{"affected":[{"ecosystem_specific":{"binaries":[{"java-1_7_0-openjdk":"1.7.0.121-36.2","java-1_7_0-openjdk-headless":"1.7.0.121-36.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Desktop 12 SP1","name":"java-1_7_0-openjdk","purl":"pkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.7.0.121-36.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-1_7_0-openjdk":"1.7.0.121-36.2","java-1_7_0-openjdk-headless":"1.7.0.121-36.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Desktop 12 SP2","name":"java-1_7_0-openjdk","purl":"pkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.7.0.121-36.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-1_7_0-openjdk":"1.7.0.121-36.2","java-1_7_0-openjdk-demo":"1.7.0.121-36.2","java-1_7_0-openjdk-devel":"1.7.0.121-36.2","java-1_7_0-openjdk-headless":"1.7.0.121-36.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for Raspberry Pi 12 SP2","name":"java-1_7_0-openjdk","purl":"pkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.7.0.121-36.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-1_7_0-openjdk":"1.7.0.121-36.2","java-1_7_0-openjdk-demo":"1.7.0.121-36.2","java-1_7_0-openjdk-devel":"1.7.0.121-36.2","java-1_7_0-openjdk-headless":"1.7.0.121-36.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP1","name":"java-1_7_0-openjdk","purl":"pkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.7.0.121-36.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-1_7_0-openjdk":"1.7.0.121-36.2","java-1_7_0-openjdk-demo":"1.7.0.121-36.2","java-1_7_0-openjdk-devel":"1.7.0.121-36.2","java-1_7_0-openjdk-headless":"1.7.0.121-36.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP1","name":"java-1_7_0-openjdk","purl":"pkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.7.0.121-36.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-1_7_0-openjdk":"1.7.0.121-36.2","java-1_7_0-openjdk-demo":"1.7.0.121-36.2","java-1_7_0-openjdk-devel":"1.7.0.121-36.2","java-1_7_0-openjdk-headless":"1.7.0.121-36.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP2","name":"java-1_7_0-openjdk","purl":"pkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.7.0.121-36.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-1_7_0-openjdk":"1.7.0.121-36.2","java-1_7_0-openjdk-demo":"1.7.0.121-36.2","java-1_7_0-openjdk-devel":"1.7.0.121-36.2","java-1_7_0-openjdk-headless":"1.7.0.121-36.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP2","name":"java-1_7_0-openjdk","purl":"pkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.7.0.121-36.2"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"\nThis update for java-1_7_0-openjdk fixes the following issues:\n\n- Update to 2.6.8 - OpenJDK 7u121\n  * Security fixes\n    + S8151921: Improved page resolution\n    + S8155968: Update command line options\n    + S8155973, CVE-2016-5542: Tighten jar checks (bsc#1005522)\n    + S8157176: Improved classfile parsing\n    + S8157739, CVE-2016-5554: Classloader Consistency Checking\n      (bsc#1005523)\n    + S8157749: Improve handling of DNS error replies\n    + S8157753: Audio replay enhancement\n    + S8157759: LCMS Transform Sampling Enhancement\n    + S8157764: Better handling of interpolation plugins\n    + S8158302: Handle contextual glyph substitutions\n    + S8158993, CVE-2016-5568: Service Menu services (bsc#1005525)\n    + S8159495: Fix index offsets\n    + S8159503: Amend Annotation Actions\n    + S8159511: Stack map validation\n    + S8159515: Improve indy validation\n    + S8159519, CVE-2016-5573: Reformat JDWP messages (bsc#1005526)\n    + S8160090: Better signature handling in pack200\n    + S8160094: Improve pack200 layout\n    + S8160098: Clean up color profiles\n    + S8160591, CVE-2016-5582: Improve internal array handling\n      (bsc#1005527)\n    + S8160838, CVE-2016-5597: Better HTTP service (bsc#1005528)\n    + PR3207, RH1367357: lcms2: Out-of-bounds read in\n      Type_MLU_Read()\n    + CVE-2016-5556 (bsc#1005524)\n  * Import of OpenJDK 7 u121 build 0\n    + S6624200: Regression test fails:\n      test/closed/javax/swing/JMenuItem/4654927/bug4654927.java\n    + S6882559: new JEditorPane('text/plain','') fails for null\n      context class loader\n    + S7090158: Networking Libraries don't build with javac -Werror\n    + S7125055: ContentHandler.getContent API changed in error\n    + S7145960: sun/security/mscapi/ShortRSAKey1024.sh failing on\n      windows\n    + S7187051: ShortRSAKeynnn.sh tests should do cleanup before\n      start test\n    + S8000626: Implement dead key detection for KeyEvent on Linux\n    + S8003890: corelibs test scripts should pass TESTVMOPTS\n    + S8005629: javac warnings compiling\n      java.awt.EventDispatchThread and sun.awt.X11.XIconWindow\n    + S8010297: Missing isLoggable() checks in logging code\n    + S8010782: clean up source files containing carriage return\n      characters\n    + S8014431: cleanup warnings indicated by the -Wunused-value\n      compiler option on linux\n    + S8015265: revise the fix for 8007037\n    + S8016747: Replace deprecated PlatformLogger isLoggable(int)\n      with isLoggable(Level)\n    + S8020708: NLS mnemonics missing in SwingSet2/JInternalFrame\n      demo\n    + S8024756: method grouping tabs are not selectable\n    + S8026741: jdk8 l10n resource file translation update 5\n    + S8048147: Privilege tests with JAAS Subject.doAs\n    + S8048357: PKCS basic tests\n    + S8049171: Additional tests for jarsigner's warnings\n    + S8059177: jdk8u40 l10n resource file translation update 1\n    + S8075584: test for 8067364 depends on hardwired text advance\n    + S8076486: [TESTBUG]\n      javax/security/auth/Subject/doAs/NestedActions.java fails if\n      extra VM options are given\n    + S8077953: [TEST_BUG]\n      com/sun/management/OperatingSystemMXBean/TestTotalSwap.java\n      Compilation failed after JDK-8077387\n    + S8080628: No mnemonics on Open and Save buttons in\n      JFileChooser\n    + S8083601: jdk8u60 l10n resource file translation update 2\n    + S8140530: Creating a VolatileImage with size 0,0 results in\n      no longer working g2d.drawString\n    + S8142926: OutputAnalyzer's shouldXXX() calls return this\n    + S8143134: L10n resource file translation update\n    + S8147077: IllegalArgumentException thrown by\n      api/java_awt/Component/FlipBufferStrategy/indexTGF_General\n    + S8148127: IllegalArgumentException thrown by JCK test\n      api/java_awt/Component/FlipBufferStrategy/indexTGF_General in\n      opengl pipeline\n    + S8150611: Security problem on sun.misc.resources.Messages*\n    + S8157653: [Parfait] Uninitialised variable in awt_Font.cpp\n    + S8158734: JEditorPane.createEditorKitForContentType throws\n      NPE after 6882559\n    + S8159684: (tz) Support tzdata2016f\n    + S8160934: isnan() is not available on older MSVC compilers\n    + S8162411: Service Menu services 2\n    + S8162419: closed/com/oracle/jfr/runtime/TestVMInfoEvent.sh\n      failing after JDK-8155968\n    + S8162511: 8u111 L10n resource file updates\n    + S8162792: Remove constraint DSA keySize < 1024 from\n      jdk.jar.disabledAlgorithms in jdk8\n    + S8164452: 8u111 L10n resource file update - msgdrop 20\n    + S8165816: jarsigner -verify shows jar unsigned if it was\n      signed with a weak algorithm\n    + S8166381: Back out changes to the java.security file to not\n      disable MD5\n  * Backports\n    + S6604109, PR3162: \n      javax.print.PrintServiceLookup.lookupPrintServices fails\n      SOMETIMES for Cups\n    + S6907252, PR3162: ZipFileInputStream Not Thread-Safe\n    + S8024046, PR3162: Test sun/security/krb5/runNameEquals.sh\n      failed on 7u45 Embedded linux-ppc*\n    + S8028479, PR3162: runNameEquals still cannot precisely detect\n      if a usable native krb5 is available\n    + S8034057, PR3162: Files.getFileStore and Files.isWritable do\n      not work with SUBST'ed drives (win)\n    + S8038491, PR3162: Improve synchronization in ZipFile.read()\n    + S8038502, PR3162: Deflater.needsInput() should use\n      synchronization\n    + S8059411, PR3162: RowSetWarning does not correctly chain\n      warnings\n    + S8062198, PR3162: Add RowSetMetaDataImpl Tests and add column\n      range validation to isdefinitlyWritable\n    + S8066188, PR3162: BaseRowSet returns the wrong default value\n      for escape processing\n    + S8072466, PR3162: Deadlock when initializing MulticastSocket\n      and DatagramSocket\n    + S8075118, PR3162: JVM stuck in infinite loop during\n      verification\n    + S8076579, PR3162: Popping a stack frame after exception\n      breakpoint sets last method param to exception\n    + S8078495, PR3162: End time checking for native TGT is wrong\n    + S8078668, PR3162: jar usage string mentions unsupported\n      option '-n'\n    + S8080115, PR3162: (fs) Crash in libgio when calling\n      Files.probeContentType(path) from parallel threads\n    + S8081794, PR3162: ParsePosition getErrorIndex returns 0 for\n      TimeZone parsing problem\n    + S8129957, PR3162: Deadlock in JNDI LDAP implementation when\n      closing the LDAP context\n    + S8130136, PR3162: Swing window sometimes fails to repaint\n      partially when it becomes exposed\n    + S8130274, PR3162: java/nio/file/FileStore/Basic.java fails\n      when two successive stores in an iteration are determined to\n      be equal\n    + S8132551, PR3162: Initialize local variables before returning\n      them in p11_convert.c\n    + S8133207, PR3162: [TEST_BUG] ParallelProbes.java test fails\n      after changes for JDK-8080115\n    + S8133666, PR3162: OperatingSystemMXBean reports abnormally\n      high machine CPU consumption on Linux\n    + S8135002, PR3162: Fix or remove broken links in\n      objectMonitor.cpp comments\n    + S8137121, PR3162: (fc) Infinite loop FileChannel.truncate\n    + S8137230, PR3162: TEST_BUG:\n      java/nio/channels/FileChannel/LoopingTruncate.java timed out\n    + S8139373, PR3162: [TEST_BUG]\n      java/net/MulticastSocket/MultiDead.java failed with timeout\n    + S8140249, PR3162: JVM Crashing During startUp If Flight\n      Recording is enabled\n    + S8141491, PR3160, G592292: Unaligned memory access in Bits.c\n    + S8144483, PR3162: One long Safepoint pause directly after\n      each GC log rotation\n    + S8149611, PR3160, G592292: Add tests for\n      Unsafe.copySwapMemory\n  * Bug fixes\n    + S8078628, PR3151: Zero build fails with pre-compiled headers\n      disabled\n    + PR3128: pax-mark-vm script calls 'exit -1' which is invalid\n      in dash\n    + PR3131: PaX marking fails on filesystems which don't support\n      extended attributes\n    + PR3135: Makefile.am rule\n      stamps/add/tzdata-support-debug.stamp has a typo in\n      add-tzdata dependency\n    + PR3141: Pass $(CC) and $(CXX) to OpenJDK build\n    + PR3166: invalid zip timestamp handling leads to error\n      building bootstrap-javac\n    + PR3202: Update infinality configure test\n    + PR3212: Disable ARM32 JIT by default\n  * CACAO\n    + PR3136: CACAO is broken due to 2 new native methods in\n      sun.misc.Unsafe (from S8158260)\n* JamVM\n    + PR3134: JamVM is broken due to 2 new native methods in\n      sun.misc.Unsafe (from S8158260)\n* AArch64 port\n    + S8167200, PR3204: AArch64: Broken stack pointer adjustment\n      in interpreter\n    + S8168888: Port 8160591: Improve internal array handling to\n      AArch64.\n    + PR3211: AArch64 build fails with pre-compiled headers\n      disabled\n- Changed patch:\n  * java-1_7_0-openjdk-gcc6.patch\n    + Rediff to changed context\n\n- Disable arm32 JIT, since its build broken\n  (http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=2942)\n\n","id":"SUSE-SU-2016:2953-1","modified":"2016-11-30T09:44:33Z","published":"2016-11-30T09:44:33Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2016/suse-su-20162953-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1005522"},{"type":"REPORT","url":"https://bugzilla.suse.com/1005523"},{"type":"REPORT","url":"https://bugzilla.suse.com/1005524"},{"type":"REPORT","url":"https://bugzilla.suse.com/1005525"},{"type":"REPORT","url":"https://bugzilla.suse.com/1005526"},{"type":"REPORT","url":"https://bugzilla.suse.com/1005527"},{"type":"REPORT","url":"https://bugzilla.suse.com/1005528"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5542"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5554"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5556"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5568"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5573"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5582"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5597"}],"related":["CVE-2016-5542","CVE-2016-5554","CVE-2016-5556","CVE-2016-5568","CVE-2016-5573","CVE-2016-5582","CVE-2016-5597"],"summary":"Security update for java-1_7_0-openjdk","upstream":["CVE-2016-5542","CVE-2016-5554","CVE-2016-5556","CVE-2016-5568","CVE-2016-5573","CVE-2016-5582","CVE-2016-5597"]}