{"affected":[{"ecosystem_specific":{"binaries":[{"java-1_7_0-openjdk":"1.7.0.141-42.1","java-1_7_0-openjdk-headless":"1.7.0.141-42.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Desktop 12 SP1","name":"java-1_7_0-openjdk","purl":"pkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.7.0.141-42.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-1_7_0-openjdk":"1.7.0.141-42.1","java-1_7_0-openjdk-headless":"1.7.0.141-42.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Desktop 12 SP2","name":"java-1_7_0-openjdk","purl":"pkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.7.0.141-42.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-1_7_0-openjdk":"1.7.0.141-42.1","java-1_7_0-openjdk-demo":"1.7.0.141-42.1","java-1_7_0-openjdk-devel":"1.7.0.141-42.1","java-1_7_0-openjdk-headless":"1.7.0.141-42.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for Raspberry Pi 12 SP2","name":"java-1_7_0-openjdk","purl":"pkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.7.0.141-42.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-1_7_0-openjdk":"1.7.0.141-42.1","java-1_7_0-openjdk-demo":"1.7.0.141-42.1","java-1_7_0-openjdk-devel":"1.7.0.141-42.1","java-1_7_0-openjdk-headless":"1.7.0.141-42.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP1","name":"java-1_7_0-openjdk","purl":"pkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.7.0.141-42.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-1_7_0-openjdk":"1.7.0.141-42.1","java-1_7_0-openjdk-demo":"1.7.0.141-42.1","java-1_7_0-openjdk-devel":"1.7.0.141-42.1","java-1_7_0-openjdk-headless":"1.7.0.141-42.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP1","name":"java-1_7_0-openjdk","purl":"pkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.7.0.141-42.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-1_7_0-openjdk":"1.7.0.141-42.1","java-1_7_0-openjdk-demo":"1.7.0.141-42.1","java-1_7_0-openjdk-devel":"1.7.0.141-42.1","java-1_7_0-openjdk-headless":"1.7.0.141-42.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP2","name":"java-1_7_0-openjdk","purl":"pkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.7.0.141-42.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-1_7_0-openjdk":"1.7.0.141-42.1","java-1_7_0-openjdk-demo":"1.7.0.141-42.1","java-1_7_0-openjdk-devel":"1.7.0.141-42.1","java-1_7_0-openjdk-headless":"1.7.0.141-42.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP2","name":"java-1_7_0-openjdk","purl":"pkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.7.0.141-42.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"\nThis update for java-1_7_0-openjdk fixes the following issues:\n\n- Update to 2.6.10 - OpenJDK 7u141 (bsc#1034849)\n* Security fixes\n - S8163520, CVE-2017-3509: Reuse cache entries\n - S8163528, CVE-2017-3511: Better library loading\n - S8165626, CVE-2017-3512: Improved window framing\n - S8167110, CVE-2017-3514: Windows peering issue\n - S8169011, CVE-2017-3526: Resizing XML parse trees\n - S8170222, CVE-2017-3533: Better transfers of files\n - S8171121, CVE-2017-3539: Enhancing jar checking\n - S8171533, CVE-2017-3544: Better email transfer\n - S8172299: Improve class processing\n * New features\n - PR3347: jstack.stp should support AArch64\n * Import of OpenJDK 7 u141 build 0\n - S4717864: setFont() does not update Fonts of Menus already on\n screen\n - S6474807: (smartcardio) CardTerminal.connect() throws\n CardException instead of CardNotPresentException\n - S6518907: cleanup IA64 specific code in Hotspot\n - S6869327: Add new C2 flag to keep safepoints in counted loops.\n - S7112912: Message 'Error occurred during initialization of\n VM' on boxes with lots of RAM\n - S7124213: [macosx] pack() does ignore size of a component;\n doesn't on the other platforms\n - S7124219: [macosx] Unable to draw images to fullscreen\n - S7124552: [macosx] NullPointerException in getBufferStrategy()\n - S7148275: [macosx] setIconImages() not working correctly\n (distorted icon when minimized)\n - S7154841: [macosx] Popups appear behind taskbar\n - S7155957:\n closed/java/awt/MenuBar/MenuBarStress1/MenuBarStress1.java\n hangs on win 64 bit with jdk8\n - S7160627: [macosx] TextArea has wrong initial size\n - S7167293: FtpURLConnection connection leak on\n FileNotFoundException\n - S7168851: [macosx] Netbeans crashes in\n CImage.nativeCreateNSImageFromArray\n - S7197203: sun/misc/URLClassPath/ClassnameCharTest.sh failed,\n compile error\n - S8005255: [macosx] Cleanup warnings in sun.lwawt\n - S8006088: Incompatible heap size flags accepted by VM\n - S8007295: Reduce number of warnings in awt classes\n - S8010722: assert: failed: heap size is too big for compressed\n oops\n - S8011059: [macosx] Support automatic @2x images loading on\n Mac OS X\n - S8014058: Regression tests for 8006088\n - S8014489:\n tests/gc/arguments/Test(Serial|CMS|Parallel|G1)HeapSizeFlags\n jtreg tests invoke wrong class\n - S8016302: Change type of the number of GC workers to unsigned\n int (2)\n - S8024662: gc/arguments/TestUseCompressedOopsErgo.java does\n not compile.\n - S8024669: Native OOME when allocating after changes to\n maximum heap supporting Coops sizing on sparcv9\n - S8024926: [macosx] AquaIcon HiDPI support\n - S8025974: l10n for policytool\n - S8027025: [macosx] getLocationOnScreen returns 0 if parent\n invisible\n - S8028212: Custom cursor HiDPI support\n - S8028471: PPC64 (part 215): opto: Extend ImplicitNullCheck\n optimization.\n - S8031573: [macosx] Checkmarks of JCheckBoxMenuItems aren't\n rendered in high resolution on Retina\n - S8033534: [macosx] Get MultiResolution image from native\n system\n - S8033786: White flashing when opening Dialogs and Menus using\n Nimbus with dark background\n - S8035568: [macosx] Cursor management unification\n - S8041734: JFrame in full screen mode leaves empty workspace\n after close\n - S8059803: Update use of GetVersionEx to get correct Windows\n version in hs_err files\n - S8066504: GetVersionEx in\n java.base/windows/native/libjava/java_props_md.c might not\n get correct Windows version 0\n - S8079595: Resizing dialog which is JWindow parent makes JVM\n crash\n - S8080729: [macosx] java 7 and 8 JDialogs on multiscreen jump\n to parent frame on focus\n - S8130769: The new menu can't be shown on the menubar after\n clicking the 'Add' button.\n - S8133357: 8u65 l10n resource file translation update\n - S8146602:\n jdk/test/sun/misc/URLClassPath/ClassnameCharTest.java test\n fails with NullPointerException\n - S8147842: IME Composition Window is displayed at incorrect\n location\n - S8147910: Cache initial active_processor_count\n - S8150490: Update OS detection code to recognize Windows\n Server 2016\n - S8161147: jvm crashes when -XX:+UseCountedLoopSafepoints is\n enabled\n - S8161195: Regression:\n closed/javax/swing/text/FlowView/LayoutTest.java\n - S8161993: G1 crashes if active_processor_count changes during\n startup\n - S8162603: Unrecognized VM option 'UseCountedLoopSafepoints'\n - S8162876: [TEST_BUG]\n sun/net/www/protocol/http/HttpInputStream.java fails\n intermittently\n - S8164533: sun/security/ssl/SSLSocketImpl/CloseSocket.java\n failed with 'Error while cleaning up threads after test'\n - S8167179: Make XSL generated namespace prefixes local to\n transformation process\n - S8169465: Deadlock in com.sun.jndi.ldap.pool.Connections\n - S8169589: [macosx] Activating a JDialog puts to back another\n dialog\n - S8170307: Stack size option -Xss is ignored\n - S8170316: (tz) Support tzdata2016j\n - S8170814: Reuse cache entries (part II)\n - S8171388: Update JNDI Thread contexts\n - S8171949: [macosx] AWT_ZoomFrame Automated tests fail with\n error: The bitwise mask Frame.ICONIFIED is not setwhen the\n frame is in ICONIFIED state\n - S8171952: [macosx]\n AWT_Modality/Automated/ModalExclusion/NoExclusion/ModelessDialog\n test fails as DummyButton on Dialog did not gain focus when\n clicked.\n - S8173931: 8u131 L10n resource file update\n - S8174844: Incorrect GPL header causes RE script to miss swap\n to commercial header for licensee source bundle\n - S8175087: [bsd] Fix build after '8024900: PPC64: Enable new\n build on AIX (jdk part)'\n - S8175163: [bsd] Fix build after '8005629: javac warnings\n compiling java.awt.EventDispatchThread...'\n - S8176044: (tz) Support tzdata2017a\n * Import of OpenJDK 7 u141 build 1\n - S8043723: max_heap_for_compressed_oops() declared with\n size_t, but defined with uintx\n * Import of OpenJDK 7 u141 build 2\n - S8011123: serialVersionUID of\n java.awt.dnd.InvalidDnDOperationException changed in JDK8-b82\n * Backports\n - S6515172, PR3362: Runtime.availableProcessors() ignores Linux\n taskset command\n - S8022284, PR3209: Hide internal data structure in PhaseCFG\n - S8023003, PR3209: Cleanup the public interface to PhaseCFG\n - S8023691, PR3209: Create interface for nodes in class Block\n - S8023988, PR3209: Move local scheduling of nodes to the CFG\n creation and code motion phase (PhaseCFG)\n - S8043780, PR3369: Use open(O_CLOEXEC) instead of\n fcntl(FD_CLOEXEC)\n - S8157306, PR3209: Random infrequent null pointer exceptions\n in javac\n - S8173783, PR3329: IllegalArgumentException:\n jdk.tls.namedGroups\n - S8173941, PR3330: SA does not work if executable is DSO\n - S8174729, PR3361: Race Condition in\n java.lang.reflect.WeakCache\n * Bug fixes\n - PR3349: Architectures unsupported by SystemTap tapsets throw\n a parse error\n - PR3370: Disable ARM32 JIT by default in jdk_generic_profile.sh\n - PR3379: Perl should be mandatory\n - PR3390: javac.in and javah.in should use @PERL@ rather than a\n hardcoded path\n * CACAO\n - PR2732: Raise javadoc memory limits for CACAO again!\n * AArch64 port\n - S8177661, PR3367: Correct ad rule output register types from\n iRegX to iRegXNoSp\n\n- Get ecj.jar path from gcj, use the gcc variant that provides Java\n to build C code to make sure jni.h is available.\n\n - S8167104, CVE-2017-3289: Additional class construction\n - S6253144: Long narrowing conversion should describe the\n - S6328537: Improve javadocs for Socket class by adding\n - S6978886: javadoc shows stacktrace after print error\n - S6995421: Eliminate the static dependency to\n - S7027045: (doc) java/awt/Window.java has several typos in\n - S7054969: Null-check-in-finally pattern in java/security\n - S7072353: JNDI libraries do not build with javac -Xlint:all\n - S7092447: Clarify the default locale used in each locale\n - S7103570: AtomicIntegerFieldUpdater does not work when\n - S7187144: JavaDoc for ScriptEngineFactory.getProgram()\n - S8000418: javadoc should used a standard 'generated by\n - S8000666: javadoc should write directly to Writer instead of\n - S8000970: break out auxiliary classes that will prevent\n - S8001669: javadoc internal DocletAbortException should set\n - S8011402: Move blacklisting certificate logic from hard code\n - S8011547: Update XML Signature implementation to Apache\n - S8012288: XML DSig API allows wrong tag names and extra\n - S8017325: Cleanup of the javadoc tag in\n - S8017326: Cleanup of the javadoc tag in\n - S8019772: Fix doclint issues in javax.crypto and\n - S8020688: Broken links in documentation at\n - S8021108: Clean up doclint warnings and errors in java.text\n - S8022120: JCK test\n api/javax_xml/crypto/dsig/TransformService/index_ParamMethods\n - S8025409: Fix javadoc comments errors and warning reported by\n - S8026021: more fix of javadoc errors and warnings reported by\n - S8037099: [macosx] Remove all references to GC from native\n - S8038184: XMLSignature throws StringIndexOutOfBoundsException\n - S8038349: Signing XML with DSA throws Exception when key is\n - S8049244: XML Signature performance issue caused by\n - S8050893: (smartcardio) Invert reset argument in tests in\n - S8059212: Modify sun/security/smartcardio manual regression\n - S8068279: (typo in the spec)\n - S8068491: Update the protocol for references of\n - S8069038: javax/net/ssl/TLS/TLSClientPropertyTest.java needs\n - S8076369: Introduce the jdk.tls.client.protocols system\n - S8139565: Restrict certificates with DSA keys less than 1024\n - S8140422: Add mechanism to allow non default root CAs to be\n - S8140587: Atomic*FieldUpdaters should use Class.isInstance\n - S8149029: Secure validation of XML based digital signature\n - S8151893: Add security property to configure XML Signature\n - S8161228: URL objects with custom protocol handlers have port\n - S8163304: jarsigner -verbose -verify should print the\n - S8164908: ReflectionFactory support for IIOP and custom\n - S8165230: RMIConnection addNotificationListeners failing with\n - S8166393: disabledAlgorithms property should not be strictly\n - S8166591: [macos 10.12] Trackpad scrolling of text on OS X\n - S8166739: Improve extensibility of ObjectInputFilter\n - S8167356: Follow up fix for jdk8 backport of 8164143. Changes\n - S8167459: Add debug output for indicating if a chosen\n - S8168861: AnchorCertificates uses hardcoded password for\n - S8169688: Backout (remove) MD5 from\n - S8169911: Enhanced tests for jarsigner -verbose -verify after\n - S8170131: Certificates not being blocked by\n - S8173854: [TEST] Update DHEKeySizing test case following\n - S7102489, PR3316, RH1390708: RFE: cleanup jlong typedef on\n - S8000351, PR3316, RH1390708: Tenuring threshold should be\n - S8153711, PR3315, RH1284948: [REDO] JDWP: Memory Leak:\n - S8170888, PR3316, RH1390708: [linux] Experimental support for\n - PR3318: Replace 'infinality' with 'improved font rendering'\n - PR3324: Fix NSS_LIBDIR substitution in\n - S8165673, PR3320: AArch64: Fix JNI floating point argument\n + S6604109, PR3162:\n- Add -fno-delete-null-pointer-checks -fno-lifetime-dse to try to\n directory to be specified\n versions of IcedTea\n","id":"SUSE-SU-2017:1400-1","modified":"2017-05-24T14:23:03Z","published":"2017-05-24T14:23:03Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2017/suse-su-20171400-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1034849"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-3289"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-3509"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-3511"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-3512"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-3514"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-3526"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-3533"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-3539"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-3544"}],"related":["CVE-2017-3289","CVE-2017-3509","CVE-2017-3511","CVE-2017-3512","CVE-2017-3514","CVE-2017-3526","CVE-2017-3533","CVE-2017-3539","CVE-2017-3544"],"summary":"Security update for java-1_7_0-openjdk","upstream":["CVE-2017-3289","CVE-2017-3509","CVE-2017-3511","CVE-2017-3512","CVE-2017-3514","CVE-2017-3526","CVE-2017-3533","CVE-2017-3539","CVE-2017-3544"]}