SUSE-SU-2018:0005-1

Details

This update for java-1_7_0-openjdk fixes the following issues:

Security issues fixed:

CVE-2017-10356: Fix issue inside subcomponent Security (bsc#1064084).
CVE-2017-10274: Fix issue inside subcomponent Smart Card IO (bsc#1064071).
CVE-2017-10281: Fix issue inside subcomponent Serialization (bsc#1064072).
CVE-2017-10285: Fix issue inside subcomponent RMI (bsc#1064073).
CVE-2017-10295: Fix issue inside subcomponent Networking (bsc#1064075).
CVE-2017-10388: Fix issue inside subcomponent Libraries (bsc#1064086).
CVE-2017-10346: Fix issue inside subcomponent Hotspot (bsc#1064078).
CVE-2017-10350: Fix issue inside subcomponent JAX-WS (bsc#1064082).
CVE-2017-10347: Fix issue inside subcomponent Serialization (bsc#1064079).
CVE-2017-10349: Fix issue inside subcomponent JAXP (bsc#1064081).
CVE-2017-10345: Fix issue inside subcomponent Serialization (bsc#1064077).
CVE-2017-10348: Fix issue inside subcomponent Libraries (bsc#1064080).
CVE-2017-10357: Fix issue inside subcomponent Serialization (bsc#1064085).
CVE-2017-10355: Fix issue inside subcomponent Networking (bsc#1064083).
CVE-2017-10102: Fix incorrect handling of references in DGC (bsc#1049316).
CVE-2017-10053: Fix reading of unprocessed image data in JPEGImageReader (bsc#1049305).
CVE-2017-10067: Fix JAR verifier incorrect handling of missing digest (bsc#1049306).
CVE-2017-10081: Fix incorrect bracket processing in function signature handling (bsc#1049309).
CVE-2017-10087: Fix insufficient access control checks in ThreadPoolExecutor (bsc#1049311).
CVE-2017-10089: Fix insufficient access control checks in ServiceRegistry (bsc#1049312).
CVE-2017-10090: Fix insufficient access control checks in AsynchronousChannelGroupImpl (bsc#1049313).
CVE-2017-10096: Fix insufficient access control checks in XML transformations (bsc#1049314).
CVE-2017-10101: Fix unrestricted access to com.sun.org.apache.xml.internal.resolver (bsc#1049315).
CVE-2017-10107: Fix insufficient access...

Affected Packages

java-1_7_0-openjdk

SUSE Linux Enterprise Desktop 12 SP2SUSE Linux Enterprise Desktop 12 SP3SUSE Linux Enterprise Server 12 SP1-LTSSSUSE Linux Enterprise Server 12 SP2SUSE Linux Enterprise Server 12 SP3

Fixed in:

1.7.0.161-43.7.6

java-1_7_0-openjdk-headless

SUSE Linux Enterprise Desktop 12 SP2SUSE Linux Enterprise Desktop 12 SP3SUSE Linux Enterprise Server 12 SP1-LTSSSUSE Linux Enterprise Server 12 SP2SUSE Linux Enterprise Server 12 SP3

Fixed in:

1.7.0.161-43.7.6

java-1_7_0-openjdk-demo

SUSE Linux Enterprise Server 12 SP1-LTSSSUSE Linux Enterprise Server 12 SP2SUSE Linux Enterprise Server 12 SP3SUSE Linux Enterprise Server 12-LTSSSUSE Linux Enterprise Server for Raspberry Pi 12 SP2

Fixed in:

1.7.0.161-43.7.6

java-1_7_0-openjdk-devel

SUSE Linux Enterprise Server 12 SP1-LTSSSUSE Linux Enterprise Server 12 SP2SUSE Linux Enterprise Server 12 SP3SUSE Linux Enterprise Server 12-LTSSSUSE Linux Enterprise Server for Raspberry Pi 12 SP2

Fixed in:

1.7.0.161-43.7.6

References(89)