Security update for java-1_7_0-openjdk SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:2052-1 Final 1 1 2016-08-11T17:13:26Z current 2016-08-11T17:13:26Z 2016-08-11T17:13:26Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for java-1_7_0-openjdk This update for java-1_7_0-openjdk fixes the following issues: - Update to 2.6.7 - OpenJDK 7u111 * Security fixes - S8079718, CVE-2016-3458: IIOP Input Stream Hooking (bsc#989732) - S8145446, CVE-2016-3485: Perfect pipe placement (Windows only) (bsc#989734) - S8147771: Construction of static protection domains under Javax custom policy - S8148872, CVE-2016-3500: Complete name checking (bsc#989730) - S8149962, CVE-2016-3508: Better delineation of XML processing (bsc#989731) - S8150752: Share Class Data - S8151925: Font reference improvements - S8152479, CVE-2016-3550: Coded byte streams (bsc#989733) - S8155981, CVE-2016-3606: Bolster bytecode verification (bsc#989722) - S8155985, CVE-2016-3598: Persistent Parameter Processing (bsc#989723) - S8158571, CVE-2016-3610: Additional method handle validation (bsc#989725) - CVE-2016-3511 (bsc#989727) - CVE-2016-3503 (bsc#989728) - CVE-2016-3498 (bsc#989729) * Import of OpenJDK 7 u111 build 0 - S6953295: Move few sun.security.{util, x509, pkcs} classes used by keytool/jarsigner to another package - S7060849: Eliminate pack200 build warnings - S7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror - S7069870: Parts of the JDK erroneously rely on generic array initializers with diamond - S7102686: Restructure timestamp code so that jars and modules can more easily share the same code - S7105780: Add SSLSocket client/SSLEngine server to templates directory - S7142339: PKCS7.java is needlessly creating SHA1PRNG SecureRandom instances when timestamping is not done - S7152582: PKCS11 tests should use the NSS libraries available in the OS - S7192202: Make sure keytool prints both unknown and unparseable extensions - S7194449: String resources for Key Tool and Policy Tool should be in their respective packages - S7196855: autotest.sh fails on ubuntu because libsoftokn.so not found - S7200682: TEST_BUG: keytool/autotest.sh still has problems with libsoftokn.so - S8002306: (se) Selector.open fails if invoked with thread interrupt status set [win] - S8009636: JARSigner including TimeStamp PolicyID (TSAPolicyID) as defined in RFC3161 - S8019341: Update CookieHttpsClientTest to use the newer framework. - S8022228: Intermittent test failures in sun/security/ssl/javax/net/ssl/NewAPIs - S8022439: Fix lint warnings in sun.security.ec - S8022594: Potential deadlock in <clinit> of sun.nio.ch.Util/IOUtil - S8023546: sun/security/mscapi/ShortRSAKey1024.sh fails intermittently - S8036612: [parfait] JNI exception pending in jdk/src/windows/native/sun/security/mscapi/security.cpp - S8037557: test SessionCacheSizeTests.java timeout - S8038837: Add support to jarsigner for specifying timestamp hash algorithm - S8079410: Hotspot version to share the same update and build version from JDK - S8130735: javax.swing.TimerQueue: timer fires late when another timer starts - S8139436: sun.security.mscapi.KeyStore might load incomplete data - S8144313: Test SessionTimeOutTests can be timeout - S8146387: Test SSLSession/SessionCacheSizeTests socket accept timed out - S8146669: Test SessionTimeOutTests fails intermittently - S8146993: Several javax/management/remote/mandatory regression tests fail after JDK-8138811 - S8147857: [TEST] RMIConnector logs attribute names incorrectly - S8151841, PR3098: Build needs additional flags to compile with GCC 6 - S8151876: (tz) Support tzdata2016d - S8157077: 8u101 L10n resource file updates - S8161262: Fix jdk build with gcc 4.1.2: -fno-strict-overflow not known. * Import of OpenJDK 7 u111 build 1 - S7081817: test/sun/security/provider/certpath/X509CertPath/IllegalCertificates.java failing - S8140344: add support for 3 digit update release numbers - S8145017: Add support for 3 digit hotspot minor version numbers - S8162344: The API changes made by CR 7064075 need to be reverted * Backports - S2178143, PR2958: JVM crashes if the number of bound CPUs changed during runtime - S4900206, PR3101: Include worst-case rounding tests for Math library functions - S6260348, PR3067: GTK+ L&F JTextComponent not respecting desktop caret blink rate - S6934604, PR3075: enable parts of EliminateAutoBox by default - S7043064, PR3020: sun/java2d/cmm/ tests failed against RI b141 & b138-nightly - S7051394, PR3020: NullPointerException when running regression tests LoadProfileTest by using openjdk-7-b144 - S7086015, PR3013: fix test/tools/javac/parser/netbeans/JavacParserTest.java - S7119487, PR3013: JavacParserTest.java test fails on Windows platforms - S7124245, PR3020: [lcms] ColorConvertOp to color space CS_GRAY apparently converts orange to 244,244,0 - S7159445, PR3013: (javac) emits inaccurate diagnostics for enhanced for-loops - S7175845, PR1437, RH1207129: 'jar uf' changes file permissions unexpectedly - S8005402, PR3020: Need to provide benchmarks for color management - S8005530, PR3020: [lcms] Improve performance of ColorConverOp for default destinations - S8005930, PR3020: [lcms] ColorConvertOp: Alpha channel is not transferred from source to destination. - S8013430, PR3020: REGRESSION: closed/java/awt/color/ICC_Profile/LoadProfileTest/LoadProfileTest.java fails with java.io.StreamCorruptedException: invalid type code: EE since 8b87 - S8014286, PR3075: failed java/lang/Math/DivModTests.java after 6934604 changes - S8014959, PR3075: assert(Compile::current()->live_nodes() < (uint)MaxNodeLimit) failed: Live Node limit exceeded limit - S8019247, PR3075: SIGSEGV in compiled method c8e.e.t_.getArray(Ljava/lang/Class;)[Ljava/lang/Object - S8024511, PR3020: Crash during color profile destruction - S8025429, PR3020: [parfait] warnings from b107 for sun.java2d.cmm: JNI exception pending - S8026702, PR3020: Fix for 8025429 breaks jdk build on windows - S8026780, PR3020, RH1142587: Crash on PPC and PPC v2 for Java_awt test suit - S8047066, PR3020: Test test/sun/awt/image/bug8038000.java fails with ClassCastException - S8069181, PR3012, RH1015612: java.lang.AssertionError when compiling JDK 1.4 code in JDK 8 - S8158260, PR2992, RH1341258: PPC64: unaligned Unsafe.getInt can lead to the generation of illegal instructions (bsc#988651) - S8159244, PR3075: Partially initialized string object created by C2's string concat optimization may escape * Bug fixes - PR2799, RH1195203: Files are missing from resources.jar - PR2900: Don't use WithSeed versions of NSS functions as they don't fully process the seed - PR3091: SystemTap is heavily confused by multiple JDKs - PR3102: Extend 8022594 to AixPollPort - PR3103: Handle case in clean-fonts where linux.fontconfig.Gentoo.properties.old has not been created - PR3111: Provide option to disable SystemTap tests - PR3114: Don't assume system mime.types supports text/x-java-source - PR3115: Add check for elliptic curve cryptography implementation - PR3116: Add tests for Java debug info and source files - PR3118: Path to agpl-3.0.txt not updated - PR3119: Makefile handles cacerts as a symlink, but the configure check doesn't * AArch64 port - S8148328, PR3100: aarch64: redundant lsr instructions in stub code. - S8148783, PR3100: aarch64: SEGV running SpecJBB2013 - S8148948, PR3100: aarch64: generate_copy_longs calls align() incorrectly - S8150045, PR3100: arraycopy causes segfaults in SATB during garbage collection - S8154537, PR3100: AArch64: some integer rotate instructions are never emitted - S8154739, PR3100: AArch64: TemplateTable::fast_xaccess loads in wrong mode - S8157906, PR3100: aarch64: some more integer rotate instructions are never emitted - Enable SunEC for SLE12 and Leap (bsc#982366) - Fix aarch64 running with 48 bits va space (bsc#984684) This update was imported from the SUSE:SLE-12:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2016-08/msg00034.html E-Mail link for openSUSE-SU-2016:2052-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.1 java-1_7_0-openjdk-1.7.0.111-34.1 java-1_7_0-openjdk-accessibility-1.7.0.111-34.1 java-1_7_0-openjdk-bootstrap-1.7.0.111-34.1 java-1_7_0-openjdk-bootstrap-devel-1.7.0.111-34.1 java-1_7_0-openjdk-bootstrap-headless-1.7.0.111-34.1 java-1_7_0-openjdk-demo-1.7.0.111-34.1 java-1_7_0-openjdk-devel-1.7.0.111-34.1 java-1_7_0-openjdk-headless-1.7.0.111-34.1 java-1_7_0-openjdk-javadoc-1.7.0.111-34.1 java-1_7_0-openjdk-src-1.7.0.111-34.1 java-1_7_0-openjdk-1.7.0.111-34.1 as a component of openSUSE Leap 42.1 java-1_7_0-openjdk-accessibility-1.7.0.111-34.1 as a component of openSUSE Leap 42.1 java-1_7_0-openjdk-bootstrap-1.7.0.111-34.1 as a component of openSUSE Leap 42.1 java-1_7_0-openjdk-bootstrap-devel-1.7.0.111-34.1 as a component of openSUSE Leap 42.1 java-1_7_0-openjdk-bootstrap-headless-1.7.0.111-34.1 as a component of openSUSE Leap 42.1 java-1_7_0-openjdk-demo-1.7.0.111-34.1 as a component of openSUSE Leap 42.1 java-1_7_0-openjdk-devel-1.7.0.111-34.1 as a component of openSUSE Leap 42.1 java-1_7_0-openjdk-headless-1.7.0.111-34.1 as a component of openSUSE Leap 42.1 java-1_7_0-openjdk-javadoc-1.7.0.111-34.1 as a component of openSUSE Leap 42.1 java-1_7_0-openjdk-src-1.7.0.111-34.1 as a component of openSUSE Leap 42.1 Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; and Java SE Embedded 8u91 allows remote attackers to affect integrity via vectors related to CORBA. CVE-2016-3458 openSUSE Leap 42.1:java-1_7_0-openjdk-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-accessibility-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-bootstrap-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-bootstrap-devel-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-bootstrap-headless-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-demo-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-devel-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-headless-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-javadoc-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-src-1.7.0.111-34.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-08/msg00034.html https://www.suse.com/security/cve/CVE-2016-3458.html CVE-2016-3458 https://bugzilla.suse.com/989732 SUSE Bug 989732 Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows local users to affect integrity via vectors related to Networking. CVE-2016-3485 openSUSE Leap 42.1:java-1_7_0-openjdk-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-accessibility-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-bootstrap-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-bootstrap-devel-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-bootstrap-headless-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-demo-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-devel-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-headless-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-javadoc-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-src-1.7.0.111-34.1 low 1.2 AV:L/AC:H/Au:N/C:N/I:P/A:N Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-08/msg00034.html https://www.suse.com/security/cve/CVE-2016-3485.html CVE-2016-3485 https://bugzilla.suse.com/1009280 SUSE Bug 1009280 https://bugzilla.suse.com/989734 SUSE Bug 989734 Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 allows remote attackers to affect availability via vectors related to JavaFX. CVE-2016-3498 openSUSE Leap 42.1:java-1_7_0-openjdk-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-accessibility-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-bootstrap-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-bootstrap-devel-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-bootstrap-headless-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-demo-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-devel-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-headless-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-javadoc-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-src-1.7.0.111-34.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-08/msg00034.html https://www.suse.com/security/cve/CVE-2016-3498.html CVE-2016-3498 https://bugzilla.suse.com/989729 SUSE Bug 989729 Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2016-3508. CVE-2016-3500 openSUSE Leap 42.1:java-1_7_0-openjdk-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-accessibility-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-bootstrap-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-bootstrap-devel-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-bootstrap-headless-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-demo-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-devel-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-headless-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-javadoc-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-src-1.7.0.111-34.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-08/msg00034.html https://www.suse.com/security/cve/CVE-2016-3500.html CVE-2016-3500 https://bugzilla.suse.com/989730 SUSE Bug 989730 Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 allows local users to affect confidentiality, integrity, and availability via vectors related to Install. CVE-2016-3503 openSUSE Leap 42.1:java-1_7_0-openjdk-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-accessibility-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-bootstrap-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-bootstrap-devel-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-bootstrap-headless-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-demo-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-devel-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-headless-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-javadoc-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-src-1.7.0.111-34.1 moderate 3.7 AV:L/AC:H/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-08/msg00034.html https://www.suse.com/security/cve/CVE-2016-3503.html CVE-2016-3503 https://bugzilla.suse.com/989728 SUSE Bug 989728 Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2016-3500. CVE-2016-3508 openSUSE Leap 42.1:java-1_7_0-openjdk-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-accessibility-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-bootstrap-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-bootstrap-devel-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-bootstrap-headless-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-demo-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-devel-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-headless-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-javadoc-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-src-1.7.0.111-34.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-08/msg00034.html https://www.suse.com/security/cve/CVE-2016-3508.html CVE-2016-3508 https://bugzilla.suse.com/989731 SUSE Bug 989731 Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 allows local users to affect confidentiality, integrity, and availability via vectors related to Deployment. CVE-2016-3511 openSUSE Leap 42.1:java-1_7_0-openjdk-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-accessibility-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-bootstrap-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-bootstrap-devel-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-bootstrap-headless-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-demo-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-devel-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-headless-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-javadoc-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-src-1.7.0.111-34.1 moderate 3.7 AV:L/AC:H/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-08/msg00034.html https://www.suse.com/security/cve/CVE-2016-3511.html CVE-2016-3511 https://bugzilla.suse.com/1009280 SUSE Bug 1009280 https://bugzilla.suse.com/989727 SUSE Bug 989727 Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality via vectors related to Hotspot. CVE-2016-3550 openSUSE Leap 42.1:java-1_7_0-openjdk-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-accessibility-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-bootstrap-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-bootstrap-devel-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-bootstrap-headless-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-demo-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-devel-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-headless-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-javadoc-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-src-1.7.0.111-34.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-08/msg00034.html https://www.suse.com/security/cve/CVE-2016-3550.html CVE-2016-3550 https://bugzilla.suse.com/989733 SUSE Bug 989733 Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3610. CVE-2016-3598 openSUSE Leap 42.1:java-1_7_0-openjdk-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-accessibility-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-bootstrap-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-bootstrap-devel-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-bootstrap-headless-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-demo-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-devel-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-headless-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-javadoc-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-src-1.7.0.111-34.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-08/msg00034.html https://www.suse.com/security/cve/CVE-2016-3598.html CVE-2016-3598 https://bugzilla.suse.com/1009280 SUSE Bug 1009280 https://bugzilla.suse.com/989723 SUSE Bug 989723 Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot. CVE-2016-3606 openSUSE Leap 42.1:java-1_7_0-openjdk-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-accessibility-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-bootstrap-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-bootstrap-devel-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-bootstrap-headless-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-demo-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-devel-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-headless-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-javadoc-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-src-1.7.0.111-34.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-08/msg00034.html https://www.suse.com/security/cve/CVE-2016-3606.html CVE-2016-3606 https://bugzilla.suse.com/989722 SUSE Bug 989722 Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3598. CVE-2016-3610 openSUSE Leap 42.1:java-1_7_0-openjdk-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-accessibility-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-bootstrap-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-bootstrap-devel-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-bootstrap-headless-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-demo-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-devel-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-headless-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-javadoc-1.7.0.111-34.1 openSUSE Leap 42.1:java-1_7_0-openjdk-src-1.7.0.111-34.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-08/msg00034.html https://www.suse.com/security/cve/CVE-2016-3610.html CVE-2016-3610 https://bugzilla.suse.com/989725 SUSE Bug 989725