Lucene search
SuseOPENSUSE-SU-2018:0042-1HistoryJan 09, 2018 - 12:08 p.m.
Security update for java-1_7_0-openjdk (important)
2018-01-0912:08:07
lists.opensuse.org
271
EPSS
0.015
Percentile
87.3%
This update for java-1_7_0-openjdk fixes the following issues:
Security issues fixed:
- CVE-2017-10356: Fix issue inside subcomponent Security (bsc#1064084).
- CVE-2017-10274: Fix issue inside subcomponent Smart Card IO
(bsc#1064071). - CVE-2017-10281: Fix issue inside subcomponent Serialization
(bsc#1064072). - CVE-2017-10285: Fix issue inside subcomponent RMI (bsc#1064073).
- CVE-2017-10295: Fix issue inside subcomponent Networking (bsc#1064075).
- CVE-2017-10388: Fix issue inside subcomponent Libraries (bsc#1064086).
- CVE-2017-10346: Fix issue inside subcomponent Hotspot (bsc#1064078).
- CVE-2017-10350: Fix issue inside subcomponent JAX-WS (bsc#1064082).
- CVE-2017-10347: Fix issue inside subcomponent Serialization
(bsc#1064079). - CVE-2017-10349: Fix issue inside subcomponent JAXP (bsc#1064081).
- CVE-2017-10345: Fix issue inside subcomponent Serialization
(bsc#1064077). - CVE-2017-10348: Fix issue inside subcomponent Libraries (bsc#1064080).
- CVE-2017-10357: Fix issue inside subcomponent Serialization
(bsc#1064085). - CVE-2017-10355: Fix issue inside subcomponent Networking (bsc#1064083).
- CVE-2017-10102: Fix incorrect handling of references in DGC
(bsc#1049316). - CVE-2017-10053: Fix reading of unprocessed image data in JPEGImageReader
(bsc#1049305). - CVE-2017-10067: Fix JAR verifier incorrect handling of missing digest
(bsc#1049306). - CVE-2017-10081: Fix incorrect bracket processing in function signature
handling (bsc#1049309). - CVE-2017-10087: Fix insufficient access control checks in
ThreadPoolExecutor (bsc#1049311). - CVE-2017-10089: Fix insufficient access control checks in
ServiceRegistry (bsc#1049312). - CVE-2017-10090: Fix insufficient access control checks in
AsynchronousChannelGroupImpl (bsc#1049313). - CVE-2017-10096: Fix insufficient access control checks in XML
transformations (bsc#1049314). - CVE-2017-10101: Fix unrestricted access to
com.sun.org.apache.xml.internal.resolver (bsc#1049315). - CVE-2017-10107: Fix insufficient access control checks in ActivationID
(bsc#1049318). - CVE-2017-10074: Fix integer overflows in range check loop predicates
(bsc#1049307). - CVE-2017-10110: Fix insufficient access control checks in ImageWatched
(bsc#1049321). - CVE-2017-10108: Fix unbounded memory allocation in BasicAttribute
deserialization (bsc#1049319). - CVE-2017-10109: Fix unbounded memory allocation in CodeSource
deserialization (bsc#1049320). - CVE-2017-10115: Fix unspecified vulnerability in subcomponent JCE
(bsc#1049324). - CVE-2017-10118: Fix ECDSA implementation timing attack (bsc#1049326).
- CVE-2017-10116: Fix LDAPCertStore following referrals to non-LDAP URL
(bsc#1049325). - CVE-2017-10135: Fix PKCS#8 implementation timing attack (bsc#1049328).
- CVE-2017-10176: Fix incorrect handling of certain EC points
(bsc#1049329). - CVE-2017-10074: Fix integer overflows in range check loop predicates
(bsc#1049307). - CVE-2017-10074: Fix integer overflows in range check loop predicates
(bsc#1049307). - CVE-2017-10111: Fix checks in LambdaFormEditor (bsc#1049322).
- CVE-2017-10243: Fix unspecified vulnerability in subcomponent JAX-WS
(bsc#1049332). - CVE-2017-10125: Fix unspecified vulnerability in subcomponent deployment
(bsc#1049327). - CVE-2017-10114: Fix unspecified vulnerability in subcomponent JavaFX
(bsc#1049323). - CVE-2017-10105: Fix unspecified vulnerability in subcomponent deployment
(bsc#1049317). - CVE-2017-10086: Fix unspecified in subcomponent JavaFX (bsc#1049310).
- CVE-2017-10198: Fix incorrect enforcement of certificate path
restrictions (bsc#1049331). - CVE-2017-10193: Fix incorrect key size constraint check (bsc#1049330).
Bug fixes:
- Drop Exec Shield workaround to fix crashes on recent kernels, where Exec
Shield is gone (bsc#1052318).
This update was imported from the SUSE:SLE-12:Update update project.
References
bugzilla.suse.com/1049305
bugzilla.suse.com/1049306
bugzilla.suse.com/1049307
bugzilla.suse.com/1049309
bugzilla.suse.com/1049310
bugzilla.suse.com/1049311
bugzilla.suse.com/1049312
bugzilla.suse.com/1049313
bugzilla.suse.com/1049314
bugzilla.suse.com/1049315
bugzilla.suse.com/1049316
bugzilla.suse.com/1049317
bugzilla.suse.com/1049318
bugzilla.suse.com/1049319
bugzilla.suse.com/1049320
bugzilla.suse.com/1049321
bugzilla.suse.com/1049322
bugzilla.suse.com/1049323
bugzilla.suse.com/1049324
bugzilla.suse.com/1049325
bugzilla.suse.com/1049326
bugzilla.suse.com/1049327
bugzilla.suse.com/1049328
bugzilla.suse.com/1049329
bugzilla.suse.com/1049330
bugzilla.suse.com/1049331
bugzilla.suse.com/1049332
bugzilla.suse.com/1052318
bugzilla.suse.com/1064071
bugzilla.suse.com/1064072
bugzilla.suse.com/1064073
bugzilla.suse.com/1064075
bugzilla.suse.com/1064077
bugzilla.suse.com/1064078
bugzilla.suse.com/1064079
bugzilla.suse.com/1064080
bugzilla.suse.com/1064081
bugzilla.suse.com/1064082
bugzilla.suse.com/1064083
bugzilla.suse.com/1064084
bugzilla.suse.com/1064085
bugzilla.suse.com/1064086
Related
nessus
nessus
openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2018-14)
2018-01-10 00:00:00
Debian DLA-1073-1 : openjdk-7 security update
2017-08-29 00:00:00
suse
suse
Security update for java-1_7_0-openjdk (important)
2018-01-03 21:08:18
Security update for java-1_8_0-openjdk (important)
2017-08-16 15:08:28
Security update for java-1_7_1-ibm (important)
2017-08-29 12:10:00
openvas
openvas
openSUSE: Security Advisory for java-1_7_0-openjdk (openSUSE-SU-2018:0042-1)
2018-01-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:0005-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2017:2281-1)
2021-06-09 00:00:00
osv
osv
openjdk-7 - security update
2017-08-29 00:00:00
openjdk-7 - security update
2017-08-25 00:00:00
openjdk-8 - security update
2017-07-25 00:00:00
debian
debian
[SECURITY] [DLA 1073-1] openjdk-7 security update
2017-08-28 22:13:19
[SECURITY] [DSA 3954-1] openjdk-7 security update
2017-08-25 19:59:27
[SECURITY] [DSA 3919-1] openjdk-8 security update
2017-07-25 20:04:45
ibm
ibm
ubuntu
ubuntu
OpenJDK 7 vulnerabilities
2017-08-18 00:00:00
OpenJDK 8 vulnerabilities
2017-07-26 00:00:00
OpenJDK 8 regression
2017-07-31 00:00:00
redhat
redhat
(RHSA-2017:1791) Critical: java-1.7.0-oracle security update
2017-07-20 15:39:27
(RHSA-2017:1789) Critical: java-1.8.0-openjdk security update
2017-07-20 15:38:55
(RHSA-2017:2424) Critical: java-1.7.0-openjdk security update
2017-08-07 12:19:22
centos
centos
java security update
2017-08-15 20:23:35
java security update
2017-07-21 10:40:59
java security update
2017-10-20 15:50:18
amazon
amazon
Critical: java-1.7.0-openjdk
2017-08-15 17:30:00
Critical: java-1.8.0-openjdk
2017-10-26 19:46:00
Critical: java-1.8.0-openjdk
2017-07-25 17:54:00
oraclelinux
oraclelinux
java-1.7.0-openjdk security and bug fix update
2017-12-06 00:00:00
java-1.7.0-openjdk security update
2017-08-09 00:00:00
java-1.8.0-openjdk security update
2017-07-20 00:00:00
mageia
mageia
Updated java-1.8.0-openjdk packages fix security vulnerabilities
2017-07-30 18:58:51
Updated java-1.8.0-openjdk packages fix security vulnerabilities
2017-12-21 21:18:18
gentoo
gentoo
IcedTea: Multiple vulnerabilities
2017-11-19 00:00:00
Oracle JDK/JRE, IcedTea: Multiple vulnerabilities
2017-09-24 00:00:00