{"affected":[{"ecosystem_specific":{"binaries":[{"java-1_8_0-openjdk":"1.8.0.151-27.8.1","java-1_8_0-openjdk-demo":"1.8.0.151-27.8.1","java-1_8_0-openjdk-devel":"1.8.0.151-27.8.1","java-1_8_0-openjdk-headless":"1.8.0.151-27.8.1"}]},"package":{"ecosystem":"SUSE:OpenStack Cloud 6","name":"java-1_8_0-openjdk","purl":"pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20OpenStack%20Cloud%206"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.8.0.151-27.8.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-1_8_0-openjdk":"1.8.0.151-27.8.1","java-1_8_0-openjdk-headless":"1.8.0.151-27.8.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Desktop 12 SP2","name":"java-1_8_0-openjdk","purl":"pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.8.0.151-27.8.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-1_8_0-openjdk":"1.8.0.151-27.8.1","java-1_8_0-openjdk-headless":"1.8.0.151-27.8.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Desktop 12 SP3","name":"java-1_8_0-openjdk","purl":"pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.8.0.151-27.8.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-1_8_0-openjdk":"1.8.0.151-27.8.1","java-1_8_0-openjdk-demo":"1.8.0.151-27.8.1","java-1_8_0-openjdk-devel":"1.8.0.151-27.8.1","java-1_8_0-openjdk-headless":"1.8.0.151-27.8.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for Raspberry Pi 12 SP2","name":"java-1_8_0-openjdk","purl":"pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.8.0.151-27.8.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-1_8_0-openjdk":"1.8.0.151-27.8.1","java-1_8_0-openjdk-demo":"1.8.0.151-27.8.1","java-1_8_0-openjdk-devel":"1.8.0.151-27.8.1","java-1_8_0-openjdk-headless":"1.8.0.151-27.8.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP1","name":"java-1_8_0-openjdk","purl":"pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.8.0.151-27.8.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-1_8_0-openjdk":"1.8.0.151-27.8.1","java-1_8_0-openjdk-demo":"1.8.0.151-27.8.1","java-1_8_0-openjdk-devel":"1.8.0.151-27.8.1","java-1_8_0-openjdk-headless":"1.8.0.151-27.8.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP1-LTSS","name":"java-1_8_0-openjdk","purl":"pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.8.0.151-27.8.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-1_8_0-openjdk":"1.8.0.151-27.8.1","java-1_8_0-openjdk-demo":"1.8.0.151-27.8.1","java-1_8_0-openjdk-devel":"1.8.0.151-27.8.1","java-1_8_0-openjdk-headless":"1.8.0.151-27.8.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP2","name":"java-1_8_0-openjdk","purl":"pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.8.0.151-27.8.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-1_8_0-openjdk":"1.8.0.151-27.8.1","java-1_8_0-openjdk-demo":"1.8.0.151-27.8.1","java-1_8_0-openjdk-devel":"1.8.0.151-27.8.1","java-1_8_0-openjdk-headless":"1.8.0.151-27.8.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP2","name":"java-1_8_0-openjdk","purl":"pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.8.0.151-27.8.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-1_8_0-openjdk":"1.8.0.151-27.8.1","java-1_8_0-openjdk-demo":"1.8.0.151-27.8.1","java-1_8_0-openjdk-devel":"1.8.0.151-27.8.1","java-1_8_0-openjdk-headless":"1.8.0.151-27.8.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP3","name":"java-1_8_0-openjdk","purl":"pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.8.0.151-27.8.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-1_8_0-openjdk":"1.8.0.151-27.8.1","java-1_8_0-openjdk-demo":"1.8.0.151-27.8.1","java-1_8_0-openjdk-devel":"1.8.0.151-27.8.1","java-1_8_0-openjdk-headless":"1.8.0.151-27.8.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP3","name":"java-1_8_0-openjdk","purl":"pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.8.0.151-27.8.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for java-1_8_0-openjdk fixes the following issues:\n\n- Update to version jdk8u151 (icedtea 3.6.0)\n\nSecurity issues fixed:\n\n- CVE-2017-10274: Handle smartcard clean up better (bsc#1064071)\n- CVE-2017-10281: Better queuing priorities (bsc#1064072)\n- CVE-2017-10285: Unreferenced references (bsc#1064073)\n- CVE-2017-10295: Better URL connections (bsc#1064075)\n- CVE-2017-10388: Correct Kerberos ticket grants (bsc#1064086)\n- CVE-2017-10346: Better invokespecial checks (bsc#1064078)\n- CVE-2017-10350: Better Base Exceptions (bsc#1064082)\n- CVE-2017-10347: Better timezone processing (bsc#1064079)\n- CVE-2017-10349: Better X processing (bsc#1064081)\n- CVE-2017-10345: Better keystore handling (bsc#1064077)\n- CVE-2017-10348: Better processing of unresolved permissions (bsc#1064080)\n- CVE-2017-10357: Process Proxy presentation (bsc#1064085)\n- CVE-2017-10355: More stable connection processing (bsc#1064083)\n- CVE-2017-10356: Update storage implementations (bsc#1064084)\n- CVE-2016-10165: Improve CMS header processing (bsc#1064069)\n- CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843: Upgrade compression library (bsc#1064070)\n\nBug fixes:\n\n- Fix bsc#1032647, bsc#1052009 with btrfs subvolumes and overlayfs\n","id":"SUSE-SU-2017:2989-1","modified":"2017-11-10T12:10:06Z","published":"2017-11-10T12:10:06Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2017/suse-su-20172989-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1032647"},{"type":"REPORT","url":"https://bugzilla.suse.com/1052009"},{"type":"REPORT","url":"https://bugzilla.suse.com/1064069"},{"type":"REPORT","url":"https://bugzilla.suse.com/1064070"},{"type":"REPORT","url":"https://bugzilla.suse.com/1064071"},{"type":"REPORT","url":"https://bugzilla.suse.com/1064072"},{"type":"REPORT","url":"https://bugzilla.suse.com/1064073"},{"type":"REPORT","url":"https://bugzilla.suse.com/1064075"},{"type":"REPORT","url":"https://bugzilla.suse.com/1064077"},{"type":"REPORT","url":"https://bugzilla.suse.com/1064078"},{"type":"REPORT","url":"https://bugzilla.suse.com/1064079"},{"type":"REPORT","url":"https://bugzilla.suse.com/1064080"},{"type":"REPORT","url":"https://bugzilla.suse.com/1064081"},{"type":"REPORT","url":"https://bugzilla.suse.com/1064082"},{"type":"REPORT","url":"https://bugzilla.suse.com/1064083"},{"type":"REPORT","url":"https://bugzilla.suse.com/1064084"},{"type":"REPORT","url":"https://bugzilla.suse.com/1064085"},{"type":"REPORT","url":"https://bugzilla.suse.com/1064086"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-10165"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-9840"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-9841"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-9842"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-9843"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-10274"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-10281"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-10285"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-10295"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-10345"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-10346"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-10347"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-10348"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-10349"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-10350"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-10355"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-10356"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-10357"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-10388"}],"related":["CVE-2016-10165","CVE-2016-9840","CVE-2016-9841","CVE-2016-9842","CVE-2016-9843","CVE-2017-10274","CVE-2017-10281","CVE-2017-10285","CVE-2017-10295","CVE-2017-10345","CVE-2017-10346","CVE-2017-10347","CVE-2017-10348","CVE-2017-10349","CVE-2017-10350","CVE-2017-10355","CVE-2017-10356","CVE-2017-10357","CVE-2017-10388"],"summary":"Security update for java-1_8_0-openjdk","upstream":["CVE-2016-10165","CVE-2016-9840","CVE-2016-9841","CVE-2016-9842","CVE-2016-9843","CVE-2017-10274","CVE-2017-10281","CVE-2017-10285","CVE-2017-10295","CVE-2017-10345","CVE-2017-10346","CVE-2017-10347","CVE-2017-10348","CVE-2017-10349","CVE-2017-10350","CVE-2017-10355","CVE-2017-10356","CVE-2017-10357","CVE-2017-10388"]}