You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa java-1_8_0-openjdk

Sigurnosni nedostaci programskog paketa java-1_8_0-openjdk

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LSU

openSUSE Security Update: Security update for java-1_8_0-openjdk

Announcement ID: openSUSE-SU-2017:1507-1
Rating: important
References: #1034849
Cross-References: CVE-2017-3509 CVE-2017-3511 CVE-2017-3512
CVE-2017-3514 CVE-2017-3526 CVE-2017-3533
CVE-2017-3539 CVE-2017-3544
Affected Products:
openSUSE Leap 42.2

An update that fixes 8 vulnerabilities is now available.


This update for java-1_8_0-openjdk fixes the following issues:

– Upgrade to version jdk8u131 (icedtea 3.4.0) – bsc#1034849
* Security fixes
– S8163520, CVE-2017-3509: Reuse cache entries
– S8163528, CVE-2017-3511: Better library loading
– S8165626, CVE-2017-3512: Improved window framing
– S8167110, CVE-2017-3514: Windows peering issue
– S8168699: Validate special case invocations
– S8169011, CVE-2017-3526: Resizing XML parse trees
– S8170222, CVE-2017-3533: Better transfers of files
– S8171121, CVE-2017-3539: Enhancing jar checking
– S8171533, CVE-2017-3544: Better email transfer
– S8172299: Improve class processing
* New features
– PR1969: Add AArch32 JIT port
– PR3297: Allow Shenandoah to be used on AArch64
– PR3340: jstack.stp should support AArch64
* Import of OpenJDK 8 u131 build 11
– S6474807: (smartcardio) CardTerminal.connect() throws CardException
instead of CardNotPresentException
– S6515172, PR3346: Runtime.availableProcessors() ignores Linux
taskset command
– S7155957: closed/java/awt/MenuBar/MenuBarStress1/
hangs on win 64 bit with jdk8
– S7167293: FtpURLConnection connection leak on FileNotFoundException
– S8035568: [macosx] Cursor management unification
– S8079595: Resizing dialog which is JWindow parent makes JVM crash
– S8130769: The new menu can’t be shown on the menubar after clicking
the “Add” button.
– S8146602: jdk/test/sun/misc/URLClassPath/ test
fails with NullPointerException
– S8147842: IME Composition Window is displayed at incorrect location
– S8147910, PR3346: Cache initial active_processor_count
– S8150490: Update OS detection code to recognize Windows Server 2016
– S8160951: [TEST_BUG]
javax/xml/bind/marshal/8134111/ should be added
into :needs_jre group
– S8160958: [TEST_BUG]
java/net/SetFactoryPermission/ should be
added into :needs_compact2 group
– S8161147: jvm crashes when -XX:+UseCountedLoopSafepoints is enabled
– S8161195: Regression:
– S8161993, PR3346: G1 crashes if active_processor_count changes
during startup
– S8162876: [TEST_BUG] sun/net/www/protocol/http/
fails intermittently
– S8162916: Test sun/security/krb5/auto/ fails
– S8164533: sun/security/ssl/SSLSocketImpl/ failed
with “Error while cleaning up threads after test”
– S8167179: Make XSL generated namespace prefixes local to
transformation process
– S8168774: Polymorhic signature method check crashes javac
– S8169465: Deadlock in com.sun.jndi.ldap.pool.Connections
– S8169589: [macosx] Activating a JDialog puts to back another dialog
– S8170307: Stack size option -Xss is ignored
– S8170316: (tz) Support tzdata2016j
– S8170814: Reuse cache entries (part II)
– S8170888, PR3314, RH1284948: [linux] Experimental support for cgroup
memory limits in container (ie Docker) environments
– S8171388: Update JNDI Thread contexts
– S8171949: [macosx] AWT_ZoomFrame Automated tests fail with error:
The bitwise mask Frame.ICONIFIED is not setwhen the frame is in
– S8171952: [macosx]
test fails as DummyButton on Dialog did not gain focus when clicked.
– S8173030: Temporary backout fix #8035568 from 8u131-b03
– S8173031: Temporary backout fix #8171952 from 8u131-b03
– S8173783, PR3328: IllegalArgumentException: jdk.tls.namedGroups
– S8173931: 8u131 L10n resource file update
– S8174844: Incorrect GPL header causes RE script to miss swap to
commercial header for licensee source bundle
– S8174985: NTLM authentication doesn’t work with IIS if NTLM cache is
– S8176044: (tz) Support tzdata2017a
* Backports
– S6457406, PR3335: javadoc doesn’t handle <a href=’http://…’>
properly in producing index pages
– S8030245, PR3335: Update langtools to use try-with-resources and
– S8030253, PR3335: Update langtools to use strings-in-switch
– S8030262, PR3335: Update langtools to use foreach loops
– S8031113, PR3337: TEST_BUG:
java/nio/channels/AsynchronousChannelGroup/ fails
– S8031625, PR3335: javadoc problems referencing inner class
– S8031649, PR3335: Clean up javadoc tests
– S8031670, PR3335: Remove unneeded -source options in javadoc tests
– S8032066, PR3335: Serialized form has broken links to non private
inner classes of package private
– S8034174, PR2290: Remove use of JVM_* functions from code
– S8034182, PR2290: Misc. warnings in code
– S8035876, PR2290: AIX build issues after ‘8034174: Remove use
of JVM_* functions from code’
– S8038730, PR3335: Clean up the way JavadocTester is invoked, and
checks for errors.
– S8040903, PR3335: Clean up use of BUG_ID in javadoc tests
– S8040904, PR3335: Ensure javadoc tests do not overwrite results
within tests
– S8040908, PR3335: javadoc test TestDocEncoding should use
– S8041150, PR3335: Avoid silly use of static methods in JavadocTester
– S8041253, PR3335: Avoid redundant synonyms of NO_TEST
– S8043780, PR3368: Use open(O_CLOEXEC) instead of fcntl(FD_CLOEXEC)
– S8061305, PR3335: Javadoc crashes when method name ends with
– S8072452, PR3337: Support DHE sizes up to 8192-bits and DSA sizes up
to 3072-bits
– S8075565, PR3337: Define @intermittent jtreg keyword and mark
intermittently failing jdk tests
– S8075670, PR3337: Remove intermittent keyword from some tests
– S8078334, PR3337: Mark regression tests using randomness
– S8078880, PR3337: Mark a few more intermittently failuring
– S8133318, PR3337: Exclude intermittent failing PKCS11 tests
on Solaris SPARC 11.1 and earlier
– S8144539, PR3337: Update PKCS11 tests to run with security manager
– S8144566, PR3352: Custom HostnameVerifier disables SNI extension
– S8153711, PR3313, RH1284948: [REDO] JDWP: Memory Leak: GlobalRefs
never deleted when processing invokeMethod command
– S8155049, PR3352: New tests from 8144566 fail with “No expected
Server Name Indication”
– S8173941, PR3326: SA does not work if executable is DSO
– S8174164, PR3334, RH1417266: SafePointNode::_replaced_nodes breaks
with irreducible loops
– S8174729, PR3336, RH1420518: Race Condition in
– S8175097, PR3334, RH1417266: [TESTBUG] 8174164 fix missed the test
* Bug fixes
– PR3348: Architectures unsupported by SystemTap tapsets throw a parse
– PR3378: Perl should be mandatory
– PR3389: and should use @PERL@ rather than a
hardcoded path
* AArch64 port
– S8168699, PR3372: Validate special case invocations [AArch64 support]
– S8170100, PR3372: AArch64: Crash in C1-compiled code accessing
– S8172881, PR3372: AArch64: assertion failure: the int pressure is
– S8173472, PR3372: AArch64: C1 comparisons with null only use 32-bit
– S8177661, PR3372: Correct ad rule output register types from iRegX
to iRegXNoSp
* AArch32 port
– PR3380: Zero should not be enabled by default on arm with the
AArch32 HotSpot build
– PR3384, S8139303, S8167584: Add support for AArch32 architecture to
configure and jdk makefiles
– PR3385: aarch32 does not support -Xshare:dump
– PR3386, S8164652: AArch32 jvm.cfg wrong for C1 build
– PR3387: Installation fails on arm with AArch32 port as
INSTALL_ARCH_DIR is arm, not aarch32
– PR3388: Wrong path for jvm.cfg being used on arm with AArch32 build
* Shenandoah
– Fix Shenandoah argument checking on 32bit builds.
– Import from Shenandoah tag
– Import from Shenandoah tag
– Import from Shenandoah tag
– Import from Shenandoah tag
– Import from Shenandoah tag

This update was imported from the SUSE:SLE-12-SP1:Update update project.

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– openSUSE Leap 42.2:

zypper in -t patch openSUSE-2017-662=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– openSUSE Leap 42.2 (i586 x86_64):


– openSUSE Leap 42.2 (noarch):



To unsubscribe, e-mail:
For additional commands, e-mail:

AutorDanijel Kozinovic
Cert idNCERT-REF-2017-06-0052-ADV
More in Preporuke
Ranjivost Cisco Prime DCNM aplikacije

Otkrivena je ranjivost u funkcionalnosti kontrole pristupa (role-based access control - RBAC) Cisco Prime Data Center Network Manager (DCNM) softvera....