openSUSE Security Update: Security update for java-11-openjdk
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2018:3235-1
Rating:             moderate
References:         #1111162 #1112142 #1112143 #1112144 #1112145 
                    #1112146 #1112147 #1112148 #1112149 
Cross-References:   CVE-2018-3136 CVE-2018-3139 CVE-2018-3149
                    CVE-2018-3150 CVE-2018-3157 CVE-2018-3169
                    CVE-2018-3180 CVE-2018-3183
Affected Products:
                    openSUSE Leap 15.0
______________________________________________________________________________

   An update that solves 8 vulnerabilities and has one errata
   is now available.

Description:

   This update for java-11-openjdk fixes the following issues:

   Update to upstream tag jdk-11.0.1+13 (Oracle October 2018 CPU)

   Security fixes:

   - S8202936, CVE-2018-3183, bsc#1112148: Improve script engine support
   - S8199226, CVE-2018-3169, bsc#1112146: Improve field accesses
   - S8199177, CVE-2018-3149, bsc#1112144: Enhance JNDI lookups
   - S8202613, CVE-2018-3180, bsc#1112147: Improve TLS connections stability
   - S8208209, CVE-2018-3180, bsc#1112147: Improve TLS connection stability
     again
   - S8199172, CVE-2018-3150, bsc#1112145: Improve jar attribute checks
   - S8200648, CVE-2018-3157, bsc#1112149: Make midi code more sound
   - S8194534, CVE-2018-3136, bsc#1112142: Manifest better support
   - S8208754, CVE-2018-3136, bsc#1112142: The fix for JDK-8194534 needs
     updates
   - S8196902, CVE-2018-3139, bsc#1112143: Better HTTP Redirection

   Security-In-Depth fixes:

   - S8194546: Choosier FileManagers   - S8195874: Improve jar specification adherence
   - S8196897: Improve PRNG support
   - S8197881: Better StringBuilder support
   - S8201756: Improve cipher inputs
   - S8203654: Improve cypher state updates
   - S8204497: Better formatting of decimals
   - S8200666: Improve LDAP support
   - S8199110: Address Internet Addresses

   Update to upstream tag jdk-11+28 (OpenJDK 11 rc1)

   - S8207317: SSLEngine negotiation fail exception behavior changed from
     fail-fast to fail-lazy
   - S8207838: AArch64: Float registers incorrectly restored in JNI call
   - S8209637: [s390x] Interpreter doesn't call result handler after native
     calls
   - S8209670: CompilerThread releasing code buffer in destructor is unsafe
   - S8209735: Disable avx512 by default
   - S8209806: API docs should be updated to refer to javase11
   - Report version without the "-internal" postfix

   - Don't build against gdk making the accessibility depend on a particular
     version of gtk.

   Update to upstream tag jdk-11+27

   - S8031761: [TESTBUG] Add a regression test for JDK-8026328
   - S8151259: [TESTBUG] nsk/jvmti/RedefineClasses/redefclass030 fails with
     "unexpected values of outer fields of the class" when running with -Xcomp
   - S8164639: Configure PKCS11 tests to use user-supplied NSS libraries
   - S8189667: Desktop#moveToTrash expects incorrect "<>"
     FilePermission
   - S8194949: [Graal] gc/TestNUMAPageSize.java fail with OOM in
     -Xcomp
   - S8195156: [Graal] serviceability/jvmti/GetModulesInfo/
     /JvmtiGetAllModulesTest.java fails with Graal in Xcomp mode
   - S8199081: [Testbug] compiler/linkage/LinkageErrors.java fails if run
     twice
   - S8201394: Update java.se module summary to reflect removal of java.se.ee
     module
   - S8204931: Colors with alpha are painted incorrectly on Linux
   - S8204966: [TESTBUG] hotspot/test/compiler/whitebox/
     /IsMethodCompilableTest.java test fails with
     -XX:CompileThreshold=1
   - S8205608: Fix 'frames()' in ThreadReferenceImpl.c to prevent quadratic
     runtime behavior
   - S8205687: TimeoutHandler generates huge core files
   - S8206176: Remove the temporary tls13VN field
   - S8206258: [Test Error] sun/security/pkcs11 tests fail if NSS libs not
     found
   - S8206965: java/util/TimeZone/Bug8149452.java failed on de_DE and ja_JP
     locale.
   - S8207009: TLS 1.3 half-close and synchronization issues
   - S8207046: arm32 vm crash: C1 arm32 platform functions parameters type
     mismatch
   - S8207139: NMT is not enabled on Windows 2016/10
   - S8207237: SSLSocket#setEnabledCipherSuites is accepting empty string
   - S8207355: C1 compilation hangs in
     ComputeLinearScanOrder::compute_dominator
   - S8207746: C2: Lucene crashes on AVX512 instruction
   - S8207765: HeapMonitorTest.java intermittent failure
   - S8207944: java.lang.ClassFormatError: Extra bytes at the end
     of class file test" possibly violation of JVMS 4.7.1
   - S8207948: JDK 11 L10n resource file update msg drop 10
   - S8207966: HttpClient response without content-length does not return body
   - S8208125: Cannot input text into JOptionPane Text Input Dialog
   - S8208164: (str) improve specification of String::lines
   - S8208166: Still unable to use custom SSLEngine with default
     TrustManagerFactory after JDK-8207029
   - S8208189: ProblemList compiler/graalunit/JttThreadsTest.java
   - S8208205: ProblemList tests that fail due to 'Error attaching to
     process: Can't create thread_db agent!'
   - S8208226: ProblemList com/sun/jdi/BasicJDWPConnectionTest.java
   - S8208251: serviceability/jvmti/HeapMonitor/MyPackage/
     /HeapMonitorGCCMSTest.java fails intermittently on Linux-X64
   - S8208305: ProblemList compiler/jvmci/compilerToVM/GetFlagValueTest.java
   - S8208347: ProblemList
     compiler/cpuflags/TestAESIntrinsicsOnSupportedConfig.java
   - S8208353: Upgrade JDK 11 to libpng 1.6.35
   - S8208358: update bug ids mentioned in tests
   - S8208370: fix typo in ReservedStack tests' @requires
   - S8208391: Differentiate response and connect timeouts in HTTP Client API
   - S8208466: Fix potential memory leak in harfbuzz shaping.
   - S8208496: New Test to verify concurrent behavior of TLS.
   - S8208521: ProblemList more tests that fail due to 'Error attaching to
     process: Can't create thread_db agent!'
   - S8208640: [a11y] [macos] Unable to navigate between Radiobuttons in
     Radio group using keyboard.
   - S8208663: JDK 11 L10n resource file update msg drop 20
   - S8208676: Missing NULL check and resource leak in
     NetworkPerformanceInterface::NetworkPerformance::network_utilization
   - S8208691: Tighten up jdk.includeInExceptions security property
   - S8209011: [TESTBUG] AArch64: sun/security/pkcs11/Secmod/
     /TestNssDbSqlite.java fails in aarch64 platforms
   - S8209029: ProblemList tests that fail due to 'Error attaching to
     process: Can't create thread_db agent!' in jdk-11+25 testing
   - S8209149: [TESTBUG] runtime/RedefineTests/ /RedefineRunningMethods.java
     needs a longer timeout
   - S8209451: Please change jdk 11 milestone to FCS
   - S8209452: VerifyCACerts.java failed with "At least one cacert test
     failed"
   - S8209506: Add Google Trust Services GlobalSign root certificates
   - S8209537: Two security tests failed after JDK-8164639 due to dependency
     was missed

   This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

   To install this openSUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Leap 15.0:

      zypper in -t patch openSUSE-2018-1205=1



Package List:

   - openSUSE Leap 15.0 (x86_64):

      java-11-openjdk-11.0.1.0-lp150.2.6.1
      java-11-openjdk-accessibility-11.0.1.0-lp150.2.6.1
      java-11-openjdk-accessibility-debuginfo-11.0.1.0-lp150.2.6.1
      java-11-openjdk-debuginfo-11.0.1.0-lp150.2.6.1
      java-11-openjdk-debugsource-11.0.1.0-lp150.2.6.1
      java-11-openjdk-demo-11.0.1.0-lp150.2.6.1
      java-11-openjdk-devel-11.0.1.0-lp150.2.6.1
      java-11-openjdk-headless-11.0.1.0-lp150.2.6.1
      java-11-openjdk-jmods-11.0.1.0-lp150.2.6.1
      java-11-openjdk-src-11.0.1.0-lp150.2.6.1

   - openSUSE Leap 15.0 (noarch):

      java-11-openjdk-javadoc-11.0.1.0-lp150.2.6.1


References:

   https://www.suse.com/security/cve/CVE-2018-3136.html
   https://www.suse.com/security/cve/CVE-2018-3139.html
   https://www.suse.com/security/cve/CVE-2018-3149.html
   https://www.suse.com/security/cve/CVE-2018-3150.html
   https://www.suse.com/security/cve/CVE-2018-3157.html
   https://www.suse.com/security/cve/CVE-2018-3169.html
   https://www.suse.com/security/cve/CVE-2018-3180.html
   https://www.suse.com/security/cve/CVE-2018-3183.html
   https://bugzilla.suse.com/1111162
   https://bugzilla.suse.com/1112142
   https://bugzilla.suse.com/1112143
   https://bugzilla.suse.com/1112144
   https://bugzilla.suse.com/1112145
   https://bugzilla.suse.com/1112146
   https://bugzilla.suse.com/1112147
   https://bugzilla.suse.com/1112148
   https://bugzilla.suse.com/1112149

--

openSUSE: 2018:3235-1: moderate: java-11-openjdk

October 19, 2018
An update that solves 8 vulnerabilities and has one errata is now available.

Description

This update for java-11-openjdk fixes the following issues: Update to upstream tag jdk-11.0.1+13 (Oracle October 2018 CPU) Security fixes: - S8202936, CVE-2018-3183, bsc#1112148: Improve script engine support - S8199226, CVE-2018-3169, bsc#1112146: Improve field accesses - S8199177, CVE-2018-3149, bsc#1112144: Enhance JNDI lookups - S8202613, CVE-2018-3180, bsc#1112147: Improve TLS connections stability - S8208209, CVE-2018-3180, bsc#1112147: Improve TLS connection stability again - S8199172, CVE-2018-3150, bsc#1112145: Improve jar attribute checks - S8200648, CVE-2018-3157, bsc#1112149: Make midi code more sound - S8194534, CVE-2018-3136, bsc#1112142: Manifest better support - S8208754, CVE-2018-3136, bsc#1112142: The fix for JDK-8194534 needs updates - S8196902, CVE-2018-3139, bsc#1112143: Better HTTP Redirection Security-In-Depth fixes: - S8194546: Choosier FileManagers - S8195874: Improve jar specification adherence - S8196897: Improve PRNG support - S8197881: Better StringBuilder support - S8201756: Improve cipher inputs - S8203654: Improve cypher state updates - S8204497: Better formatting of decimals - S8200666: Improve LDAP support - S8199110: Address Internet Addresses Update to upstream tag jdk-11+28 (OpenJDK 11 rc1) - S8207317: SSLEngine negotiation fail exception behavior changed from fail-fast to fail-lazy - S8207838: AArch64: Float registers incorrectly restored in JNI call - S8209637: [s390x] Interpreter doesn't call result handler after native calls - S8209670: CompilerThread releasing code buffer in destructor is unsafe - S8209735: Disable avx512 by default - S8209806: API docs should be updated to refer to javase11 - Report version without the "-internal" postfix - Don't build against gdk making the accessibility depend on a particular version of gtk. Update to upstream tag jdk-11+27 - S8031761: [TESTBUG] Add a regression test for JDK-8026328 - S8151259: [TESTBUG] nsk/jvmti/RedefineClasses/redefclass030 fails with "unexpected values of outer fields of the class" when running with -Xcomp - S8164639: Configure PKCS11 tests to use user-supplied NSS libraries - S8189667: Desktop#moveToTrash expects incorrect "<>" FilePermission - S8194949: [Graal] gc/TestNUMAPageSize.java fail with OOM in -Xcomp - S8195156: [Graal] serviceability/jvmti/GetModulesInfo/ /JvmtiGetAllModulesTest.java fails with Graal in Xcomp mode - S8199081: [Testbug] compiler/linkage/LinkageErrors.java fails if run twice - S8201394: Update java.se module summary to reflect removal of java.se.ee module - S8204931: Colors with alpha are painted incorrectly on Linux - S8204966: [TESTBUG] hotspot/test/compiler/whitebox/ /IsMethodCompilableTest.java test fails with -XX:CompileThreshold=1 - S8205608: Fix 'frames()' in ThreadReferenceImpl.c to prevent quadratic runtime behavior - S8205687: TimeoutHandler generates huge core files - S8206176: Remove the temporary tls13VN field - S8206258: [Test Error] sun/security/pkcs11 tests fail if NSS libs not found - S8206965: java/util/TimeZone/Bug8149452.java failed on de_DE and ja_JP locale. - S8207009: TLS 1.3 half-close and synchronization issues - S8207046: arm32 vm crash: C1 arm32 platform functions parameters type mismatch - S8207139: NMT is not enabled on Windows 2016/10 - S8207237: SSLSocket#setEnabledCipherSuites is accepting empty string - S8207355: C1 compilation hangs in ComputeLinearScanOrder::compute_dominator - S8207746: C2: Lucene crashes on AVX512 instruction - S8207765: HeapMonitorTest.java intermittent failure - S8207944: java.lang.ClassFormatError: Extra bytes at the end of class file test" possibly violation of JVMS 4.7.1 - S8207948: JDK 11 L10n resource file update msg drop 10 - S8207966: HttpClient response without content-length does not return body - S8208125: Cannot input text into JOptionPane Text Input Dialog - S8208164: (str) improve specification of String::lines - S8208166: Still unable to use custom SSLEngine with default TrustManagerFactory after JDK-8207029 - S8208189: ProblemList compiler/graalunit/JttThreadsTest.java - S8208205: ProblemList tests that fail due to 'Error attaching to process: Can't create thread_db agent!' - S8208226: ProblemList com/sun/jdi/BasicJDWPConnectionTest.java - S8208251: serviceability/jvmti/HeapMonitor/MyPackage/ /HeapMonitorGCCMSTest.java fails intermittently on Linux-X64 - S8208305: ProblemList compiler/jvmci/compilerToVM/GetFlagValueTest.java - S8208347: ProblemList compiler/cpuflags/TestAESIntrinsicsOnSupportedConfig.java - S8208353: Upgrade JDK 11 to libpng 1.6.35 - S8208358: update bug ids mentioned in tests - S8208370: fix typo in ReservedStack tests' @requires - S8208391: Differentiate response and connect timeouts in HTTP Client API - S8208466: Fix potential memory leak in harfbuzz shaping. - S8208496: New Test to verify concurrent behavior of TLS. - S8208521: ProblemList more tests that fail due to 'Error attaching to process: Can't create thread_db agent!' - S8208640: [a11y] [macos] Unable to navigate between Radiobuttons in Radio group using keyboard. - S8208663: JDK 11 L10n resource file update msg drop 20 - S8208676: Missing NULL check and resource leak in NetworkPerformanceInterface::NetworkPerformance::network_utilization - S8208691: Tighten up jdk.includeInExceptions security property - S8209011: [TESTBUG] AArch64: sun/security/pkcs11/Secmod/ /TestNssDbSqlite.java fails in aarch64 platforms - S8209029: ProblemList tests that fail due to 'Error attaching to process: Can't create thread_db agent!' in jdk-11+25 testing - S8209149: [TESTBUG] runtime/RedefineTests/ /RedefineRunningMethods.java needs a longer timeout - S8209451: Please change jdk 11 milestone to FCS - S8209452: VerifyCACerts.java failed with "At least one cacert test failed" - S8209506: Add Google Trust Services GlobalSign root certificates - S8209537: Two security tests failed after JDK-8164639 due to dependency was missed This update was imported from the SUSE:SLE-15:Update update project.

 

Patch

Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.0: zypper in -t patch openSUSE-2018-1205=1


Package List

- openSUSE Leap 15.0 (x86_64): java-11-openjdk-11.0.1.0-lp150.2.6.1 java-11-openjdk-accessibility-11.0.1.0-lp150.2.6.1 java-11-openjdk-accessibility-debuginfo-11.0.1.0-lp150.2.6.1 java-11-openjdk-debuginfo-11.0.1.0-lp150.2.6.1 java-11-openjdk-debugsource-11.0.1.0-lp150.2.6.1 java-11-openjdk-demo-11.0.1.0-lp150.2.6.1 java-11-openjdk-devel-11.0.1.0-lp150.2.6.1 java-11-openjdk-headless-11.0.1.0-lp150.2.6.1 java-11-openjdk-jmods-11.0.1.0-lp150.2.6.1 java-11-openjdk-src-11.0.1.0-lp150.2.6.1 - openSUSE Leap 15.0 (noarch): java-11-openjdk-javadoc-11.0.1.0-lp150.2.6.1


References

https://www.suse.com/security/cve/CVE-2018-3136.html https://www.suse.com/security/cve/CVE-2018-3139.html https://www.suse.com/security/cve/CVE-2018-3149.html https://www.suse.com/security/cve/CVE-2018-3150.html https://www.suse.com/security/cve/CVE-2018-3157.html https://www.suse.com/security/cve/CVE-2018-3169.html https://www.suse.com/security/cve/CVE-2018-3180.html https://www.suse.com/security/cve/CVE-2018-3183.html https://bugzilla.suse.com/1111162 https://bugzilla.suse.com/1112142 https://bugzilla.suse.com/1112143 https://bugzilla.suse.com/1112144 https://bugzilla.suse.com/1112145 https://bugzilla.suse.com/1112146 https://bugzilla.suse.com/1112147 https://bugzilla.suse.com/1112148 https://bugzilla.suse.com/1112149--


Severity
Announcement ID: openSUSE-SU-2018:3235-1
Rating: moderate
Affected Products: openSUSE Leap 15.0 le.

Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved