Beschreibung: | Summary: The remote host is missing an update for the 'java-1_7_0-openjdk' package(s) announced via the referenced advisory.
Vulnerability Insight: OpenJDK was updated to icedtea 2.5.3 (OpenJDK 7u71) fixing security issues and bugs.
* Security:
- S8015256: Better class accessibility
- S8022783, CVE-2014-6504: Optimize C2 optimizations
- S8035162: Service printing service
- S8035781: Improve equality for annotations
- S8036805: Correct linker method lookup.
- S8036810: Correct linker field lookup
- S8036936: Use local locales
- S8037066, CVE-2014-6457: Secure transport layer
- S8037846, CVE-2014-6558: Ensure streaming of input cipher streams
- S8038364: Use certificate exceptions correctly
- S8038899: Safer safepoints
- S8038903: More native monitor monitoring
- S8038908: Make Signature more robust
- S8038913: Bolster XML support
- S8039509, CVE-2014-6512: Wrap sockets more thoroughly
- S8039533, CVE-2014-6517: Higher resolution resolvers
- S8041540, CVE-2014-6511: Better use of pages in font processing
- S8041529: Better parameterization of parameter lists
- S8041545: Better validation of generated rasters
- S8041564, CVE-2014-6506: Improved management of logger resources
- S8041717, CVE-2014-6519: Issue with class file parser
- S8042609, CVE-2014-6513: Limit splashiness of splash images
- S8042797, CVE-2014-6502: Avoid strawberries in LogRecord
- S8044274, CVE-2014-6531: Proper property processing
* Backports:
- S4963723: Implement SHA-224
- S7044060: Need to support NSA Suite B Cryptography algorithms
- S7122142: (ann) Race condition between isAnnotationPresent and getAnnotations
- S7160837: DigestOutputStream does not turn off digest calculation when 'close()' is called
- S8006935: Need to take care of long secret keys in HMAC/PRF computation
- S8012637: Adjust CipherInputStream class to work in AEAD/GCM mode
- S8028192: Use of PKCS11-NSS provider in FIPS mode broken
- S8038000: java.awt.image.RasterFormatException: Incorrect scanline stride
- S8039396: NPE when writing a class descriptor object to a custom ObjectOutputStream
- S8042603:'SafepointPollOffset' was not declared in static member function 'static bool Arguments::check_vm_args_consistency()'
- S8042850: Extra unused entries in ICU ScriptCodes enum
- S8052162: REGRESSION: sun/java2d/cmm/ColorConvertOp tests fail since 7u71 b01
- S8053963: (dc) Use DatagramChannel.receive() instead of read() in connect()
- S8055176: 7u71 l10n resource file translation update
* Bugfixes:
- PR1988: C++ Interpreter should no longer be used on ppc64
- PR1989: Make jdk_generic_profile.sh handle missing programs better and be mo ...
Description truncated, please see the referenced URL(s) for more information.
Affected Software/OS: java-1_7_0-openjdk on SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Desktop 12
Solution: Please install the updated package(s).
CVSS Score: 10.0
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
|