Security update for java-11-openjdk (moderate)

ID OPENSUSE-SU-2018:3235-1
Type suse
Reporter Suse
Modified 2018-10-19T00:10:37


This update for java-11-openjdk fixes the following issues:

Update to upstream tag jdk-11.0.1+13 (Oracle October 2018 CPU)

Security fixes:

  • S8202936, CVE-2018-3183, bsc#1112148: Improve script engine support
  • S8199226, CVE-2018-3169, bsc#1112146: Improve field accesses
  • S8199177, CVE-2018-3149, bsc#1112144: Enhance JNDI lookups
  • S8202613, CVE-2018-3180, bsc#1112147: Improve TLS connections stability
  • S8208209, CVE-2018-3180, bsc#1112147: Improve TLS connection stability again
  • S8199172, CVE-2018-3150, bsc#1112145: Improve jar attribute checks
  • S8200648, CVE-2018-3157, bsc#1112149: Make midi code more sound
  • S8194534, CVE-2018-3136, bsc#1112142: Manifest better support
  • S8208754, CVE-2018-3136, bsc#1112142: The fix for JDK-8194534 needs updates
  • S8196902, CVE-2018-3139, bsc#1112143: Better HTTP Redirection

Security-In-Depth fixes:

  • S8194546: Choosier FileManagers
  • S8195874: Improve jar specification adherence
  • S8196897: Improve PRNG support
  • S8197881: Better StringBuilder support
  • S8201756: Improve cipher inputs
  • S8203654: Improve cypher state updates
  • S8204497: Better formatting of decimals
  • S8200666: Improve LDAP support
  • S8199110: Address Internet Addresses

Update to upstream tag jdk-11+28 (OpenJDK 11 rc1)

  • S8207317: SSLEngine negotiation fail exception behavior changed from fail-fast to fail-lazy
  • S8207838: AArch64: Float registers incorrectly restored in JNI call
  • S8209637: [s390x] Interpreter doesn't call result handler after native calls
  • S8209670: CompilerThread releasing code buffer in destructor is unsafe
  • S8209735: Disable avx512 by default
  • S8209806: API docs should be updated to refer to javase11
  • Report version without the "-internal" postfix

  • Don't build against gdk making the accessibility depend on a particular version of gtk.

Update to upstream tag jdk-11+27

  • S8031761: [TESTBUG] Add a regression test for JDK-8026328
  • S8151259: [TESTBUG] nsk/jvmti/RedefineClasses/redefclass030 fails with "unexpected values of outer fields of the class" when running with -Xcomp
  • S8164639: Configure PKCS11 tests to use user-supplied NSS libraries
  • S8189667: Desktop#moveToTrash expects incorrect "<<ALL FILES>>" FilePermission
  • S8194949: [Graal] gc/ fail with OOM in -Xcomp
  • S8195156: [Graal] serviceability/jvmti/GetModulesInfo/ / fails with Graal in Xcomp mode
  • S8199081: [Testbug] compiler/linkage/ fails if run twice
  • S8201394: Update module summary to reflect removal of module
  • S8204931: Colors with alpha are painted incorrectly on Linux
  • S8204966: [TESTBUG] hotspot/test/compiler/whitebox/ / test fails with -XX:CompileThreshold=1
  • S8205608: Fix 'frames()' in ThreadReferenceImpl.c to prevent quadratic runtime behavior
  • S8205687: TimeoutHandler generates huge core files
  • S8206176: Remove the temporary tls13VN field
  • S8206258: [Test Error] sun/security/pkcs11 tests fail if NSS libs not found
  • S8206965: java/util/TimeZone/ failed on de_DE and ja_JP locale.
  • S8207009: TLS 1.3 half-close and synchronization issues
  • S8207046: arm32 vm crash: C1 arm32 platform functions parameters type mismatch
  • S8207139: NMT is not enabled on Windows 2016/10
  • S8207237: SSLSocket#setEnabledCipherSuites is accepting empty string
  • S8207355: C1 compilation hangs in ComputeLinearScanOrder::compute_dominator
  • S8207746: C2: Lucene crashes on AVX512 instruction
  • S8207765: intermittent failure
  • S8207944: java.lang.ClassFormatError: Extra bytes at the end of class file test" possibly violation of JVMS 4.7.1
  • S8207948: JDK 11 L10n resource file update msg drop 10
  • S8207966: HttpClient response without content-length does not return body
  • S8208125: Cannot input text into JOptionPane Text Input Dialog
  • S8208164: (str) improve specification of String::lines
  • S8208166: Still unable to use custom SSLEngine with default TrustManagerFactory after JDK-8207029
  • S8208189: ProblemList compiler/graalunit/
  • S8208205: ProblemList tests that fail due to 'Error attaching to process: Can't create thread_db agent!'
  • S8208226: ProblemList com/sun/jdi/
  • S8208251: serviceability/jvmti/HeapMonitor/MyPackage/ / fails intermittently on Linux-X64
  • S8208305: ProblemList compiler/jvmci/compilerToVM/
  • S8208347: ProblemList compiler/cpuflags/
  • S8208353: Upgrade JDK 11 to libpng 1.6.35
  • S8208358: update bug ids mentioned in tests
  • S8208370: fix typo in ReservedStack tests' @requires
  • S8208391: Differentiate response and connect timeouts in HTTP Client API
  • S8208466: Fix potential memory leak in harfbuzz shaping.
  • S8208496: New Test to verify concurrent behavior of TLS.
  • S8208521: ProblemList more tests that fail due to 'Error attaching to process: Can't create thread_db agent!'
  • S8208640: [a11y] [macos] Unable to navigate between Radiobuttons in Radio group using keyboard.
  • S8208663: JDK 11 L10n resource file update msg drop 20
  • S8208676: Missing NULL check and resource leak in NetworkPerformanceInterface::NetworkPerformance::network_utilization
  • S8208691: Tighten up jdk.includeInExceptions security property
  • S8209011: [TESTBUG] AArch64: sun/security/pkcs11/Secmod/ / fails in aarch64 platforms
  • S8209029: ProblemList tests that fail due to 'Error attaching to process: Can't create thread_db agent!' in jdk-11+25 testing
  • S8209149: [TESTBUG] runtime/RedefineTests/ / needs a longer timeout
  • S8209451: Please change jdk 11 milestone to FCS
  • S8209452: failed with "At least one cacert test failed"
  • S8209506: Add Google Trust Services GlobalSign root certificates
  • S8209537: Two security tests failed after JDK-8164639 due to dependency was missed

This update was imported from the SUSE:SLE-15:Update update project.