This update for java-1_8_0-openjdk fixes the following issues :
Upgrade to version jdk8u131 (icedtea 3.4.0) - bsc#1034849
Security fixes
S8163520, CVE-2017-3509: Reuse cache entries
S8163528, CVE-2017-3511: Better library loading
S8165626, CVE-2017-3512: Improved window framing
S8167110, CVE-2017-3514: Windows peering issue
S8168699: Validate special case invocations
S8169011, CVE-2017-3526: Resizing XML parse trees
S8170222, CVE-2017-3533: Better transfers of files
S8171121, CVE-2017-3539: Enhancing jar checking
S8171533, CVE-2017-3544: Better email transfer
S8172299: Improve class processing
New features
PR1969: Add AArch32 JIT port
PR3297: Allow Shenandoah to be used on AArch64
PR3340: jstack.stp should support AArch64
Import of OpenJDK 8 u131 build 11
S6474807: (smartcardio) CardTerminal.connect() throws CardException instead of CardNotPresentException
S6515172, PR3346: Runtime.availableProcessors() ignores Linux taskset command
S7155957:
closed/java/awt/MenuBar/MenuBarStress1/MenuBarStress1.ja va hangs on win 64 bit with jdk8
S7167293: FtpURLConnection connection leak on FileNotFoundException
S8035568: [macosx] Cursor management unification
S8079595: Resizing dialog which is JWindow parent makes JVM crash
S8130769: The new menu can’t be shown on the menubar after clicking the ‘Add’ button.
S8146602:
jdk/test/sun/misc/URLClassPath/ClassnameCharTest.java test fails with NullPointerException
S8147842: IME Composition Window is displayed at incorrect location
S8147910, PR3346: Cache initial active_processor_count
S8150490: Update OS detection code to recognize Windows Server 2016
S8160951: [TEST_BUG] javax/xml/bind/marshal/8134111/UnmarshalTest.java should be added into :needs_jre group
S8160958: [TEST_BUG] java/net/SetFactoryPermission/SetFactoryPermission.java should be added into :needs_compact2 group
S8161147: jvm crashes when -XX:+UseCountedLoopSafepoints is enabled
S8161195: Regression:
closed/javax/swing/text/FlowView/LayoutTest.java
S8161993, PR3346: G1 crashes if active_processor_count changes during startup
S8162876: [TEST_BUG] sun/net/www/protocol/http/HttpInputStream.java fails intermittently
S8162916: Test sun/security/krb5/auto/UnboundSSL.java fails
S8164533:
sun/security/ssl/SSLSocketImpl/CloseSocket.java failed with ‘Error while cleaning up threads after test’
S8167179: Make XSL generated namespace prefixes local to transformation process
S8168774: Polymorhic signature method check crashes javac
S8169465: Deadlock in com.sun.jndi.ldap.pool.Connections
S8169589: [macosx] Activating a JDialog puts to back another dialog
S8170307: Stack size option -Xss is ignored
S8170316: (tz) Support tzdata2016j
S8170814: Reuse cache entries (part II)
S8170888, PR3314, RH1284948: [linux] Experimental support for cgroup memory limits in container (ie Docker) environments
S8171388: Update JNDI Thread contexts
S8171949: [macosx] AWT_ZoomFrame Automated tests fail with error: The bitwise mask Frame.ICONIFIED is not setwhen the frame is in ICONIFIED state
S8171952: [macosx] AWT_Modality/Automated/ModalExclusion/NoExclusion/Modele ssDialog test fails as DummyButton on Dialog did not gain focus when clicked.
S8173030: Temporary backout fix #8035568 from 8u131-b03
S8173031: Temporary backout fix #8171952 from 8u131-b03
S8173783, PR3328: IllegalArgumentException:
jdk.tls.namedGroups
S8173931: 8u131 L10n resource file update
S8174844: Incorrect GPL header causes RE script to miss swap to commercial header for licensee source bundle
S8174985: NTLM authentication doesn’t work with IIS if NTLM cache is disabled
S8176044: (tz) Support tzdata2017a
Backports
S6457406, PR3335: javadoc doesn’t handle <a href=“http://…”> properly in producing index pages
S8030245, PR3335: Update langtools to use try-with-resources and multi-catch
S8030253, PR3335: Update langtools to use strings-in-switch
S8030262, PR3335: Update langtools to use foreach loops
S8031113, PR3337: TEST_BUG:
java/nio/channels/AsynchronousChannelGroup/Basic.java fails intermittently
S8031625, PR3335: javadoc problems referencing inner class constructors
S8031649, PR3335: Clean up javadoc tests
S8031670, PR3335: Remove unneeded -source options in javadoc tests
S8032066, PR3335: Serialized form has broken links to non private inner classes of package private
S8034174, PR2290: Remove use of JVM_* functions from java.net code
S8034182, PR2290: Misc. warnings in java.net code
S8035876, PR2290: AIX build issues after ‘8034174:
Remove use of JVM_* functions from java.net code’
S8038730, PR3335: Clean up the way JavadocTester is invoked, and checks for errors.
S8040903, PR3335: Clean up use of BUG_ID in javadoc tests
S8040904, PR3335: Ensure javadoc tests do not overwrite results within tests
S8040908, PR3335: javadoc test TestDocEncoding should use
-notimestamp
S8041150, PR3335: Avoid silly use of static methods in JavadocTester
S8041253, PR3335: Avoid redundant synonyms of NO_TEST
S8043780, PR3368: Use open(O_CLOEXEC) instead of fcntl(FD_CLOEXEC)
S8061305, PR3335: Javadoc crashes when method name ends with ‘Property’
S8072452, PR3337: Support DHE sizes up to 8192-bits and DSA sizes up to 3072-bits
S8075565, PR3337: Define @intermittent jtreg keyword and mark intermittently failing jdk tests
S8075670, PR3337: Remove intermittent keyword from some tests
S8078334, PR3337: Mark regression tests using randomness
S8078880, PR3337: Mark a few more intermittently failuring security-libs
S8133318, PR3337: Exclude intermittent failing PKCS11 tests on Solaris SPARC 11.1 and earlier
S8144539, PR3337: Update PKCS11 tests to run with security manager
S8144566, PR3352: Custom HostnameVerifier disables SNI extension
S8153711, PR3313, RH1284948: [REDO] JDWP: Memory Leak:
GlobalRefs never deleted when processing invokeMethod command
S8155049, PR3352: New tests from 8144566 fail with ‘No expected Server Name Indication’
S8173941, PR3326: SA does not work if executable is DSO
S8174164, PR3334, RH1417266:
SafePointNode::_replaced_nodes breaks with irreducible loops
S8174729, PR3336, RH1420518: Race Condition in java.lang.reflect.WeakCache
S8175097, PR3334, RH1417266: [TESTBUG] 8174164 fix missed the test
Bug fixes
PR3348: Architectures unsupported by SystemTap tapsets throw a parse error
PR3378: Perl should be mandatory
PR3389: javac.in and javah.in should use @PERL@ rather than a hardcoded path
AArch64 port
S8168699, PR3372: Validate special case invocations [AArch64 support]
S8170100, PR3372: AArch64: Crash in C1-compiled code accessing References
S8172881, PR3372: AArch64: assertion failure: the int pressure is incorrect
S8173472, PR3372: AArch64: C1 comparisons with null only use 32-bit instructions
S8177661, PR3372: Correct ad rule output register types from iRegX to iRegXNoSp
AArch32 port
PR3380: Zero should not be enabled by default on arm with the AArch32 HotSpot build
PR3384, S8139303, S8167584: Add support for AArch32 architecture to configure and jdk makefiles
PR3385: aarch32 does not support -Xshare:dump
PR3386, S8164652: AArch32 jvm.cfg wrong for C1 build
PR3387: Installation fails on arm with AArch32 port as INSTALL_ARCH_DIR is arm, not aarch32
PR3388: Wrong path for jvm.cfg being used on arm with AArch32 build
Shenandoah
Fix Shenandoah argument checking on 32bit builds.
Import from Shenandoah tag aarch64-shenandoah-jdk8u101-b14-shenandoah-merge-2016-07
-25
Import from Shenandoah tag aarch64-shenandoah-jdk8u121-b14-shenandoah-merge-2017-02
-20
Import from Shenandoah tag aarch64-shenandoah-jdk8u121-b14-shenandoah-merge-2017-03
-06
Import from Shenandoah tag aarch64-shenandoah-jdk8u121-b14-shenandoah-merge-2017-03
-09
Import from Shenandoah tag aarch64-shenandoah-jdk8u121-b14-shenandoah-merge-2017-03
-23
This update was imported from the SUSE:SLE-12-SP1:Update update project.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2017-662.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(100707);
script_version("3.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2017-3509", "CVE-2017-3511", "CVE-2017-3512", "CVE-2017-3514", "CVE-2017-3526", "CVE-2017-3533", "CVE-2017-3539", "CVE-2017-3544");
script_name(english:"openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2017-662)");
script_summary(english:"Check for the openSUSE-2017-662 patch");
script_set_attribute(
attribute:"synopsis",
value:"The remote openSUSE host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"This update for java-1_8_0-openjdk fixes the following issues :
- Upgrade to version jdk8u131 (icedtea 3.4.0) -
bsc#1034849
- Security fixes
- S8163520, CVE-2017-3509: Reuse cache entries
- S8163528, CVE-2017-3511: Better library loading
- S8165626, CVE-2017-3512: Improved window framing
- S8167110, CVE-2017-3514: Windows peering issue
- S8168699: Validate special case invocations
- S8169011, CVE-2017-3526: Resizing XML parse trees
- S8170222, CVE-2017-3533: Better transfers of files
- S8171121, CVE-2017-3539: Enhancing jar checking
- S8171533, CVE-2017-3544: Better email transfer
- S8172299: Improve class processing
- New features
- PR1969: Add AArch32 JIT port
- PR3297: Allow Shenandoah to be used on AArch64
- PR3340: jstack.stp should support AArch64
- Import of OpenJDK 8 u131 build 11
- S6474807: (smartcardio) CardTerminal.connect() throws
CardException instead of CardNotPresentException
- S6515172, PR3346: Runtime.availableProcessors() ignores
Linux taskset command
- S7155957:
closed/java/awt/MenuBar/MenuBarStress1/MenuBarStress1.ja
va hangs on win 64 bit with jdk8
- S7167293: FtpURLConnection connection leak on
FileNotFoundException
- S8035568: [macosx] Cursor management unification
- S8079595: Resizing dialog which is JWindow parent makes
JVM crash
- S8130769: The new menu can't be shown on the menubar
after clicking the 'Add' button.
- S8146602:
jdk/test/sun/misc/URLClassPath/ClassnameCharTest.java
test fails with NullPointerException
- S8147842: IME Composition Window is displayed at
incorrect location
- S8147910, PR3346: Cache initial active_processor_count
- S8150490: Update OS detection code to recognize Windows
Server 2016
- S8160951: [TEST_BUG]
javax/xml/bind/marshal/8134111/UnmarshalTest.java should
be added into :needs_jre group
- S8160958: [TEST_BUG]
java/net/SetFactoryPermission/SetFactoryPermission.java
should be added into :needs_compact2 group
- S8161147: jvm crashes when -XX:+UseCountedLoopSafepoints
is enabled
- S8161195: Regression:
closed/javax/swing/text/FlowView/LayoutTest.java
- S8161993, PR3346: G1 crashes if active_processor_count
changes during startup
- S8162876: [TEST_BUG]
sun/net/www/protocol/http/HttpInputStream.java fails
intermittently
- S8162916: Test sun/security/krb5/auto/UnboundSSL.java
fails
- S8164533:
sun/security/ssl/SSLSocketImpl/CloseSocket.java failed
with 'Error while cleaning up threads after test'
- S8167179: Make XSL generated namespace prefixes local to
transformation process
- S8168774: Polymorhic signature method check crashes
javac
- S8169465: Deadlock in com.sun.jndi.ldap.pool.Connections
- S8169589: [macosx] Activating a JDialog puts to back
another dialog
- S8170307: Stack size option -Xss is ignored
- S8170316: (tz) Support tzdata2016j
- S8170814: Reuse cache entries (part II)
- S8170888, PR3314, RH1284948: [linux] Experimental
support for cgroup memory limits in container (ie
Docker) environments
- S8171388: Update JNDI Thread contexts
- S8171949: [macosx] AWT_ZoomFrame Automated tests fail
with error: The bitwise mask Frame.ICONIFIED is not
setwhen the frame is in ICONIFIED state
- S8171952: [macosx]
AWT_Modality/Automated/ModalExclusion/NoExclusion/Modele
ssDialog test fails as DummyButton on Dialog did not
gain focus when 	 clicked.
- S8173030: Temporary backout fix #8035568 from 8u131-b03
- S8173031: Temporary backout fix #8171952 from 8u131-b03
- S8173783, PR3328: IllegalArgumentException:
jdk.tls.namedGroups
- S8173931: 8u131 L10n resource file update
- S8174844: Incorrect GPL header causes RE script to miss
swap to commercial header for licensee source bundle
- S8174985: NTLM authentication doesn't work with IIS if
NTLM cache is disabled
- S8176044: (tz) Support tzdata2017a
- Backports
- S6457406, PR3335: javadoc doesn't handle <a
href='http://...'> properly in producing index pages
- S8030245, PR3335: Update langtools to use
try-with-resources and multi-catch
- S8030253, PR3335: Update langtools to use
strings-in-switch
- S8030262, PR3335: Update langtools to use foreach loops
- S8031113, PR3337: TEST_BUG:
java/nio/channels/AsynchronousChannelGroup/Basic.java
fails intermittently
- S8031625, PR3335: javadoc problems referencing inner
class constructors
- S8031649, PR3335: Clean up javadoc tests
- S8031670, PR3335: Remove unneeded -source options in
javadoc tests
- S8032066, PR3335: Serialized form has broken links to
non private inner classes of package private
- S8034174, PR2290: Remove use of JVM_* functions from
java.net code
- S8034182, PR2290: Misc. warnings in java.net code
- S8035876, PR2290: AIX build issues after '8034174:
Remove use of JVM_* functions from java.net code'
- S8038730, PR3335: Clean up the way JavadocTester is
invoked, and checks for errors.
- S8040903, PR3335: Clean up use of BUG_ID in javadoc
tests
- S8040904, PR3335: Ensure javadoc tests do not overwrite
results within tests
- S8040908, PR3335: javadoc test TestDocEncoding should
use
-notimestamp
- S8041150, PR3335: Avoid silly use of static methods in
JavadocTester
- S8041253, PR3335: Avoid redundant synonyms of NO_TEST
- S8043780, PR3368: Use open(O_CLOEXEC) instead of
fcntl(FD_CLOEXEC)
- S8061305, PR3335: Javadoc crashes when method name ends
with 'Property'
- S8072452, PR3337: Support DHE sizes up to 8192-bits and
DSA sizes up to 3072-bits
- S8075565, PR3337: Define @intermittent jtreg keyword and
mark intermittently failing jdk tests
- S8075670, PR3337: Remove intermittent keyword from some
tests
- S8078334, PR3337: Mark regression tests using randomness
- S8078880, PR3337: Mark a few more intermittently
failuring security-libs
- S8133318, PR3337: Exclude intermittent failing PKCS11
tests on Solaris SPARC 11.1 and earlier
- S8144539, PR3337: Update PKCS11 tests to run with
security manager
- S8144566, PR3352: Custom HostnameVerifier disables SNI
extension
- S8153711, PR3313, RH1284948: [REDO] JDWP: Memory Leak:
GlobalRefs never deleted when processing invokeMethod
command
- S8155049, PR3352: New tests from 8144566 fail with 'No
expected Server Name Indication'
- S8173941, PR3326: SA does not work if executable is DSO
- S8174164, PR3334, RH1417266:
SafePointNode::_replaced_nodes breaks with irreducible
loops
- S8174729, PR3336, RH1420518: Race Condition in
java.lang.reflect.WeakCache
- S8175097, PR3334, RH1417266: [TESTBUG] 8174164 fix
missed the test
- Bug fixes
- PR3348: Architectures unsupported by SystemTap tapsets
throw a parse error
- PR3378: Perl should be mandatory
- PR3389: javac.in and javah.in should use @PERL@ rather
than a hardcoded path
- AArch64 port
- S8168699, PR3372: Validate special case invocations
[AArch64 support]
- S8170100, PR3372: AArch64: Crash in C1-compiled code
accessing References
- S8172881, PR3372: AArch64: assertion failure: the int
pressure is incorrect
- S8173472, PR3372: AArch64: C1 comparisons with null only
use 32-bit instructions
- S8177661, PR3372: Correct ad rule output register types
from iRegX to iRegXNoSp
- AArch32 port
- PR3380: Zero should not be enabled by default on arm
with the AArch32 HotSpot build
- PR3384, S8139303, S8167584: Add support for AArch32
architecture to configure and jdk makefiles
- PR3385: aarch32 does not support -Xshare:dump
- PR3386, S8164652: AArch32 jvm.cfg wrong for C1 build
- PR3387: Installation fails on arm with AArch32 port as
INSTALL_ARCH_DIR is arm, not aarch32
- PR3388: Wrong path for jvm.cfg being used on arm with
AArch32 build
- Shenandoah
- Fix Shenandoah argument checking on 32bit builds.
- Import from Shenandoah tag
aarch64-shenandoah-jdk8u101-b14-shenandoah-merge-2016-07
-25
- Import from Shenandoah tag
aarch64-shenandoah-jdk8u121-b14-shenandoah-merge-2017-02
-20
- Import from Shenandoah tag
aarch64-shenandoah-jdk8u121-b14-shenandoah-merge-2017-03
-06
- Import from Shenandoah tag
aarch64-shenandoah-jdk8u121-b14-shenandoah-merge-2017-03
-09
- Import from Shenandoah tag
aarch64-shenandoah-jdk8u121-b14-shenandoah-merge-2017-03
-23
This update was imported from the SUSE:SLE-12-SP1:Update update
project."
);
script_set_attribute(
attribute:"see_also",
value:"http://...'"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1034849"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected java-1_8_0-openjdk packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-accessibility");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-demo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-demo-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-devel-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-headless");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-headless-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-javadoc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-src");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.2");
script_set_attribute(attribute:"patch_publication_date", value:"2017/06/08");
script_set_attribute(attribute:"plugin_publication_date", value:"2017/06/09");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE42\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.2", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE42.2", reference:"java-1_8_0-openjdk-1.8.0.131-10.8.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"java-1_8_0-openjdk-accessibility-1.8.0.131-10.8.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"java-1_8_0-openjdk-debuginfo-1.8.0.131-10.8.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"java-1_8_0-openjdk-debugsource-1.8.0.131-10.8.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"java-1_8_0-openjdk-demo-1.8.0.131-10.8.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"java-1_8_0-openjdk-demo-debuginfo-1.8.0.131-10.8.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"java-1_8_0-openjdk-devel-1.8.0.131-10.8.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"java-1_8_0-openjdk-devel-debuginfo-1.8.0.131-10.8.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"java-1_8_0-openjdk-headless-1.8.0.131-10.8.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"java-1_8_0-openjdk-headless-debuginfo-1.8.0.131-10.8.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"java-1_8_0-openjdk-javadoc-1.8.0.131-10.8.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"java-1_8_0-openjdk-src-1.8.0.131-10.8.1") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1_8_0-openjdk / java-1_8_0-openjdk-accessibility / etc");
}
Vendor | Product | Version | CPE |
---|---|---|---|
novell | opensuse | java-1_8_0-openjdk | p-cpe:/a:novell:opensuse:java-1_8_0-openjdk |
novell | opensuse | java-1_8_0-openjdk-accessibility | p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-accessibility |
novell | opensuse | java-1_8_0-openjdk-debuginfo | p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-debuginfo |
novell | opensuse | java-1_8_0-openjdk-debugsource | p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-debugsource |
novell | opensuse | java-1_8_0-openjdk-demo | p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-demo |
novell | opensuse | java-1_8_0-openjdk-demo-debuginfo | p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-demo-debuginfo |
novell | opensuse | java-1_8_0-openjdk-devel | p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-devel |
novell | opensuse | java-1_8_0-openjdk-devel-debuginfo | p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-devel-debuginfo |
novell | opensuse | java-1_8_0-openjdk-headless | p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-headless |
novell | opensuse | java-1_8_0-openjdk-headless-debuginfo | p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-headless-debuginfo |
...'
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3509
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3511
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3512
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3514
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3526
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3533
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3539
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3544
bugzilla.opensuse.org/show_bug.cgi?id=1034849