Security update for OpenJDK
SUSE Security Update: Security update for OpenJDK
This java-1_7_0-openjdk update to version 2.4.7 fixes the following
security and non-security issues:
*
Security fixes
o S8023046: Enhance splashscreen support o S8025005: Enhance
CORBA initializations o S8025010, CVE-2014-2412: Enhance AWT contexts o
S8025030, CVE-2014-2414: Enhance stream handling o S8025152,
CVE-2014-0458: Enhance activation set up o S8026067: Enhance signed jar
verification o S8026163, CVE-2014-2427: Enhance media provisioning o
S8026188, CVE-2014-2423: Enhance envelope factory o S8026200: Enhance
RowSet Factory o S8026716, CVE-2014-2402: (aio) Enhance asynchronous
channel handling o S8026736, CVE-2014-2398: Enhance Javadoc pages o
S8026797, CVE-2014-0451: Enhance data transfers o S8026801, CVE-2014-0452:
Enhance endpoint addressing o S8027766, CVE-2014-0453: Enhance RSA
processing o S8027775: Enhance ICU code. o S8027841, CVE-2014-0429:
Enhance pixel manipulations o S8028385: Enhance RowSet Factory o S8029282,
CVE-2014-2403: Enhance CharInfo set up o S8029286: Enhance subject
delegation o S8029699: Update Poller demo o S8029730: Improve audio device
additions o S8029735: Enhance service mgmt natives o S8029740,
CVE-2014-0446: Enhance handling of loggers o S8029745, CVE-2014-0454:
Enhance algorithm checking o S8029750: Enhance LCMS color processing
(in-tree LCMS) o S8029760, CVE-2013-6629: Enhance AWT image libraries
(in-tree libjpeg) o S8029844, CVE-2014-0455: Enhance argument validation o
S8029854, CVE-2014-2421: Enhance JPEG decodings o S8029858, CVE-2014-0456:
Enhance array copies o S8030731, CVE-2014-0460: Improve name service
robustness o S8031330: Refactor ObjectFactory o S8031335, CVE-2014-0459:
Better color profiling (in-tree LCMS) o S8031352, CVE-2013-6954: Enhance
PNG handling (in-tree libpng) o S8031394, CVE-2014-0457: (sl) Fix
exception handling in ServiceLoader o S8031395: Enhance LDAP processing o
S8032686, CVE-2014-2413: Issues with method invoke o S8033618,
CVE-2014-1876: Correct logging output o S8034926, CVE-2014-2397: Attribute
classes properly o S8036794, CVE-2014-0461: Manage JavaScript instances
*
Backports
o S8004145: New improved hgforest.sh, ctrl-c now properly
terminates mercurial processes. o S8007625: race with nested repos in
/common/bin/hgforest.sh o S8011178: improve common/bin/hgforest.sh python
detection (MacOS) o S8011342: hgforest.sh : 'python --version' not
supported on older python o S8011350: hgforest.sh uses non-POSIX sh
features that may fail with some shells o S8024200: handle hg wrapper with
space after #! o S8025796: hgforest.sh could trigger unbuffered output
from hg without complicated machinations o S8028388: 9 jaxws tests failed
in nightly build with java.lang.ClassCastException o S8031477: [macosx]
Loading AWT native library fails o S8032370: No "Truncated file" warning
from IIOReadWarningListener on JPEGImageReader o S8035834:
InetAddress.getLocalHost() can hang after JDK-8030731 was fixed
*
Bug fixes
o PR1393: JPEG support in build is broken on non-system-libjpeg
builds o PR1726: configure fails looking for ecj.jar before even trying to
find javac o Red Hat local: Fix for repo with path statting with / . o
Remove unused hgforest script
Security Issue references:
* CVE-2014-2412
* CVE-2014-2414
* CVE-2014-0458
* CVE-2014-2427
* CVE-2014-2423
* CVE-2014-2402
* CVE-2014-2398
* CVE-2014-0451
* CVE-2014-0452
* CVE-2014-0453
* CVE-2014-0429
* CVE-2014-2403
* CVE-2014-0446
* CVE-2014-0454
* CVE-2013-6629
* CVE-2014-0455
* CVE-2014-2421
* CVE-2014-0456
* CVE-2014-0460
* CVE-2014-0459
* CVE-2013-6954
* CVE-2014-0457
* CVE-2014-2413
* CVE-2014-1876
* CVE-2014-2397
* CVE-2014-0461
| Announcement ID: | SUSE-SU-2014:0639-1 |
| Rating: | important |
| References: | #873873 |
| Affected Products: |
An update that fixes 26 vulnerabilities is now available.
Description:
This java-1_7_0-openjdk update to version 2.4.7 fixes the following
security and non-security issues:
*
Security fixes
o S8023046: Enhance splashscreen support o S8025005: Enhance
CORBA initializations o S8025010, CVE-2014-2412: Enhance AWT contexts o
S8025030, CVE-2014-2414: Enhance stream handling o S8025152,
CVE-2014-0458: Enhance activation set up o S8026067: Enhance signed jar
verification o S8026163, CVE-2014-2427: Enhance media provisioning o
S8026188, CVE-2014-2423: Enhance envelope factory o S8026200: Enhance
RowSet Factory o S8026716, CVE-2014-2402: (aio) Enhance asynchronous
channel handling o S8026736, CVE-2014-2398: Enhance Javadoc pages o
S8026797, CVE-2014-0451: Enhance data transfers o S8026801, CVE-2014-0452:
Enhance endpoint addressing o S8027766, CVE-2014-0453: Enhance RSA
processing o S8027775: Enhance ICU code. o S8027841, CVE-2014-0429:
Enhance pixel manipulations o S8028385: Enhance RowSet Factory o S8029282,
CVE-2014-2403: Enhance CharInfo set up o S8029286: Enhance subject
delegation o S8029699: Update Poller demo o S8029730: Improve audio device
additions o S8029735: Enhance service mgmt natives o S8029740,
CVE-2014-0446: Enhance handling of loggers o S8029745, CVE-2014-0454:
Enhance algorithm checking o S8029750: Enhance LCMS color processing
(in-tree LCMS) o S8029760, CVE-2013-6629: Enhance AWT image libraries
(in-tree libjpeg) o S8029844, CVE-2014-0455: Enhance argument validation o
S8029854, CVE-2014-2421: Enhance JPEG decodings o S8029858, CVE-2014-0456:
Enhance array copies o S8030731, CVE-2014-0460: Improve name service
robustness o S8031330: Refactor ObjectFactory o S8031335, CVE-2014-0459:
Better color profiling (in-tree LCMS) o S8031352, CVE-2013-6954: Enhance
PNG handling (in-tree libpng) o S8031394, CVE-2014-0457: (sl) Fix
exception handling in ServiceLoader o S8031395: Enhance LDAP processing o
S8032686, CVE-2014-2413: Issues with method invoke o S8033618,
CVE-2014-1876: Correct logging output o S8034926, CVE-2014-2397: Attribute
classes properly o S8036794, CVE-2014-0461: Manage JavaScript instances
*
Backports
o S8004145: New improved hgforest.sh, ctrl-c now properly
terminates mercurial processes. o S8007625: race with nested repos in
/common/bin/hgforest.sh o S8011178: improve common/bin/hgforest.sh python
detection (MacOS) o S8011342: hgforest.sh : 'python --version' not
supported on older python o S8011350: hgforest.sh uses non-POSIX sh
features that may fail with some shells o S8024200: handle hg wrapper with
space after #! o S8025796: hgforest.sh could trigger unbuffered output
from hg without complicated machinations o S8028388: 9 jaxws tests failed
in nightly build with java.lang.ClassCastException o S8031477: [macosx]
Loading AWT native library fails o S8032370: No "Truncated file" warning
from IIOReadWarningListener on JPEGImageReader o S8035834:
InetAddress.getLocalHost() can hang after JDK-8030731 was fixed
*
Bug fixes
o PR1393: JPEG support in build is broken on non-system-libjpeg
builds o PR1726: configure fails looking for ecj.jar before even trying to
find javac o Red Hat local: Fix for repo with path statting with / . o
Remove unused hgforest script
Security Issue references:
* CVE-2014-2412
* CVE-2014-2414
* CVE-2014-0458
* CVE-2014-2427
* CVE-2014-2423
* CVE-2014-2402
* CVE-2014-2398
* CVE-2014-0451
* CVE-2014-0452
* CVE-2014-0453
* CVE-2014-0429
* CVE-2014-2403
* CVE-2014-0446
* CVE-2014-0454
* CVE-2013-6629
* CVE-2014-0455
* CVE-2014-2421
* CVE-2014-0456
* CVE-2014-0460
* CVE-2014-0459
* CVE-2013-6954
* CVE-2014-0457
* CVE-2014-2413
* CVE-2014-1876
* CVE-2014-2397
* CVE-2014-0461
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Desktop 11 SP3:
zypper in -t patch sledsp3-java-1_7_0-openjdk-9209
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64):
- java-1_7_0-openjdk-1.7.0.6-0.27.1
- java-1_7_0-openjdk-demo-1.7.0.6-0.27.1
- java-1_7_0-openjdk-devel-1.7.0.6-0.27.1
References:
- http://support.novell.com/security/cve/CVE-2013-6629.html
- http://support.novell.com/security/cve/CVE-2013-6954.html
- http://support.novell.com/security/cve/CVE-2014-0429.html
- http://support.novell.com/security/cve/CVE-2014-0446.html
- http://support.novell.com/security/cve/CVE-2014-0451.html
- http://support.novell.com/security/cve/CVE-2014-0452.html
- http://support.novell.com/security/cve/CVE-2014-0453.html
- http://support.novell.com/security/cve/CVE-2014-0454.html
- http://support.novell.com/security/cve/CVE-2014-0455.html
- http://support.novell.com/security/cve/CVE-2014-0456.html
- http://support.novell.com/security/cve/CVE-2014-0457.html
- http://support.novell.com/security/cve/CVE-2014-0458.html
- http://support.novell.com/security/cve/CVE-2014-0459.html
- http://support.novell.com/security/cve/CVE-2014-0460.html
- http://support.novell.com/security/cve/CVE-2014-0461.html
- http://support.novell.com/security/cve/CVE-2014-1876.html
- http://support.novell.com/security/cve/CVE-2014-2397.html
- http://support.novell.com/security/cve/CVE-2014-2398.html
- http://support.novell.com/security/cve/CVE-2014-2402.html
- http://support.novell.com/security/cve/CVE-2014-2403.html
- http://support.novell.com/security/cve/CVE-2014-2412.html
- http://support.novell.com/security/cve/CVE-2014-2413.html
- http://support.novell.com/security/cve/CVE-2014-2414.html
- http://support.novell.com/security/cve/CVE-2014-2421.html
- http://support.novell.com/security/cve/CVE-2014-2423.html
- http://support.novell.com/security/cve/CVE-2014-2427.html
- https://bugzilla.novell.com/873873
- http://download.suse.com/patch/finder/?keywords=9e107d0028325fe6789728abca9fee1d