVE-2017-10114: Unspecified vulnerability in subcomponent JavaFX (bsc#1049323) - CVE-2017-10115: Higher quality DSA operations (bsc#1049324) - CVE-2017-10116: Proper directory lookup processing (bsc#1049325) - CVE-2017-10118: Higher quality ECDSA operations (bsc#1049326) - CVE-2017-10125: Unspecified vulnerability in subcomponent deployment (bsc#1049327) - CVE-2017-10135: Better handling of PKCS8 material (bsc#1049328) - CVE-2017-10176: Additional elliptic curve support (bsc#1049329) - CVE-2017-10193: Improve algorithm constraints implementation (bsc#1049330) - CVE-2017-10198: Clear certificate chain connections (bsc#1049331) - CVE-2017-10243: Unspecified vulnerability in subcomponent JAX-WS (bsc#1049332)
Bug fixes: - Check registry registration location - Improved certificate processing - JMX diagnostic improvements - Update to libpng 1.6.28 - Import of OpenJDK 8 u141 build 15 (bsc#1049302)
New features: - Support using RSAandMGF1 with the SHA hash algorithms in the PKCS11 provider
Patch Instructions:
To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product:
- SUSE OpenStack Cloud 6:
zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1337=1
- SUSE Linux Enterprise Server for SAP 12-SP1:
zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1337=1
- SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:
zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1337=1
- SUSE Linux Enterprise Server 12-SP3:
zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1337=1
- SUSE Linux Enterprise Server 12-SP2:
zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1337=1
- SUSE Linux Enterprise Server 12-SP1-LTSS:
zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1337=1
- SUSE Linux Enterprise Desktop 12-SP3:
zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1337=1
- SUSE Linux Enterprise Desktop 12-SP2:
zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1337=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE OpenStack Cloud 6 (x86_64):
java-1_8_0-openjdk-1.8.0.144-27.5.3 java-1_8_0-openjdk-debuginfo-1.8.0.144-27.5.3 java-1_8_0-openjdk-debugsource-1.8.0.144-27.5.3 java-1_8_0-openjdk-demo-1.8.0.144-27.5.3 java-1_8_0-openjdk-demo-debuginfo-1.8.0.144-27.5.3 java-1_8_0-openjdk-devel-1.8.0.144-27.5.3 java-1_8_0-openjdk-headless-1.8.0.144-27.5.3 java-1_8_0-openjdk-headless-debuginfo-1.8.0.144-27.5.3
- SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64):
java-1_8_0-openjdk-1.8.0.144-27.5.3 java-1_8_0-openjdk-debuginfo-1.8.0.144-27.5.3 java-1_8_0-openjdk-debugsource-1.8.0.144-27.5.3 java-1_8_0-openjdk-demo-1.8.0.144-27.5.3 java-1_8_0-openjdk-demo-debuginfo-1.8.0.144-27.5.3 java-1_8_0-openjdk-devel-1.8.0.144-27.5.3 java-1_8_0-openjdk-headless-1.8.0.144-27.5.3 java-1_8_0-openjdk-headless-debuginfo-1.8.0.144-27.5.3
- SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64):
java-1_8_0-openjdk-1.8.0.144-27.5.3 java-1_8_0-openjdk-debuginfo-1.8.0.144-27.5.3 java-1_8_0-openjdk-debugsource-1.8.0.144-27.5.3 java-1_8_0-openjdk-demo-1.8.0.144-27.5.3 java-1_8_0-openjdk-demo-debuginfo-1.8.0.144-27.5.3 java-1_8_0-openjdk-devel-1.8.0.144-27.5.3 java-1_8_0-openjdk-devel-debuginfo-1.8.0.144-27.5.3 java-1_8_0-openjdk-headless-1.8.0.144-27.5.3 java-1_8_0-openjdk-headless-debuginfo-1.8.0.144-27.5.3
- SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64):
java-1_8_0-openjdk-1.8.0.144-27.5.3 java-1_8_0-openjdk-debuginfo-1.8.0.144-27.5.3 java-1_8_0-openjdk-debugsource-1.8.0.144-27.5.3 java-1_8_0-openjdk-demo-1.8.0.144-27.5.3 java-1_8_0-openjdk-demo-debuginfo-1.8.0.144-27.5.3 java-1_8_0-openjdk-devel-1.8.0.144-27.5.3 java-1_8_0-openjdk-devel-debuginfo-1.8.0.144-27.5.3 java-1_8_0-openjdk-headless-1.8.0.144-27.5.3 java-1_8_0-openjdk-headless-debuginfo-1.8.0.144-27.5.3
- SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64):
java-1_8_0-openjdk-1.8.0.144-27.5.3 java-1_8_0-openjdk-debuginfo-1.8.0.144-27.5.3 java-1_8_0-openjdk-debugsource-1.8.0.144-27.5.3 java-1_8_0-openjdk-demo-1.8.0.144-27.5.3 java-1_8_0-openjdk-demo-debuginfo-1.8.0.144-27.5.3 java-1_8_0-openjdk-devel-1.8.0.144-27.5.3 java-1_8_0-openjdk-devel-debuginfo-1.8.0.144-27.5.3 java-1_8_0-openjdk-headless-1.8.0.144-27.5.3 java-1_8_0-openjdk-headless-debuginfo-1.8.0.144-27.5.3
- SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64):
java-1_8_0-openjdk-1.8.0.144-27.5.3 java-1_8_0-openjdk-debuginfo-1.8.0.144-27.5.3 java-1_8_0-openjdk-debugsource-1.8.0.144-27.5.3 java-1_8_0-openjdk-demo-1.8.0.144-27.5.3 java-1_8_0-openjdk-demo-debuginfo-1.8.0.144-27.5.3 java-1_8_0-openjdk-devel-1.8.0.144-27.5.3 java-1_8_0-openjdk-headless-1.8.0.144-27.5.3 java-1_8_0-openjdk-headless-debuginfo-1.8.0.144-27.5.3
- SUSE Linux Enterprise Desktop 12-SP3 (x86_64):
java-1_8_0-openjdk-1.8.0.144-27.5.3 java-1_8_0-openjdk-debuginfo-1.8.0.144-27.5.3 java-1_8_0-openjdk-debugsource-1.8.0.144-27.5.3 java-1_8_0-openjdk-headless-1.8.0.144-27.5.3 java-1_8_0-openjdk-headless-debuginfo-1.8.0.144-27.5.3
- SUSE Linux Enterprise Desktop 12-SP2 (x86_64):
java-1_8_0-openjdk-1.8.0.144-27.5.3 java-1_8_0-openjdk-debuginfo-1.8.0.144-27.5.3 java-1_8_0-openjdk-debugsource-1.8.0.144-27.5.3 java-1_8_0-openjdk-headless-1.8.0.144-27.5.3 java-1_8_0-openjdk-headless-debuginfo-1.8.0.144-27.5.3
References:
https://www.suse.com/security/cve/CVE-2017-10053.html https://www.suse.com/security/cve/CVE-2017-10067.html https://www.suse.com/security/cve/CVE-2017-10074.html https://www.suse.com/security/cve/CVE-2017-10078.html https://www.suse.com/security/cve/CVE-2017-10081.html https://www.suse.com/security/cve/CVE-2017-10086.html https://www.suse.com/security/cve/CVE-2017-10087.html https://www.suse.com/security/cve/CVE-2017-10089.html https://www.suse.com/security/cve/CVE-2017-10090.html https://www.suse.com/security/cve/CVE-2017-10096.html https://www.suse.com/security/cve/CVE-2017-10101.html https://www.suse.com/security/cve/CVE-2017-10102.html https://www.suse.com/security/cve/CVE-2017-10105.html https://www.suse.com/security/cve/CVE-2017-10107.html https://www.suse.com/security/cve/CVE-2017-10108.html https://www.suse.com/security/cve/CVE-2017-10109.html https://www.suse.com/security/cve/CVE-2017-10110.html https://www.suse.com/security/cve/CVE-2017-10111.html https://www.suse.com/security/cve/CVE-2017-10114.html https://www.suse.com/security/cve/CVE-2017-10115.html https://www.suse.com/security/cve/CVE-2017-10116.html https://www.suse.com/security/cve/CVE-2017-10118.html https://www.suse.com/security/cve/CVE-2017-10125.html https://www.suse.com/security/cve/CVE-2017-10135.html https://www.suse.com/security/cve/CVE-2017-10176.html https://www.suse.com/security/cve/CVE-2017-10193.html https://www.suse.com/security/cve/CVE-2017-10198.html https://www.suse.com/security/cve/CVE-2017-10243.html https://bugzilla.suse.com/1049302 https://bugzilla.suse.com/1049305 https://bugzilla.suse.com/1049306 https://bugzilla.suse.com/1049307 https://bugzilla.suse.com/1049308 https://bugzilla.suse.com/1049309 https://bugzilla.suse.com/1049310 https://bugzilla.suse.com/1049311 https://bugzilla.suse.com/1049312 https://bugzilla.suse.com/1049313 https://bugzilla.suse.com/1049314 https://bugzilla.suse.com/1049315 https://bugzilla.suse.com/1049316 https://bugzilla.suse.com/1049317 https://bugzilla.suse.com/1049318 https://bugzilla.suse.com/1049319 https://bugzilla.suse.com/1049320 https://bugzilla.suse.com/1049321 https://bugzilla.suse.com/1049322 https://bugzilla.suse.com/1049323 https://bugzilla.suse.com/1049324 https://bugzilla.suse.com/1049325 https://bugzilla.suse.com/1049326 https://bugzilla.suse.com/1049327 https://bugzilla.suse.com/1049328 https://bugzilla.suse.com/1049329 https://bugzilla.suse.com/1049330 https://bugzilla.suse.com/1049331 https://bugzilla.suse.com/1049332
-- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org
|
|
|
|