[security-announce] openSUSE-SU-2016:2058-1: important: Security update for OpenJDK7

[news 28]

openSUSE Security Update: Security update for OpenJDK7

______________________________________________________________________________

 

Announcement ID: openSUSE-SU-2016:2058-1

Rating: important

References: #988651 #989722 #989723 #989725 #989727 #989728

#989729 #989730 #989731 #989732 #989733 #989734

 

Cross-References: CVE-2016-3458 CVE-2016-3485 CVE-2016-3498

CVE-2016-3500 CVE-2016-3503 CVE-2016-3508

CVE-2016-3511 CVE-2016-3550 CVE-2016-3598

CVE-2016-3606 CVE-2016-3610

Affected Products:

openSUSE 13.1

______________________________________________________________________________

 

An update that solves 11 vulnerabilities and has one errata

is now available.

 

Description:

 

Update to 2.6.7 - OpenJDK 7u111

* Security fixes

- S8079718, CVE-2016-3458: IIOP Input Stream Hooking (bsc#989732)

- S8145446, CVE-2016-3485: Perfect pipe placement (Windows

only) (bsc#989734)

- S8147771: Construction of static protection domains under Javax

custom policy

- S8148872, CVE-2016-3500: Complete name checking (bsc#989730)

- S8149962, CVE-2016-3508: Better delineation of XML processing

(bsc#989731)

- S8150752: Share Class Data

- S8151925: Font reference improvements

- S8152479, CVE-2016-3550: Coded byte streams (bsc#989733)

- S8155981, CVE-2016-3606: Bolster bytecode verification (bsc#989722)

- S8155985, CVE-2016-3598: Persistent Parameter Processing (bsc#989723)

- S8158571, CVE-2016-3610: Additional method handle validation

(bsc#989725)

- CVE-2016-3511 (bsc#989727)

- CVE-2016-3503 (bsc#989728)

- CVE-2016-3498 (bsc#989729)

 

 

Patch Instructions:

 

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

 

- openSUSE 13.1:

 

zypper in -t patch 2016-982=1

 

To bring your system up-to-date, use "zypper patch".

 

 

Package List:

 

- openSUSE 13.1 (i586 x86_64):

 

java-1_7_0-openjdk-1.7.0.111-24.39.1

java-1_7_0-openjdk-accessibility-1.7.0.111-24.39.1

java-1_7_0-openjdk-debuginfo-1.7.0.111-24.39.1

java-1_7_0-openjdk-debugsource-1.7.0.111-24.39.1

java-1_7_0-openjdk-demo-1.7.0.111-24.39.1

java-1_7_0-openjdk-demo-debuginfo-1.7.0.111-24.39.1

java-1_7_0-openjdk-devel-1.7.0.111-24.39.1

java-1_7_0-openjdk-devel-debuginfo-1.7.0.111-24.39.1

java-1_7_0-openjdk-headless-1.7.0.111-24.39.1

java-1_7_0-openjdk-headless-debuginfo-1.7.0.111-24.39.1

java-1_7_0-openjdk-src-1.7.0.111-24.39.1

 

- openSUSE 13.1 (noarch):

 

java-1_7_0-openjdk-javadoc-1.7.0.111-24.39.1

 

 

References:

 

https://www.suse.com/security/cve/CVE-2016-3458.html

https://www.suse.com/security/cve/CVE-2016-3485.html

https://www.suse.com/security/cve/CVE-2016-3498.html

https://www.suse.com/security/cve/CVE-2016-3500.html

https://www.suse.com/security/cve/CVE-2016-3503.html

https://www.suse.com/security/cve/CVE-2016-3508.html

https://www.suse.com/security/cve/CVE-2016-3511.html

https://www.suse.com/security/cve/CVE-2016-3550.html

https://www.suse.com/security/cve/CVE-2016-3598.html

https://www.suse.com/security/cve/CVE-2016-3606.html

https://www.suse.com/security/cve/CVE-2016-3610.html

https://bugzilla.suse.com/988651

https://bugzilla.suse.com/989722

https://bugzilla.suse.com/989723

https://bugzilla.suse.com/989725

https://bugzilla.suse.com/989727

https://bugzilla.suse.com/989728

https://bugzilla.suse.com/989729

https://bugzilla.suse.com/989730

https://bugzilla.suse.com/989731

https://bugzilla.suse.com/989732

https://bugzilla.suse.com/989733

https://bugzilla.suse.com/989734

 

--

To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org

For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org