Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2017.2046 SUSE Security Update: Security update for java-1_8_0-openjdk 17 August 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: java-1_8_0-openjdk Publisher: SUSE Operating System: SUSE Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Access Privileged Data -- Remote/Unauthenticated Modify Arbitrary Files -- Remote with User Interaction Delete Arbitrary Files -- Remote with User Interaction Denial of Service -- Remote/Unauthenticated Unauthorised Access -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2017-10243 CVE-2017-10198 CVE-2017-10193 CVE-2017-10176 CVE-2017-10135 CVE-2017-10125 CVE-2017-10118 CVE-2017-10116 CVE-2017-10115 CVE-2017-10114 CVE-2017-10111 CVE-2017-10110 CVE-2017-10109 CVE-2017-10108 CVE-2017-10107 CVE-2017-10105 CVE-2017-10102 CVE-2017-10101 CVE-2017-10096 CVE-2017-10090 CVE-2017-10089 CVE-2017-10087 CVE-2017-10086 CVE-2017-10081 CVE-2017-10078 CVE-2017-10074 CVE-2017-10067 CVE-2017-10053 Reference: ESB-2017.2038 ESB-2017.2023 ESB-2017.1858 ESB-2017.1837 Original Bulletin: https://www.suse.com/support/update/announcement/2017/suse-su-20172175-1/ - --------------------------BEGIN INCLUDED TEXT-------------------- SUSE Security Update: Security update for java-1_8_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2175-1 Rating: important References: #1049302 #1049305 #1049306 #1049307 #1049308 #1049309 #1049310 #1049311 #1049312 #1049313 #1049314 #1049315 #1049316 #1049317 #1049318 #1049319 #1049320 #1049321 #1049322 #1049323 #1049324 #1049325 #1049326 #1049327 #1049328 #1049329 #1049330 #1049331 #1049332 Cross-References: CVE-2017-10053 CVE-2017-10067 CVE-2017-10074 CVE-2017-10078 CVE-2017-10081 CVE-2017-10086 CVE-2017-10087 CVE-2017-10089 CVE-2017-10090 CVE-2017-10096 CVE-2017-10101 CVE-2017-10102 CVE-2017-10105 CVE-2017-10107 CVE-2017-10108 CVE-2017-10109 CVE-2017-10110 CVE-2017-10111 CVE-2017-10114 CVE-2017-10115 CVE-2017-10116 CVE-2017-10118 CVE-2017-10125 CVE-2017-10135 CVE-2017-10176 CVE-2017-10193 CVE-2017-10198 CVE-2017-10243 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that solves 28 vulnerabilities and has one errata is now available. Description: This java-1_8_0-openjdk update to version jdk8u141 (icedtea 3.5.0) fixes the following issues: Security issues fixed: - CVE-2017-10053: Improved image post-processing steps (bsc#1049305) - CVE-2017-10067: Additional jar validation steps (bsc#1049306) - CVE-2017-10074: Image conversion improvements (bsc#1049307) - CVE-2017-10078: Better script accessibility for JavaScript (bsc#1049308) - CVE-2017-10081: Right parenthesis issue (bsc#1049309) - CVE-2017-10086: Unspecified vulnerability in subcomponent JavaFX (bsc#1049310) - CVE-2017-10087: Better Thread Pool execution (bsc#1049311) - CVE-2017-10089: Service Registration Lifecycle (bsc#1049312) - CVE-2017-10090: Better handling of channel groups (bsc#1049313) - CVE-2017-10096: Transform Transformer Exceptions (bsc#1049314) - CVE-2017-10101: Better reading of text catalogs (bsc#1049315) - CVE-2017-10102: Improved garbage collection (bsc#1049316) - CVE-2017-10105: Unspecified vulnerability in subcomponent deployment (bsc#1049317) - CVE-2017-10107: Less Active Activations (bsc#1049318) - CVE-2017-10108: Better naming attribution (bsc#1049319) - CVE-2017-10109: Better sourcing of code (bsc#1049320) - CVE-2017-10110: Better image fetching (bsc#1049321) - CVE-2017-10111: Rearrange MethodHandle arrangements (bsc#1049322) - CVE-2017-10114: Unspecified vulnerability in subcomponent JavaFX (bsc#1049323) - CVE-2017-10115: Higher quality DSA operations (bsc#1049324) - CVE-2017-10116: Proper directory lookup processing (bsc#1049325) - CVE-2017-10118: Higher quality ECDSA operations (bsc#1049326) - CVE-2017-10125: Unspecified vulnerability in subcomponent deployment (bsc#1049327) - CVE-2017-10135: Better handling of PKCS8 material (bsc#1049328) - CVE-2017-10176: Additional elliptic curve support (bsc#1049329) - CVE-2017-10193: Improve algorithm constraints implementation (bsc#1049330) - CVE-2017-10198: Clear certificate chain connections (bsc#1049331) - CVE-2017-10243: Unspecified vulnerability in subcomponent JAX-WS (bsc#1049332) Bug fixes: - Check registry registration location - Improved certificate processing - JMX diagnostic improvements - Update to libpng 1.6.28 - Import of OpenJDK 8 u141 build 15 (bsc#1049302) New features: - Support using RSAandMGF1 with the SHA hash algorithms in the PKCS11 provider Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1337=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1337=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1337=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1337=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1337=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1337=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1337=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1337=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): java-1_8_0-openjdk-1.8.0.144-27.5.3 java-1_8_0-openjdk-debuginfo-1.8.0.144-27.5.3 java-1_8_0-openjdk-debugsource-1.8.0.144-27.5.3 java-1_8_0-openjdk-demo-1.8.0.144-27.5.3 java-1_8_0-openjdk-demo-debuginfo-1.8.0.144-27.5.3 java-1_8_0-openjdk-devel-1.8.0.144-27.5.3 java-1_8_0-openjdk-headless-1.8.0.144-27.5.3 java-1_8_0-openjdk-headless-debuginfo-1.8.0.144-27.5.3 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): java-1_8_0-openjdk-1.8.0.144-27.5.3 java-1_8_0-openjdk-debuginfo-1.8.0.144-27.5.3 java-1_8_0-openjdk-debugsource-1.8.0.144-27.5.3 java-1_8_0-openjdk-demo-1.8.0.144-27.5.3 java-1_8_0-openjdk-demo-debuginfo-1.8.0.144-27.5.3 java-1_8_0-openjdk-devel-1.8.0.144-27.5.3 java-1_8_0-openjdk-headless-1.8.0.144-27.5.3 java-1_8_0-openjdk-headless-debuginfo-1.8.0.144-27.5.3 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): java-1_8_0-openjdk-1.8.0.144-27.5.3 java-1_8_0-openjdk-debuginfo-1.8.0.144-27.5.3 java-1_8_0-openjdk-debugsource-1.8.0.144-27.5.3 java-1_8_0-openjdk-demo-1.8.0.144-27.5.3 java-1_8_0-openjdk-demo-debuginfo-1.8.0.144-27.5.3 java-1_8_0-openjdk-devel-1.8.0.144-27.5.3 java-1_8_0-openjdk-devel-debuginfo-1.8.0.144-27.5.3 java-1_8_0-openjdk-headless-1.8.0.144-27.5.3 java-1_8_0-openjdk-headless-debuginfo-1.8.0.144-27.5.3 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.144-27.5.3 java-1_8_0-openjdk-debuginfo-1.8.0.144-27.5.3 java-1_8_0-openjdk-debugsource-1.8.0.144-27.5.3 java-1_8_0-openjdk-demo-1.8.0.144-27.5.3 java-1_8_0-openjdk-demo-debuginfo-1.8.0.144-27.5.3 java-1_8_0-openjdk-devel-1.8.0.144-27.5.3 java-1_8_0-openjdk-devel-debuginfo-1.8.0.144-27.5.3 java-1_8_0-openjdk-headless-1.8.0.144-27.5.3 java-1_8_0-openjdk-headless-debuginfo-1.8.0.144-27.5.3 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.144-27.5.3 java-1_8_0-openjdk-debuginfo-1.8.0.144-27.5.3 java-1_8_0-openjdk-debugsource-1.8.0.144-27.5.3 java-1_8_0-openjdk-demo-1.8.0.144-27.5.3 java-1_8_0-openjdk-demo-debuginfo-1.8.0.144-27.5.3 java-1_8_0-openjdk-devel-1.8.0.144-27.5.3 java-1_8_0-openjdk-devel-debuginfo-1.8.0.144-27.5.3 java-1_8_0-openjdk-headless-1.8.0.144-27.5.3 java-1_8_0-openjdk-headless-debuginfo-1.8.0.144-27.5.3 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.144-27.5.3 java-1_8_0-openjdk-debuginfo-1.8.0.144-27.5.3 java-1_8_0-openjdk-debugsource-1.8.0.144-27.5.3 java-1_8_0-openjdk-demo-1.8.0.144-27.5.3 java-1_8_0-openjdk-demo-debuginfo-1.8.0.144-27.5.3 java-1_8_0-openjdk-devel-1.8.0.144-27.5.3 java-1_8_0-openjdk-headless-1.8.0.144-27.5.3 java-1_8_0-openjdk-headless-debuginfo-1.8.0.144-27.5.3 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): java-1_8_0-openjdk-1.8.0.144-27.5.3 java-1_8_0-openjdk-debuginfo-1.8.0.144-27.5.3 java-1_8_0-openjdk-debugsource-1.8.0.144-27.5.3 java-1_8_0-openjdk-headless-1.8.0.144-27.5.3 java-1_8_0-openjdk-headless-debuginfo-1.8.0.144-27.5.3 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): java-1_8_0-openjdk-1.8.0.144-27.5.3 java-1_8_0-openjdk-debuginfo-1.8.0.144-27.5.3 java-1_8_0-openjdk-debugsource-1.8.0.144-27.5.3 java-1_8_0-openjdk-headless-1.8.0.144-27.5.3 java-1_8_0-openjdk-headless-debuginfo-1.8.0.144-27.5.3 References: https://www.suse.com/security/cve/CVE-2017-10053.html https://www.suse.com/security/cve/CVE-2017-10067.html https://www.suse.com/security/cve/CVE-2017-10074.html https://www.suse.com/security/cve/CVE-2017-10078.html https://www.suse.com/security/cve/CVE-2017-10081.html https://www.suse.com/security/cve/CVE-2017-10086.html https://www.suse.com/security/cve/CVE-2017-10087.html https://www.suse.com/security/cve/CVE-2017-10089.html https://www.suse.com/security/cve/CVE-2017-10090.html https://www.suse.com/security/cve/CVE-2017-10096.html https://www.suse.com/security/cve/CVE-2017-10101.html https://www.suse.com/security/cve/CVE-2017-10102.html https://www.suse.com/security/cve/CVE-2017-10105.html https://www.suse.com/security/cve/CVE-2017-10107.html https://www.suse.com/security/cve/CVE-2017-10108.html https://www.suse.com/security/cve/CVE-2017-10109.html https://www.suse.com/security/cve/CVE-2017-10110.html https://www.suse.com/security/cve/CVE-2017-10111.html https://www.suse.com/security/cve/CVE-2017-10114.html https://www.suse.com/security/cve/CVE-2017-10115.html https://www.suse.com/security/cve/CVE-2017-10116.html https://www.suse.com/security/cve/CVE-2017-10118.html https://www.suse.com/security/cve/CVE-2017-10125.html https://www.suse.com/security/cve/CVE-2017-10135.html https://www.suse.com/security/cve/CVE-2017-10176.html https://www.suse.com/security/cve/CVE-2017-10193.html https://www.suse.com/security/cve/CVE-2017-10198.html https://www.suse.com/security/cve/CVE-2017-10243.html https://bugzilla.suse.com/1049302 https://bugzilla.suse.com/1049305 https://bugzilla.suse.com/1049306 https://bugzilla.suse.com/1049307 https://bugzilla.suse.com/1049308 https://bugzilla.suse.com/1049309 https://bugzilla.suse.com/1049310 https://bugzilla.suse.com/1049311 https://bugzilla.suse.com/1049312 https://bugzilla.suse.com/1049313 https://bugzilla.suse.com/1049314 https://bugzilla.suse.com/1049315 https://bugzilla.suse.com/1049316 https://bugzilla.suse.com/1049317 https://bugzilla.suse.com/1049318 https://bugzilla.suse.com/1049319 https://bugzilla.suse.com/1049320 https://bugzilla.suse.com/1049321 https://bugzilla.suse.com/1049322 https://bugzilla.suse.com/1049323 https://bugzilla.suse.com/1049324 https://bugzilla.suse.com/1049325 https://bugzilla.suse.com/1049326 https://bugzilla.suse.com/1049327 https://bugzilla.suse.com/1049328 https://bugzilla.suse.com/1049329 https://bugzilla.suse.com/1049330 https://bugzilla.suse.com/1049331 https://bugzilla.suse.com/1049332 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWZUGlYx+lLeg9Ub1AQjxahAAnCBkUVLWqVckC0Gx3WUfqtz2nCTSMlAB Zb9i8grp6143DwSHJrGQoPAS3km296QGJFDZTYQl7s00R+jBYBjTm/TWVgVD0Vdo yit1T+RXzqtlMJXUyt6mUBaYCe8vuSThB+7xHgaNGWS7MTGmE/1/fpQfaYg79cwG m70KVWN52RTQF0kwS9Znddx/U3fwFnI3I+QsL2Iy/i11uN4S+4I1N8DJ7L8B+8Vs I7K3bWX/gaMhVWeN3KCB3/j+P215O/9F4dvB8CVJvlimbtbGGKzdezu9FZkzCzvh Wg4w16qyIjpIQ1hcAu1bfFBx30EA6KQRzwIlAoUgRay5LmUeEgObeTc/U4n94WrT hMjsgijoD/sDDNN4az0gqVak9PYVh56k1ARV5++ics+LvX7baJkKVyjZznHFjdIC wzAkuJPqSqFPsNoWXI9lNNHc5wMpH2vcPivIP8HPTc5fnhaZaBapmyYLlqK3/wzK bFd8ZZsrlNwGFn+CaZudlyrsTko7gLBgOVJoxzhL0rp/ylbdl4ME9TnK6oHlLI7Z Tx7XQQBNOG/YKddOYE3BRXDdbUuaoIF5kkPnaDQRgMtXpyf6rEi47vsffSZ8WDOM aaWHhT/sKdeaii1H71IMEQU5Yjnp1Ow47U08PKGKwgv6wtAaiVRQ+ppt9KcD8uz7 vyzd3fpHq64= =oDrm -----END PGP SIGNATURE-----