You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa java-1_7_0-openjdk

Sigurnosni nedostaci programskog paketa java-1_7_0-openjdk

SUSE Security Update: Security update for java-1_7_0-openjdk
______________________________________________________________________________

Announcement ID: SUSE-SU-2014:1422-1
Rating: important
References: #901242
Cross-References: CVE-2014-6457 CVE-2014-6502 CVE-2014-6504
CVE-2014-6506 CVE-2014-6511 CVE-2014-6512
CVE-2014-6513 CVE-2014-6517 CVE-2014-6519
CVE-2014-6531 CVE-2014-6558
Affected Products:
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Desktop 12
______________________________________________________________________________

An update that fixes 11 vulnerabilities is now available.

Description:

OpenJDK was updated to icedtea 2.5.3 (OpenJDK 7u71) fixing security issues
and bugs.

* Security:
– S8015256: Better class accessibility
– S8022783, CVE-2014-6504: Optimize C2 optimizations
– S8035162: Service printing service
– S8035781: Improve equality for annotations
– S8036805: Correct linker method lookup.
– S8036810: Correct linker field lookup
– S8036936: Use local locales
– S8037066, CVE-2014-6457: Secure transport layer
– S8037846, CVE-2014-6558: Ensure streaming of input cipher streams
– S8038364: Use certificate exceptions correctly
– S8038899: Safer safepoints
– S8038903: More native monitor monitoring
– S8038908: Make Signature more robust
– S8038913: Bolster XML support
– S8039509, CVE-2014-6512: Wrap sockets more thoroughly
– S8039533, CVE-2014-6517: Higher resolution resolvers
– S8041540, CVE-2014-6511: Better use of pages in font processing
– S8041529: Better parameterization of parameter lists
– S8041545: Better validation of generated rasters
– S8041564, CVE-2014-6506: Improved management of logger resources
– S8041717, CVE-2014-6519: Issue with class file parser
– S8042609, CVE-2014-6513: Limit splashiness of splash images
– S8042797, CVE-2014-6502: Avoid strawberries in LogRecord
– S8044274, CVE-2014-6531: Proper property processing

* Backports:
– S4963723: Implement SHA-224
– S7044060: Need to support NSA Suite B Cryptography algorithms
– S7122142: (ann) Race condition between isAnnotationPresent and
getAnnotations
– S7160837: DigestOutputStream does not turn off digest calculation when
“close()” is called
– S8006935: Need to take care of long secret keys in HMAC/PRF computation
– S8012637: Adjust CipherInputStream class to work in AEAD/GCM mode
– S8028192: Use of PKCS11-NSS provider in FIPS mode broken
– S8038000: java.awt.image.RasterFormatException: Incorrect scanline stride
– S8039396: NPE when writing a class descriptor object to a custom
ObjectOutputStream
– S8042603: ‘SafepointPollOffset’ was not declared in static member
function ‘static bool Arguments::check_vm_args_consistency()’
– S8042850: Extra unused entries in ICU ScriptCodes enum
– S8052162: REGRESSION: sun/java2d/cmm/ColorConvertOp tests fail since
7u71 b01
– S8053963: (dc) Use DatagramChannel.receive() instead of read() in
connect()
– S8055176: 7u71 l10n resource file translation update

* Bugfixes:
– PR1988: C++ Interpreter should no longer be used on ppc64
– PR1989: Make jdk_generic_profile.sh handle missing programs better and
be more verbose
– PR1992, RH735336: Support retrieving proxy settings on GNOME 3.12.2
– PR2000: Synchronise HEAD tarball paths with release branch paths
– PR2002: Fix references to hotspot.map following PR2000
– PR2003: –disable-system-gtk option broken by refactoring in PR1736
– PR2009: Checksum of policy JAR files changes on every build
– PR2014: Use version from hotspot.map to create tarball filename
– PR2015: Update hotspot.map documentation in INSTALL
– PR2025: LCMS_CFLAGS and LCMS_LIBS should not be used unless SYSTEM_LCMS
is enabled
– RH1015432: java-1.7.0-openjdk: Fails on PPC with StackOverflowError
(revised comprehensive fix)

* CACAO
– PR2030, G453612, CA172: ARM hardfloat support for CACAO

* AArch64 port
– AArch64 C2 instruct for smull
– Add frame anchor fences.
– Add MacroAssembler::maybe_isb()
– Add missing instruction synchronization barriers and cache flushes.
– Add support for a few simple intrinsics
– Add support for builtin crc32 instructions
– Add support for Neon implementation of CRC32
– All address constants are 48 bits in size.
– array load must only read 32 bits
– Define uabs(). Use it everywhere an absolute value is wanted.
– Fast string comparison
– Fast String.equals()
– Fix register usage in generate_verify_oop().
– Fix thinko in Atomic::xchg_ptr.
– Fix typo in fsqrts
– Improve C1 performance improvements in ic_cache checks
– Performance improvement and ease of use changes pulled from upstream
– Remove obsolete C1 patching code.
– Replace hotspot jtreg test suite with tests from jdk7u
– S8024648: 7141246 breaks Zero port
– Save intermediate state before removing C1 patching code.
– Unwind native AArch64 frames.
– Use 2- and 3-instruction immediate form of movoop and mov_metadata in
C2-generated code.
– Various concurrency fixes.

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Server 12:

zypper in -t patch SUSE-SLE-SERVER-12-2014-68

– SUSE Linux Enterprise Desktop 12:

zypper in -t patch SUSE-SLE-DESKTOP-12-2014-68

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64):

java-1_7_0-openjdk-1.7.0.71-6.2
java-1_7_0-openjdk-debuginfo-1.7.0.71-6.2
java-1_7_0-openjdk-debugsource-1.7.0.71-6.2
java-1_7_0-openjdk-demo-1.7.0.71-6.2
java-1_7_0-openjdk-demo-debuginfo-1.7.0.71-6.2
java-1_7_0-openjdk-devel-1.7.0.71-6.2
java-1_7_0-openjdk-devel-debuginfo-1.7.0.71-6.2
java-1_7_0-openjdk-headless-1.7.0.71-6.2
java-1_7_0-openjdk-headless-debuginfo-1.7.0.71-6.2

– SUSE Linux Enterprise Desktop 12 (x86_64):

java-1_7_0-openjdk-1.7.0.71-6.2
java-1_7_0-openjdk-debuginfo-1.7.0.71-6.2
java-1_7_0-openjdk-debugsource-1.7.0.71-6.2
java-1_7_0-openjdk-headless-1.7.0.71-6.2
java-1_7_0-openjdk-headless-debuginfo-1.7.0.71-6.2

References:

http://support.novell.com/security/cve/CVE-2014-6457.html
http://support.novell.com/security/cve/CVE-2014-6502.html
http://support.novell.com/security/cve/CVE-2014-6504.html
http://support.novell.com/security/cve/CVE-2014-6506.html
http://support.novell.com/security/cve/CVE-2014-6511.html
http://support.novell.com/security/cve/CVE-2014-6512.html
http://support.novell.com/security/cve/CVE-2014-6513.html
http://support.novell.com/security/cve/CVE-2014-6517.html
http://support.novell.com/security/cve/CVE-2014-6519.html
http://support.novell.com/security/cve/CVE-2014-6531.html
http://support.novell.com/security/cve/CVE-2014-6558.html
https://bugzilla.suse.com/show_bug.cgi?id=901242


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

Top
More in Preporuke
Sigurnosni nedostaci programskog paketa OpenSSL

Otkriveni su sigurnosni nedostaci u programskom paketu OpenSSL za operacijski sustav Suse. Otkriveni nedostaci potencijalnim napadačima omogućuju izvođenje napada uskraćivanja...

Close