SUSE-SU-2017:2175-1

Source
https://www.suse.com/support/update/announcement/2017/suse-su-20172175-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2017:2175-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2017:2175-1
Related
  • CVE-2017-10053
  • CVE-2017-10067
  • CVE-2017-10074
  • CVE-2017-10078
  • CVE-2017-10081
  • CVE-2017-10086
  • CVE-2017-10087
  • CVE-2017-10089
  • CVE-2017-10090
  • CVE-2017-10096
  • CVE-2017-10101
  • CVE-2017-10102
  • CVE-2017-10105
  • CVE-2017-10107
  • CVE-2017-10108
  • CVE-2017-10109
  • CVE-2017-10110
  • CVE-2017-10111
  • CVE-2017-10114
  • CVE-2017-10115
  • CVE-2017-10116
  • CVE-2017-10118
  • CVE-2017-10125
  • CVE-2017-10135
  • CVE-2017-10176
  • CVE-2017-10193
  • CVE-2017-10198
  • CVE-2017-10243
Published
2017-08-16T09:33:22Z
Modified
2017-08-16T09:33:22Z
Summary
Security update for java-1_8_0-openjdk
Details

This java-180-openjdk update to version jdk8u141 (icedtea 3.5.0) fixes the following issues:

Security issues fixed: - CVE-2017-10053: Improved image post-processing steps (bsc#1049305) - CVE-2017-10067: Additional jar validation steps (bsc#1049306) - CVE-2017-10074: Image conversion improvements (bsc#1049307) - CVE-2017-10078: Better script accessibility for JavaScript (bsc#1049308) - CVE-2017-10081: Right parenthesis issue (bsc#1049309) - CVE-2017-10086: Unspecified vulnerability in subcomponent JavaFX (bsc#1049310) - CVE-2017-10087: Better Thread Pool execution (bsc#1049311) - CVE-2017-10089: Service Registration Lifecycle (bsc#1049312) - CVE-2017-10090: Better handling of channel groups (bsc#1049313) - CVE-2017-10096: Transform Transformer Exceptions (bsc#1049314) - CVE-2017-10101: Better reading of text catalogs (bsc#1049315) - CVE-2017-10102: Improved garbage collection (bsc#1049316) - CVE-2017-10105: Unspecified vulnerability in subcomponent deployment (bsc#1049317) - CVE-2017-10107: Less Active Activations (bsc#1049318) - CVE-2017-10108: Better naming attribution (bsc#1049319) - CVE-2017-10109: Better sourcing of code (bsc#1049320) - CVE-2017-10110: Better image fetching (bsc#1049321) - CVE-2017-10111: Rearrange MethodHandle arrangements (bsc#1049322) - CVE-2017-10114: Unspecified vulnerability in subcomponent JavaFX (bsc#1049323) - CVE-2017-10115: Higher quality DSA operations (bsc#1049324) - CVE-2017-10116: Proper directory lookup processing (bsc#1049325) - CVE-2017-10118: Higher quality ECDSA operations (bsc#1049326) - CVE-2017-10125: Unspecified vulnerability in subcomponent deployment (bsc#1049327) - CVE-2017-10135: Better handling of PKCS8 material (bsc#1049328) - CVE-2017-10176: Additional elliptic curve support (bsc#1049329) - CVE-2017-10193: Improve algorithm constraints implementation (bsc#1049330) - CVE-2017-10198: Clear certificate chain connections (bsc#1049331) - CVE-2017-10243: Unspecified vulnerability in subcomponent JAX-WS (bsc#1049332)

Bug fixes: - Check registry registration location - Improved certificate processing - JMX diagnostic improvements - Update to libpng 1.6.28 - Import of OpenJDK 8 u141 build 15 (bsc#1049302)

New features: - Support using RSAandMGF1 with the SHA hash algorithms in the PKCS11 provider

References

Affected packages

SUSE:OpenStack Cloud 6 / java-1_8_0-openjdk

Package

Name
java-1_8_0-openjdk
Purl
purl:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20OpenStack%20Cloud%206

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.0.144-27.5.3

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-openjdk-demo": "1.8.0.144-27.5.3",
            "java-1_8_0-openjdk": "1.8.0.144-27.5.3",
            "java-1_8_0-openjdk-devel": "1.8.0.144-27.5.3",
            "java-1_8_0-openjdk-headless": "1.8.0.144-27.5.3"
        }
    ]
}

SUSE:Linux Enterprise Desktop 12 SP2 / java-1_8_0-openjdk

Package

Name
java-1_8_0-openjdk
Purl
purl:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.0.144-27.5.3

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-openjdk": "1.8.0.144-27.5.3",
            "java-1_8_0-openjdk-headless": "1.8.0.144-27.5.3"
        }
    ]
}

SUSE:Linux Enterprise Desktop 12 SP3 / java-1_8_0-openjdk

Package

Name
java-1_8_0-openjdk
Purl
purl:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.0.144-27.5.3

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-openjdk": "1.8.0.144-27.5.3",
            "java-1_8_0-openjdk-headless": "1.8.0.144-27.5.3"
        }
    ]
}

SUSE:Linux Enterprise Server for Raspberry Pi 12 SP2 / java-1_8_0-openjdk

Package

Name
java-1_8_0-openjdk
Purl
purl:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.0.144-27.5.3

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-openjdk-demo": "1.8.0.144-27.5.3",
            "java-1_8_0-openjdk": "1.8.0.144-27.5.3",
            "java-1_8_0-openjdk-devel": "1.8.0.144-27.5.3",
            "java-1_8_0-openjdk-headless": "1.8.0.144-27.5.3"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP1 / java-1_8_0-openjdk

Package

Name
java-1_8_0-openjdk
Purl
purl:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.0.144-27.5.3

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-openjdk-demo": "1.8.0.144-27.5.3",
            "java-1_8_0-openjdk": "1.8.0.144-27.5.3",
            "java-1_8_0-openjdk-devel": "1.8.0.144-27.5.3",
            "java-1_8_0-openjdk-headless": "1.8.0.144-27.5.3"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP1-LTSS / java-1_8_0-openjdk

Package

Name
java-1_8_0-openjdk
Purl
purl:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.0.144-27.5.3

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-openjdk-demo": "1.8.0.144-27.5.3",
            "java-1_8_0-openjdk": "1.8.0.144-27.5.3",
            "java-1_8_0-openjdk-devel": "1.8.0.144-27.5.3",
            "java-1_8_0-openjdk-headless": "1.8.0.144-27.5.3"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP2 / java-1_8_0-openjdk

Package

Name
java-1_8_0-openjdk
Purl
purl:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.0.144-27.5.3

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-openjdk-demo": "1.8.0.144-27.5.3",
            "java-1_8_0-openjdk": "1.8.0.144-27.5.3",
            "java-1_8_0-openjdk-devel": "1.8.0.144-27.5.3",
            "java-1_8_0-openjdk-headless": "1.8.0.144-27.5.3"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP2 / java-1_8_0-openjdk

Package

Name
java-1_8_0-openjdk
Purl
purl:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.0.144-27.5.3

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-openjdk-demo": "1.8.0.144-27.5.3",
            "java-1_8_0-openjdk": "1.8.0.144-27.5.3",
            "java-1_8_0-openjdk-devel": "1.8.0.144-27.5.3",
            "java-1_8_0-openjdk-headless": "1.8.0.144-27.5.3"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP3 / java-1_8_0-openjdk

Package

Name
java-1_8_0-openjdk
Purl
purl:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.0.144-27.5.3

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-openjdk-demo": "1.8.0.144-27.5.3",
            "java-1_8_0-openjdk": "1.8.0.144-27.5.3",
            "java-1_8_0-openjdk-devel": "1.8.0.144-27.5.3",
            "java-1_8_0-openjdk-headless": "1.8.0.144-27.5.3"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP3 / java-1_8_0-openjdk

Package

Name
java-1_8_0-openjdk
Purl
purl:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.0.144-27.5.3

Ecosystem specific

{
    "binaries": [
        {
            "java-1_8_0-openjdk-demo": "1.8.0.144-27.5.3",
            "java-1_8_0-openjdk": "1.8.0.144-27.5.3",
            "java-1_8_0-openjdk-devel": "1.8.0.144-27.5.3",
            "java-1_8_0-openjdk-headless": "1.8.0.144-27.5.3"
        }
    ]
}