Security update for java-1_7_0-openjdk

Announcement ID: SUSE-SU-2016:0269-1
Rating: critical
References:
Cross-References:
CVSS scores:
Affected Products:
  • SUSE Linux Enterprise Desktop 11 SP3
  • SUSE Linux Enterprise Desktop 11 SP4

An update that solves nine vulnerabilities can now be installed.

Description:

java-1_7_0-openjdk was updated to version 7u95 to fix 9 security issues. (bsc#962743)

  • CVE-2015-4871: Rebinding of the receiver of a DirectMethodHandle may allow a protected method to be accessed
  • CVE-2015-7575: Further reduce use of MD5 (SLOTH) (bsc#960996)
  • CVE-2015-8126: Vulnerability in the AWT component related to splashscreen displays
  • CVE-2015-8472: Vulnerability in the AWT component, addressed by same fix
  • CVE-2016-0402: Vulnerability in the Networking component related to URL processing
  • CVE-2016-0448: Vulnerability in the JMX comonent related to attribute processing
  • CVE-2016-0466: Vulnerability in the JAXP component, related to limits
  • CVE-2016-0483: Vulnerability in the AWT component related to image decoding
  • CVE-2016-0494: Vulnerability in 2D component related to font actions

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Desktop 11 SP3
    zypper in -t patch sledsp3-java-1_7_0-openjdk-12374=1
  • SUSE Linux Enterprise Desktop 11 SP4
    zypper in -t patch sledsp4-java-1_7_0-openjdk-12374=1

Package List:

  • SUSE Linux Enterprise Desktop 11 SP3 (x86_64 i586)
    • java-1_7_0-openjdk-devel-1.7.0.95-0.17.2
    • java-1_7_0-openjdk-demo-1.7.0.95-0.17.2
    • java-1_7_0-openjdk-1.7.0.95-0.17.2
  • SUSE Linux Enterprise Desktop 11 SP4 (x86_64 i586)
    • java-1_7_0-openjdk-devel-1.7.0.95-0.17.2
    • java-1_7_0-openjdk-demo-1.7.0.95-0.17.2
    • java-1_7_0-openjdk-1.7.0.95-0.17.2

References: