{"affected":[{"ecosystem_specific":{"binaries":[{"java-1_7_0-openjdk":"1.7.0.171-43.12.1","java-1_7_0-openjdk-headless":"1.7.0.171-43.12.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Desktop 12 SP2","name":"java-1_7_0-openjdk","purl":"pkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.7.0.171-43.12.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-1_7_0-openjdk":"1.7.0.171-43.12.1","java-1_7_0-openjdk-headless":"1.7.0.171-43.12.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Desktop 12 SP3","name":"java-1_7_0-openjdk","purl":"pkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.7.0.171-43.12.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-1_7_0-openjdk":"1.7.0.171-43.12.1","java-1_7_0-openjdk-demo":"1.7.0.171-43.12.1","java-1_7_0-openjdk-devel":"1.7.0.171-43.12.1","java-1_7_0-openjdk-headless":"1.7.0.171-43.12.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for Raspberry Pi 12 SP2","name":"java-1_7_0-openjdk","purl":"pkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.7.0.171-43.12.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-1_7_0-openjdk":"1.7.0.171-43.12.1","java-1_7_0-openjdk-demo":"1.7.0.171-43.12.1","java-1_7_0-openjdk-devel":"1.7.0.171-43.12.1","java-1_7_0-openjdk-headless":"1.7.0.171-43.12.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP2","name":"java-1_7_0-openjdk","purl":"pkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.7.0.171-43.12.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-1_7_0-openjdk":"1.7.0.171-43.12.1","java-1_7_0-openjdk-demo":"1.7.0.171-43.12.1","java-1_7_0-openjdk-devel":"1.7.0.171-43.12.1","java-1_7_0-openjdk-headless":"1.7.0.171-43.12.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP2","name":"java-1_7_0-openjdk","purl":"pkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.7.0.171-43.12.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-1_7_0-openjdk":"1.7.0.171-43.12.1","java-1_7_0-openjdk-demo":"1.7.0.171-43.12.1","java-1_7_0-openjdk-devel":"1.7.0.171-43.12.1","java-1_7_0-openjdk-headless":"1.7.0.171-43.12.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP3","name":"java-1_7_0-openjdk","purl":"pkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.7.0.171-43.12.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-1_7_0-openjdk":"1.7.0.171-43.12.1","java-1_7_0-openjdk-demo":"1.7.0.171-43.12.1","java-1_7_0-openjdk-devel":"1.7.0.171-43.12.1","java-1_7_0-openjdk-headless":"1.7.0.171-43.12.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP3","name":"java-1_7_0-openjdk","purl":"pkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.7.0.171-43.12.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for java-1_7_0-openjdk fixes the following issues:\n\nSecurity issues fixed in OpenJDK 7u171 (January 2018 CPU)(bsc#1076366):\n\n- CVE-2018-2579: Improve key keying case\n- CVE-2018-2588: Improve LDAP logins\n- CVE-2018-2599: Improve reliability of DNS lookups\n- CVE-2018-2602: Improve usage messages\n- CVE-2018-2603: Improve PKCS usage\n- CVE-2018-2618: Stricter key generation\n- CVE-2018-2629: Improve GSS handling\n- CVE-2018-2633: Improve LDAP lookup robustness\n- CVE-2018-2634: Improve property negotiations\n- CVE-2018-2637: Improve JMX supportive features\n- CVE-2018-2641: Improve GTK initialization\n- CVE-2018-2663: More refactoring for deserialization cases\n- CVE-2018-2677: More refactoring for client deserialization cases\n- CVE-2018-2678: More refactoring for naming\n","id":"SUSE-SU-2018:0661-1","modified":"2018-03-12T12:17:09Z","published":"2018-03-12T12:17:09Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2018/suse-su-20180661-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1076366"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-2579"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-2588"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-2599"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-2602"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-2603"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-2618"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-2629"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-2633"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-2634"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-2637"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-2641"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-2663"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-2677"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-2678"}],"related":["CVE-2018-2579","CVE-2018-2588","CVE-2018-2599","CVE-2018-2602","CVE-2018-2603","CVE-2018-2618","CVE-2018-2629","CVE-2018-2633","CVE-2018-2634","CVE-2018-2637","CVE-2018-2641","CVE-2018-2663","CVE-2018-2677","CVE-2018-2678"],"summary":"Security update for java-1_7_0-openjdk","upstream":["CVE-2018-2579","CVE-2018-2588","CVE-2018-2599","CVE-2018-2602","CVE-2018-2603","CVE-2018-2618","CVE-2018-2629","CVE-2018-2633","CVE-2018-2634","CVE-2018-2637","CVE-2018-2641","CVE-2018-2663","CVE-2018-2677","CVE-2018-2678"]}