| Description: | Summary:
The remote host is missing an update for the 'java-1_8_0-openjdk' package(s) announced via the SUSE-SU-2016:2012-1 advisory.
Vulnerability Insight:
This update for java-1_8_0-openjdk fixes the following issues:
- Upgrade to version jdk8u101 (icedtea 3.1.0)
- New in release 3.1.0 (2016-07-25):
* Security fixes
- S8079718, CVE-2016-3458: IIOP Input Stream Hooking
(bsc#989732)
- S8145446, CVE-2016-3485: Perfect pipe placement (Windows
only) (bsc#989734)
- S8146514: Enforce GCM limits
- S8147771: Construction of static protection domains under
Javax custom policy
- S8148872, CVE-2016-3500: Complete name checking (bsc#989730)
- S8149070: Enforce update ordering
- S8149962, CVE-2016-3508: Better delineation of XML processing
(bsc#989731)
- S8150752: Share Class Data
- S8151925: Font reference improvements
- S8152479, CVE-2016-3550: Coded byte streams (bsc#989733)
- S8153312: Constrain AppCDS behavior
- S8154475, CVE-2016-3587: Clean up lookup visibility
(bsc#989721)
- S8155981, CVE-2016-3606: Bolster bytecode verification
(bsc#989722)
- S8155985, CVE-2016-3598: Persistent Parameter Processing
(bsc#989723)
- S8158571, CVE-2016-3610: Additional method handle validation
(bsc#989725)
- CVE-2016-3552 (bsc#989726)
- CVE-2016-3511 (bsc#989727)
- CVE-2016-3503 (bsc#989728)
- CVE-2016-3498 (bsc#989729)
* New features
- S8145547, PR1061: [AWT/Swing] Conditional support for GTK 3
on Linux
- PR2821: Support building OpenJDK with --disable-headful
- PR2931, G478960: Provide Infinality Support via fontconfig
- PR3079: Provide option to build Shenandoah on x86_64
* Import of OpenJDK 8 u92 build 14
- S6869327: Add new C2 flag to keep safepoints in counted
loops.
- S8022865: [TESTBUG] Compressed Oops testing needs to be
revised
- S8029630: Thread id should be displayed as a hex number in
error report
- S8029726: On OS X some dtrace probe names are mismatched with
Solaris
- S8029727: On OS X dtrace probes
CallMethodA/CallMethodV are not fired.
- S8029728: On OS X dtrace probes SetStaticBooleanField are not
fired
- S8038184: XMLSignature throws StringIndexOutOfBoundsException
if ID attribute value is empty String
- S8038349: Signing XML with DSA throws Exception when key is
larger than 1024 bits
- S8041501: ImageIO reader is not capable of reading JPEGs
without JFIF header
- S8041900: [macosx] Java forces the use of discrete GPU
- S8044363: Remove special build options for unpack200 executable
- S8046471: Use OPENJDK_TARGET_CPU_ARCH instead of legacy value
for hotspot ARCH
- S8046611: Build errors with gcc on sparc/fastdebug
- S8047763: Recognize sparc64 as a sparc platform
- S8048232: Fix for 8046471 breaks PPC64 build
- S8052396: Catch exceptions resulting from missing font cmap
- S8058563: InstanceKlass::_dependencies list isn't cleared from
empty nmethodBucket entries
- S8061624: [TESTBUG] Some tests cannot be ran under compact
profiles and therefore shall be excluded
- S8062901: Iterators is spelled incorrectly in the Javadoc for
Spliterator
- S8064330: ... [Please see the references for more information on the vulnerabilities]
Affected Software/OS:
'java-1_8_0-openjdk' package(s) on SUSE Linux Enterprise Desktop 12-SP1, SUSE Linux Enterprise Server 12-SP1, SUSE Linux Enterprise Server for SAP Applications 12-SP1.
Solution:
Please install the updated package(s).
CVSS Score:
9.3
CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
