You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa java-1_7_0-openjdk

Sigurnosni nedostaci programskog paketa java-1_7_0-openjdk

openSUSE Security Update: Security update for java-1_7_0-openjdk
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:0042-1
Rating: important
References: #1049305 #1049306 #1049307 #1049309 #1049310
#1049311 #1049312 #1049313 #1049314 #1049315
#1049316 #1049317 #1049318 #1049319 #1049320
#1049321 #1049322 #1049323 #1049324 #1049325
#1049326 #1049327 #1049328 #1049329 #1049330
#1049331 #1049332 #1052318 #1064071 #1064072
#1064073 #1064075 #1064077 #1064078 #1064079
#1064080 #1064081 #1064082 #1064083 #1064084
#1064085 #1064086
Cross-References: CVE-2016-10165 CVE-2016-9840 CVE-2016-9841
CVE-2016-9842 CVE-2016-9843 CVE-2017-10053
CVE-2017-10067 CVE-2017-10074 CVE-2017-10081
CVE-2017-10086 CVE-2017-10087 CVE-2017-10089
CVE-2017-10090 CVE-2017-10096 CVE-2017-10101
CVE-2017-10102 CVE-2017-10105 CVE-2017-10107
CVE-2017-10108 CVE-2017-10109 CVE-2017-10110
CVE-2017-10111 CVE-2017-10114 CVE-2017-10115
CVE-2017-10116 CVE-2017-10118 CVE-2017-10125
CVE-2017-10135 CVE-2017-10176 CVE-2017-10193
CVE-2017-10198 CVE-2017-10243 CVE-2017-10274
CVE-2017-10281 CVE-2017-10285 CVE-2017-10295
CVE-2017-10345 CVE-2017-10346 CVE-2017-10347
CVE-2017-10348 CVE-2017-10349 CVE-2017-10350
CVE-2017-10355 CVE-2017-10356 CVE-2017-10357
CVE-2017-10388
Affected Products:
openSUSE Leap 42.3
openSUSE Leap 42.2
______________________________________________________________________________

An update that fixes 46 vulnerabilities is now available.

Description:

This update for java-1_7_0-openjdk fixes the following issues:

Security issues fixed:

– CVE-2017-10356: Fix issue inside subcomponent Security (bsc#1064084).
– CVE-2017-10274: Fix issue inside subcomponent Smart Card IO
(bsc#1064071).
– CVE-2017-10281: Fix issue inside subcomponent Serialization
(bsc#1064072).
– CVE-2017-10285: Fix issue inside subcomponent RMI (bsc#1064073).
– CVE-2017-10295: Fix issue inside subcomponent Networking (bsc#1064075).
– CVE-2017-10388: Fix issue inside subcomponent Libraries (bsc#1064086).
– CVE-2017-10346: Fix issue inside subcomponent Hotspot (bsc#1064078).
– CVE-2017-10350: Fix issue inside subcomponent JAX-WS (bsc#1064082).
– CVE-2017-10347: Fix issue inside subcomponent Serialization
(bsc#1064079).
– CVE-2017-10349: Fix issue inside subcomponent JAXP (bsc#1064081).
– CVE-2017-10345: Fix issue inside subcomponent Serialization
(bsc#1064077).
– CVE-2017-10348: Fix issue inside subcomponent Libraries (bsc#1064080).
– CVE-2017-10357: Fix issue inside subcomponent Serialization
(bsc#1064085).
– CVE-2017-10355: Fix issue inside subcomponent Networking (bsc#1064083).
– CVE-2017-10102: Fix incorrect handling of references in DGC
(bsc#1049316).
– CVE-2017-10053: Fix reading of unprocessed image data in JPEGImageReader
(bsc#1049305).
– CVE-2017-10067: Fix JAR verifier incorrect handling of missing digest
(bsc#1049306).
– CVE-2017-10081: Fix incorrect bracket processing in function signature
handling (bsc#1049309).
– CVE-2017-10087: Fix insufficient access control checks in
ThreadPoolExecutor (bsc#1049311).
– CVE-2017-10089: Fix insufficient access control checks in
ServiceRegistry (bsc#1049312).
– CVE-2017-10090: Fix insufficient access control checks in
AsynchronousChannelGroupImpl (bsc#1049313).
– CVE-2017-10096: Fix insufficient access control checks in XML
transformations (bsc#1049314).
– CVE-2017-10101: Fix unrestricted access to
com.sun.org.apache.xml.internal.resolver (bsc#1049315).
– CVE-2017-10107: Fix insufficient access control checks in ActivationID
(bsc#1049318).
– CVE-2017-10074: Fix integer overflows in range check loop predicates
(bsc#1049307).
– CVE-2017-10110: Fix insufficient access control checks in ImageWatched
(bsc#1049321).
– CVE-2017-10108: Fix unbounded memory allocation in BasicAttribute
deserialization (bsc#1049319).
– CVE-2017-10109: Fix unbounded memory allocation in CodeSource
deserialization (bsc#1049320).
– CVE-2017-10115: Fix unspecified vulnerability in subcomponent JCE
(bsc#1049324).
– CVE-2017-10118: Fix ECDSA implementation timing attack (bsc#1049326).
– CVE-2017-10116: Fix LDAPCertStore following referrals to non-LDAP URL
(bsc#1049325).
– CVE-2017-10135: Fix PKCS#8 implementation timing attack (bsc#1049328).
– CVE-2017-10176: Fix incorrect handling of certain EC points
(bsc#1049329).
– CVE-2017-10074: Fix integer overflows in range check loop predicates
(bsc#1049307).
– CVE-2017-10074: Fix integer overflows in range check loop predicates
(bsc#1049307).
– CVE-2017-10111: Fix checks in LambdaFormEditor (bsc#1049322).
– CVE-2017-10243: Fix unspecified vulnerability in subcomponent JAX-WS
(bsc#1049332).
– CVE-2017-10125: Fix unspecified vulnerability in subcomponent deployment
(bsc#1049327).
– CVE-2017-10114: Fix unspecified vulnerability in subcomponent JavaFX
(bsc#1049323).
– CVE-2017-10105: Fix unspecified vulnerability in subcomponent deployment
(bsc#1049317).
– CVE-2017-10086: Fix unspecified in subcomponent JavaFX (bsc#1049310).
– CVE-2017-10198: Fix incorrect enforcement of certificate path
restrictions (bsc#1049331).
– CVE-2017-10193: Fix incorrect key size constraint check (bsc#1049330).

Bug fixes:

– Drop Exec Shield workaround to fix crashes on recent kernels, where Exec
Shield is gone (bsc#1052318).

This update was imported from the SUSE:SLE-12:Update update project.

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-14=1

– openSUSE Leap 42.2:

zypper in -t patch openSUSE-2018-14=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– openSUSE Leap 42.3 (i586 x86_64):

java-1_7_0-openjdk-1.7.0.161-45.1
java-1_7_0-openjdk-accessibility-1.7.0.161-45.1
java-1_7_0-openjdk-bootstrap-1.7.0.161-45.1
java-1_7_0-openjdk-bootstrap-debuginfo-1.7.0.161-45.1
java-1_7_0-openjdk-bootstrap-debugsource-1.7.0.161-45.1
java-1_7_0-openjdk-bootstrap-devel-1.7.0.161-45.1
java-1_7_0-openjdk-bootstrap-devel-debuginfo-1.7.0.161-45.1
java-1_7_0-openjdk-bootstrap-headless-1.7.0.161-45.1
java-1_7_0-openjdk-bootstrap-headless-debuginfo-1.7.0.161-45.1
java-1_7_0-openjdk-debuginfo-1.7.0.161-45.1
java-1_7_0-openjdk-debugsource-1.7.0.161-45.1
java-1_7_0-openjdk-demo-1.7.0.161-45.1
java-1_7_0-openjdk-demo-debuginfo-1.7.0.161-45.1
java-1_7_0-openjdk-devel-1.7.0.161-45.1
java-1_7_0-openjdk-devel-debuginfo-1.7.0.161-45.1
java-1_7_0-openjdk-headless-1.7.0.161-45.1
java-1_7_0-openjdk-headless-debuginfo-1.7.0.161-45.1
java-1_7_0-openjdk-src-1.7.0.161-45.1

– openSUSE Leap 42.3 (noarch):

java-1_7_0-openjdk-javadoc-1.7.0.161-45.1

– openSUSE Leap 42.2 (i586 x86_64):

java-1_7_0-openjdk-1.7.0.161-42.6.1
java-1_7_0-openjdk-accessibility-1.7.0.161-42.6.1
java-1_7_0-openjdk-bootstrap-1.7.0.161-42.6.1
java-1_7_0-openjdk-bootstrap-debuginfo-1.7.0.161-42.6.1
java-1_7_0-openjdk-bootstrap-debugsource-1.7.0.161-42.6.1
java-1_7_0-openjdk-bootstrap-devel-1.7.0.161-42.6.1
java-1_7_0-openjdk-bootstrap-devel-debuginfo-1.7.0.161-42.6.1
java-1_7_0-openjdk-bootstrap-headless-1.7.0.161-42.6.1
java-1_7_0-openjdk-bootstrap-headless-debuginfo-1.7.0.161-42.6.1
java-1_7_0-openjdk-debuginfo-1.7.0.161-42.6.1
java-1_7_0-openjdk-debugsource-1.7.0.161-42.6.1
java-1_7_0-openjdk-demo-1.7.0.161-42.6.1
java-1_7_0-openjdk-demo-debuginfo-1.7.0.161-42.6.1
java-1_7_0-openjdk-devel-1.7.0.161-42.6.1
java-1_7_0-openjdk-devel-debuginfo-1.7.0.161-42.6.1
java-1_7_0-openjdk-headless-1.7.0.161-42.6.1
java-1_7_0-openjdk-headless-debuginfo-1.7.0.161-42.6.1
java-1_7_0-openjdk-src-1.7.0.161-42.6.1

– openSUSE Leap 42.2 (noarch):

java-1_7_0-openjdk-javadoc-1.7.0.161-42.6.1

References:

https://www.suse.com/security/cve/CVE-2016-10165.html
https://www.suse.com/security/cve/CVE-2016-9840.html
https://www.suse.com/security/cve/CVE-2016-9841.html
https://www.suse.com/security/cve/CVE-2016-9842.html
https://www.suse.com/security/cve/CVE-2016-9843.html
https://www.suse.com/security/cve/CVE-2017-10053.html
https://www.suse.com/security/cve/CVE-2017-10067.html
https://www.suse.com/security/cve/CVE-2017-10074.html
https://www.suse.com/security/cve/CVE-2017-10081.html
https://www.suse.com/security/cve/CVE-2017-10086.html
https://www.suse.com/security/cve/CVE-2017-10087.html
https://www.suse.com/security/cve/CVE-2017-10089.html
https://www.suse.com/security/cve/CVE-2017-10090.html
https://www.suse.com/security/cve/CVE-2017-10096.html
https://www.suse.com/security/cve/CVE-2017-10101.html
https://www.suse.com/security/cve/CVE-2017-10102.html
https://www.suse.com/security/cve/CVE-2017-10105.html
https://www.suse.com/security/cve/CVE-2017-10107.html
https://www.suse.com/security/cve/CVE-2017-10108.html
https://www.suse.com/security/cve/CVE-2017-10109.html
https://www.suse.com/security/cve/CVE-2017-10110.html
https://www.suse.com/security/cve/CVE-2017-10111.html
https://www.suse.com/security/cve/CVE-2017-10114.html
https://www.suse.com/security/cve/CVE-2017-10115.html
https://www.suse.com/security/cve/CVE-2017-10116.html
https://www.suse.com/security/cve/CVE-2017-10118.html
https://www.suse.com/security/cve/CVE-2017-10125.html
https://www.suse.com/security/cve/CVE-2017-10135.html
https://www.suse.com/security/cve/CVE-2017-10176.html
https://www.suse.com/security/cve/CVE-2017-10193.html
https://www.suse.com/security/cve/CVE-2017-10198.html
https://www.suse.com/security/cve/CVE-2017-10243.html
https://www.suse.com/security/cve/CVE-2017-10274.html
https://www.suse.com/security/cve/CVE-2017-10281.html
https://www.suse.com/security/cve/CVE-2017-10285.html
https://www.suse.com/security/cve/CVE-2017-10295.html
https://www.suse.com/security/cve/CVE-2017-10345.html
https://www.suse.com/security/cve/CVE-2017-10346.html
https://www.suse.com/security/cve/CVE-2017-10347.html
https://www.suse.com/security/cve/CVE-2017-10348.html
https://www.suse.com/security/cve/CVE-2017-10349.html
https://www.suse.com/security/cve/CVE-2017-10350.html
https://www.suse.com/security/cve/CVE-2017-10355.html
https://www.suse.com/security/cve/CVE-2017-10356.html
https://www.suse.com/security/cve/CVE-2017-10357.html
https://www.suse.com/security/cve/CVE-2017-10388.html
https://bugzilla.suse.com/1049305
https://bugzilla.suse.com/1049306
https://bugzilla.suse.com/1049307
https://bugzilla.suse.com/1049309
https://bugzilla.suse.com/1049310
https://bugzilla.suse.com/1049311
https://bugzilla.suse.com/1049312
https://bugzilla.suse.com/1049313
https://bugzilla.suse.com/1049314
https://bugzilla.suse.com/1049315
https://bugzilla.suse.com/1049316
https://bugzilla.suse.com/1049317
https://bugzilla.suse.com/1049318
https://bugzilla.suse.com/1049319
https://bugzilla.suse.com/1049320
https://bugzilla.suse.com/1049321
https://bugzilla.suse.com/1049322
https://bugzilla.suse.com/1049323
https://bugzilla.suse.com/1049324
https://bugzilla.suse.com/1049325
https://bugzilla.suse.com/1049326
https://bugzilla.suse.com/1049327
https://bugzilla.suse.com/1049328
https://bugzilla.suse.com/1049329
https://bugzilla.suse.com/1049330
https://bugzilla.suse.com/1049331
https://bugzilla.suse.com/1049332
https://bugzilla.suse.com/1052318
https://bugzilla.suse.com/1064071
https://bugzilla.suse.com/1064072
https://bugzilla.suse.com/1064073
https://bugzilla.suse.com/1064075
https://bugzilla.suse.com/1064077
https://bugzilla.suse.com/1064078
https://bugzilla.suse.com/1064079
https://bugzilla.suse.com/1064080
https://bugzilla.suse.com/1064081
https://bugzilla.suse.com/1064082
https://bugzilla.suse.com/1064083
https://bugzilla.suse.com/1064084
https://bugzilla.suse.com/1064085
https://bugzilla.suse.com/1064086


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

Top
More in Preporuke
Nadogradnja za operativni sustav macOS High Sierra

Apple je izdao nadogradnju za operativni sustav macOS High Sierra. Izdana nadogradnja ispravlja sigurnosni nedostatak koji potencijalnim napadačima omogućuje otkrivanje...

Close