Bug 901242

Summary: VUL-0: java-openjdk: Oracle Oct 2014 patchday - java-openjdk tracker bug
Product: [Novell Products] SUSE Security Incidents Reporter: Sebastian Krahmer <krahmer>
Component: IncidentsAssignee: Fridrich Strba <fstrba>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: fstrba, jsegitz, security-team, vpereira
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard: maint:released:sle11-sp3:59483 maint:running:60610:important
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Deadline: 2014-11-06   

Description Sebastian Krahmer 2014-10-15 07:47:25 UTC 
+++ This bug was initially created as a clone of Bug #901239 +++

Please refer to:

http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html

'Appendix - Oracle Java SE'
Comment 1 Sebastian Krahmer 2014-10-15 07:48:41 UTC 
These are the CVE's that were fixed by Oracle initially. Maybe
we need to sort out if all of them apply to openjdk:

CVE-2014-4288
CVE-2014-6456
CVE-2014-6457
CVE-2014-6458
CVE-2014-6466
CVE-2014-6468
CVE-2014-6476
CVE-2014-6485
CVE-2014-6492
CVE-2014-6493
CVE-2014-6502
CVE-2014-6503
CVE-2014-6504
CVE-2014-6506
CVE-2014-6511
CVE-2014-6512
CVE-2014-6513
CVE-2014-6515
CVE-2014-6517
CVE-2014-6519
CVE-2014-6527
CVE-2014-6531
CVE-2014-6532
CVE-2014-6558
CVE-2014-6562
Comment 5 Bernhard Wiedemann 2014-10-16 09:00:11 UTC 
This is an autogenerated message for OBS integration:
This bug (901242) was mentioned in
https://build.opensuse.org/request/show/256840 Factory / java-1_7_0-openjdk
Comment 10 Swamp Workflow Management 2014-10-20 22:00:14 UTC 
bugbot adjusting priority
Comment 11 Swamp Workflow Management 2014-10-23 12:16:27 UTC 
An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2014-11-06.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/59482
Comment 12 Swamp Workflow Management 2014-11-11 18:04:52 UTC 
SUSE-SU-2014:1392-1: An update that fixes 25 vulnerabilities is now available.

Category: security (moderate)
Bug References: 901242
CVE References: CVE-2014-4288,CVE-2014-6456,CVE-2014-6457,CVE-2014-6458,CVE-2014-6466,CVE-2014-6468,CVE-2014-6476,CVE-2014-6485,CVE-2014-6492,CVE-2014-6493,CVE-2014-6502,CVE-2014-6503,CVE-2014-6504,CVE-2014-6506,CVE-2014-6511,CVE-2014-6512,CVE-2014-6513,CVE-2014-6515,CVE-2014-6517,CVE-2014-6519,CVE-2014-6527,CVE-2014-6531,CVE-2014-6532,CVE-2014-6558,CVE-2014-6562
Sources used:
SUSE Linux Enterprise Desktop 11 SP3 (src):    java-1_7_0-openjdk-1.7.0.71-0.7.1
Comment 14 Swamp Workflow Management 2014-11-13 16:04:55 UTC 
SUSE-SU-2014:1422-1: An update that fixes 11 vulnerabilities is now available.

Category: security (important)
Bug References: 901242
CVE References: CVE-2014-6457,CVE-2014-6502,CVE-2014-6504,CVE-2014-6506,CVE-2014-6511,CVE-2014-6512,CVE-2014-6513,CVE-2014-6517,CVE-2014-6519,CVE-2014-6531,CVE-2014-6558
Sources used:
SUSE Linux Enterprise Server 12 (src):    java-1_7_0-openjdk-1.7.0.71-6.2
SUSE Linux Enterprise Desktop 12 (src):    java-1_7_0-openjdk-1.7.0.71-6.2
Comment 15 Fridrich Strba 2014-11-30 19:50:55 UTC 
I don't see why openjdk related stuff should be blocking in -sun and -ibm javas.
Versions of java-1_7_0-openjdk in openSUSE 13.2 and Factory, as well as in SLE11 and SLE12 contain these fixes, closing.