SUSE Security Update: Security update for OpenJDK
______________________________________________________________________________

Announcement ID:    SUSE-SU-2014:0639-1
Rating:             important
References:         #873873 
Cross-References:   CVE-2013-6629 CVE-2013-6954 CVE-2014-0429
                    CVE-2014-0446 CVE-2014-0451 CVE-2014-0452
                    CVE-2014-0453 CVE-2014-0454 CVE-2014-0455
                    CVE-2014-0456 CVE-2014-0457 CVE-2014-0458
                    CVE-2014-0459 CVE-2014-0460 CVE-2014-0461
                    CVE-2014-1876 CVE-2014-2397 CVE-2014-2398
                    CVE-2014-2402 CVE-2014-2403 CVE-2014-2412
                    CVE-2014-2413 CVE-2014-2414 CVE-2014-2421
                    CVE-2014-2423 CVE-2014-2427
Affected Products:
                    SUSE Linux Enterprise Desktop 11 SP3
______________________________________________________________________________

   An update that fixes 26 vulnerabilities is now available.

Description:


   This java-1_7_0-openjdk update to version 2.4.7 fixes the following
   security and non-security issues:

   *

   Security fixes

   o S8023046: Enhance splashscreen support o S8025005: Enhance
   CORBA initializations o S8025010, CVE-2014-2412: Enhance AWT contexts o
   S8025030, CVE-2014-2414: Enhance stream handling o S8025152,
   CVE-2014-0458: Enhance activation set up o S8026067: Enhance signed jar
   verification o S8026163, CVE-2014-2427: Enhance media provisioning o
   S8026188, CVE-2014-2423: Enhance envelope factory o S8026200: Enhance
   RowSet Factory o S8026716, CVE-2014-2402: (aio) Enhance asynchronous
   channel handling o S8026736, CVE-2014-2398: Enhance Javadoc pages o
   S8026797, CVE-2014-0451: Enhance data transfers o S8026801, CVE-2014-0452:
   Enhance endpoint addressing o S8027766, CVE-2014-0453: Enhance RSA
   processing o S8027775: Enhance ICU code. o S8027841, CVE-2014-0429:
   Enhance pixel manipulations o S8028385: Enhance RowSet Factory o S8029282,
   CVE-2014-2403: Enhance CharInfo set up o S8029286: Enhance subject
   delegation o S8029699: Update Poller demo o S8029730: Improve audio device
   additions o S8029735: Enhance service mgmt natives o S8029740,
   CVE-2014-0446: Enhance handling of loggers o S8029745, CVE-2014-0454:
   Enhance algorithm checking o S8029750: Enhance LCMS color processing
   (in-tree LCMS) o S8029760, CVE-2013-6629: Enhance AWT image libraries
   (in-tree libjpeg) o S8029844, CVE-2014-0455: Enhance argument validation o
   S8029854, CVE-2014-2421: Enhance JPEG decodings o S8029858, CVE-2014-0456:
   Enhance array copies o S8030731, CVE-2014-0460: Improve name service
   robustness o S8031330: Refactor ObjectFactory o S8031335, CVE-2014-0459:
   Better color profiling (in-tree LCMS) o S8031352, CVE-2013-6954: Enhance
   PNG handling (in-tree libpng) o S8031394, CVE-2014-0457: (sl) Fix
   exception handling in ServiceLoader o S8031395: Enhance LDAP processing o
   S8032686, CVE-2014-2413: Issues with method invoke o S8033618,
   CVE-2014-1876: Correct logging output o S8034926, CVE-2014-2397: Attribute
   classes properly o S8036794, CVE-2014-0461: Manage JavaScript instances
   *

   Backports

   o S8004145: New improved hgforest.sh, ctrl-c now properly
   terminates mercurial processes. o S8007625: race with nested repos in
   /common/bin/hgforest.sh o S8011178: improve common/bin/hgforest.sh python
   detection (MacOS) o S8011342: hgforest.sh : 'python --version' not
   supported on older python o S8011350: hgforest.sh uses non-POSIX sh
   features that may fail with some shells o S8024200: handle hg wrapper with
   space after #! o S8025796: hgforest.sh could trigger unbuffered output
   from hg without complicated machinations o S8028388: 9 jaxws tests failed
   in nightly build with java.lang.ClassCastException o S8031477: [macosx]
   Loading AWT native library fails o S8032370: No "Truncated file" warning
   from IIOReadWarningListener on JPEGImageReader o S8035834:
   InetAddress.getLocalHost() can hang after JDK-8030731 was fixed
   *

   Bug fixes

   o PR1393: JPEG support in build is broken on non-system-libjpeg
   builds o PR1726: configure fails looking for ecj.jar before even trying to
   find javac o Red Hat local: Fix for repo with path statting with / . o
   Remove unused hgforest script

   Security Issue references:

   * CVE-2014-2412
   
   * CVE-2014-2414
   
   * CVE-2014-0458
   
   * CVE-2014-2427
   
   * CVE-2014-2423
   
   * CVE-2014-2402
   
   * CVE-2014-2398
   
   * CVE-2014-0451
   
   * CVE-2014-0452
   
   * CVE-2014-0453
   
   * CVE-2014-0429
   
   * CVE-2014-2403
   
   * CVE-2014-0446
   
   * CVE-2014-0454
   
   * CVE-2013-6629
   
   * CVE-2014-0455
   
   * CVE-2014-2421
   
   * CVE-2014-0456
   
   * CVE-2014-0460
   
   * CVE-2014-0459
   
   * CVE-2013-6954
   
   * CVE-2014-0457
   
   * CVE-2014-2413
   
   * CVE-2014-1876
   
   * CVE-2014-2397
   
   * CVE-2014-0461
   


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Desktop 11 SP3:

      zypper in -t patch sledsp3-java-1_7_0-openjdk-9209

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64):

      java-1_7_0-openjdk-1.7.0.6-0.27.1
      java-1_7_0-openjdk-demo-1.7.0.6-0.27.1
      java-1_7_0-openjdk-devel-1.7.0.6-0.27.1


References:

   https://www.suse.com/security/cve/CVE-2013-6629.html
   https://www.suse.com/security/cve/CVE-2013-6954.html
   https://www.suse.com/security/cve/CVE-2014-0429.html
   https://www.suse.com/security/cve/CVE-2014-0446.html
   https://www.suse.com/security/cve/CVE-2014-0451.html
   https://www.suse.com/security/cve/CVE-2014-0452.html
   https://www.suse.com/security/cve/CVE-2014-0453.html
   https://www.suse.com/security/cve/CVE-2014-0454.html
   https://www.suse.com/security/cve/CVE-2014-0455.html
   https://www.suse.com/security/cve/CVE-2014-0456.html
   https://www.suse.com/security/cve/CVE-2014-0457.html
   https://www.suse.com/security/cve/CVE-2014-0458.html
   https://www.suse.com/security/cve/CVE-2014-0459.html
   https://www.suse.com/security/cve/CVE-2014-0460.html
   https://www.suse.com/security/cve/CVE-2014-0461.html
   https://www.suse.com/security/cve/CVE-2014-1876.html
   https://www.suse.com/security/cve/CVE-2014-2397.html
   https://www.suse.com/security/cve/CVE-2014-2398.html
   https://www.suse.com/security/cve/CVE-2014-2402.html
   https://www.suse.com/security/cve/CVE-2014-2403.html
   https://www.suse.com/security/cve/CVE-2014-2412.html
   https://www.suse.com/security/cve/CVE-2014-2413.html
   https://www.suse.com/security/cve/CVE-2014-2414.html
   https://www.suse.com/security/cve/CVE-2014-2421.html
   https://www.suse.com/security/cve/CVE-2014-2423.html
   https://www.suse.com/security/cve/CVE-2014-2427.html
   https://bugzilla.novell.com/873873
   https://scc.suse.com:443/patches/

SuSE: 2014:0639-1: important: OpenJDK

May 14, 2014
An update that fixes 26 vulnerabilities is now available

Summary

This java-1_7_0-openjdk update to version 2.4.7 fixes the following security and non-security issues: * Security fixes o S8023046: Enhance splashscreen support o S8025005: Enhance CORBA initializations o S8025010, CVE-2014-2412: Enhance AWT contexts o S8025030, CVE-2014-2414: Enhance stream handling o S8025152, CVE-2014-0458: Enhance activation set up o S8026067: Enhance signed jar verification o S8026163, CVE-2014-2427: Enhance media provisioning o S8026188, CVE-2014-2423: Enhance envelope factory o S8026200: Enhance RowSet Factory o S8026716, CVE-2014-2402: (aio) Enhance asynchronous channel handling o S8026736, CVE-2014-2398: Enhance Javadoc pages o S8026797, CVE-2014-0451: Enhance data transfers o S8026801, CVE-2014-0452: Enhance endpoint addressing o S8027766, CVE-2014-0453: Enhance RSA processing o S8027775: Enhance ICU code. o S8027841, CVE-2014-0429: Enhance pixel manipulations o S8028385: Enhance RowSet Factory o S8029282, ...

Read the Full Advisory

References

#873873

Cross- CVE-2013-6629 CVE-2013-6954 CVE-2014-0429

CVE-2014-0446 CVE-2014-0451 CVE-2014-0452

CVE-2014-0453 CVE-2014-0454 CVE-2014-0455

CVE-2014-0456 CVE-2014-0457 CVE-2014-0458

CVE-2014-0459 CVE-2014-0460 CVE-2014-0461

CVE-2014-1876 CVE-2014-2397 CVE-2014-2398

CVE-2014-2402 CVE-2014-2403 CVE-2014-2412

CVE-2014-2413 CVE-2014-2414 CVE-2014-2421

CVE-2014-2423 CVE-2014-2427

Affected Products:

SUSE Linux Enterprise Desktop 11 SP3

https://www.suse.com/security/cve/CVE-2013-6629.html

https://www.suse.com/security/cve/CVE-2013-6954.html

https://www.suse.com/security/cve/CVE-2014-0429.html

https://www.suse.com/security/cve/CVE-2014-0446.html

https://www.suse.com/security/cve/CVE-2014-0451.html

https://www.suse.com/security/cve/CVE-2014-0452.html

https://www.suse.com/security/cve/CVE-2014-0453.html

...

Read the Full Advisory

Severity
Announcement ID: SUSE-SU-2014:0639-1
Rating: important

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved