{"id":"SUSE-SU-2016:0959-1","summary":"Security update for java-1_7_0-openjdk","details":"\nThe OpenJDK Java java-1_7_0-openjdk was updated to 2.6.5 to fix the following issues:\n\nUpdate to 2.6.5 - OpenJDK 7u99 (bsc#972468)\n* Security fixes\n - S8152335, CVE-2016-0636: Improve MethodHandle consistency\n* Import of OpenJDK 7 u99 build 0\n - S6425769, PR2858: Allow specifying an address to bind JMX\n remote connector\n - S6961123: setWMClass fails to null-terminate WM_CLASS string\n - S8145982, PR2858: JMXInterfaceBindingTest is failing\n intermittently\n - S8146015, PR2858: JMXInterfaceBindingTest is failing\n intermittently for IPv6 addresses\n* Backports\n - S8028727, PR2814: [parfait] warnings from b116 for\n jdk.src.share.native.sun.security.ec: JNI pending exceptions\n - S8048512, PR2814: Uninitialised memory in\n jdk/src/share/native/sun/security/ec/ECC_JNI.cpp\n - S8071705. PR2819, RH1182694: Java application menu misbehaves\n when running multiple screen stacked vertically\n - S8150954, PR2866, RH1176206: AWT Robot not compatible with\n GNOME Shell\n* Bug fixes\n - PR2803: Make system CUPS optional\n - PR2886: Location of 'stap' executable is hard-coded\n - PR2893: test/tapset/jstaptest.pl should be executable\n - PR2894: Add missing test directory in make check.\n* CACAO\n - PR2781, CA195: typeinfo.cpp: typeinfo_merge_nonarrays:\n Assertion `dest && result && x.any && y.any' failed\n* AArch64 port\n - PR2852: Add support for large code cache\n - PR2852: Apply ReservedCodeCacheSize default limiting to\n AArch64 only.\n - S8081289, PR2852: aarch64: add support for\n RewriteFrequentPairs in interpreter\n - S8131483, PR2852: aarch64: illegal stlxr instructions\n - S8133352, PR2852: aarch64: generates constrained unpredictable\n instructions\n - S8133842, PR2852: aarch64: C2 generates illegal instructions\n with int shifts \u003e=32\n - S8134322, PR2852: AArch64: Fix several errors in C2 biased\n locking implementation\n - S8136615, PR2852: aarch64: elide DecodeN when followed by\n CmpP 0\n - S8138575, PR2852: Improve generated code for profile counters\n - S8138641, PR2852: Disable C2 peephole by default for aarch64\n - S8138966, PR2852: Intermittent SEGV running ParallelGC\n - S8143067, PR2852: aarch64: guarantee failure in javac\n - S8143285, PR2852: aarch64: Missing load acquire when checking\n if ConstantPoolCacheEntry is resolved\n - S8143584, PR2852: Load constant pool tag and class status with\n load acquire\n - S8144201, PR2852: aarch64:\n jdk/test/com/sun/net/httpserver/Test6a.java fails with\n --enable-unlimited-crypto\n - S8144582, PR2852: AArch64 does not generate correct branch\n profile data\n - S8146709, PR2852: AArch64: Incorrect use of ADRP for\n byte_map_base\n - S8147805, PR2852: aarch64: C1 segmentation fault due to inline\n Unsafe.getAndSetObject\n - S8148240, PR2852: aarch64: random infrequent null pointer\n exceptions in javac\n* PPC & AIX port\n - S8034797, PR2851: AIX: Fix os::naked_short_sleep() in\n os_aix.cpp after 8028280\n - S8139258, PR2851: PPC64LE: argument passing problem when\n passing 15 floats in native call\n - S8139421, PR2851: PPC64LE: MacroAssembler::bxx64_patchable\n kill register R12\n\nUpdate to 2.6.5 - OpenJDK 7u99 (bsc#972468)\n* Security fixes\n - S8152335, CVE-2016-0636: Improve MethodHandle consistency\n* Import of OpenJDK 7 u99 build 0\n - S6425769, PR2858: Allow specifying an address to bind JMX\n remote connector\n - S6961123: setWMClass fails to null-terminate WM_CLASS string\n - S8145982, PR2858: JMXInterfaceBindingTest is failing\n intermittently\n - S8146015, PR2858: JMXInterfaceBindingTest is failing\n intermittently for IPv6 addresses\n* Backports\n - S8028727, PR2814: [parfait] warnings from b116 for\n jdk.src.share.native.sun.security.ec: JNI pending exceptions\n - S8048512, PR2814: Uninitialised memory in\n jdk/src/share/native/sun/security/ec/ECC_JNI.cpp\n - S8071705. PR2819, RH1182694: Java application menu misbehaves\n when running multiple screen stacked vertically\n - S8150954, PR2866, RH1176206: AWT Robot not compatible with\n GNOME Shell\n* Bug fixes\n - PR2803: Make system CUPS optional\n - PR2886: Location of 'stap' executable is hard-coded\n - PR2893: test/tapset/jstaptest.pl should be executable\n - PR2894: Add missing test directory in make check.\n* CACAO\n - PR2781, CA195: typeinfo.cpp: typeinfo_merge_nonarrays:\n Assertion `dest && result && x.any && y.any' failed\n* AArch64 port\n - PR2852: Add support for large code cache\n - PR2852: Apply ReservedCodeCacheSize default limiting to\n AArch64 only.\n - S8081289, PR2852: aarch64: add support for\n RewriteFrequentPairs in interpreter\n - S8131483, PR2852: aarch64: illegal stlxr instructions\n - S8133352, PR2852: aarch64: generates constrained unpredictable\n instructions\n - S8133842, PR2852: aarch64: C2 generates illegal instructions\n with int shifts \u003e=32\n - S8134322, PR2852: AArch64: Fix several errors in C2 biased\n locking implementation\n - S8136615, PR2852: aarch64: elide DecodeN when followed by\n CmpP 0\n - S8138575, PR2852: Improve generated code for profile counters\n - S8138641, PR2852: Disable C2 peephole by default for aarch64\n - S8138966, PR2852: Intermittent SEGV running ParallelGC\n - S8143067, PR2852: aarch64: guarantee failure in javac\n - S8143285, PR2852: aarch64: Missing load acquire when checking\n if ConstantPoolCacheEntry is resolved\n - S8143584, PR2852: Load constant pool tag and class status with\n load acquire\n - S8144201, PR2852: aarch64:\n jdk/test/com/sun/net/httpserver/Test6a.java fails with\n --enable-unlimited-crypto\n - S8144582, PR2852: AArch64 does not generate correct branch\n profile data\n - S8146709, PR2852: AArch64: Incorrect use of ADRP for\n byte_map_base\n - S8147805, PR2852: aarch64: C1 segmentation fault due to inline\n Unsafe.getAndSetObject\n - S8148240, PR2852: aarch64: random infrequent null pointer\n exceptions in javac\n* PPC & AIX port\n - S8034797, PR2851: AIX: Fix os::naked_short_sleep() in\n os_aix.cpp after 8028280\n - S8139258, PR2851: PPC64LE: argument passing problem when\n passing 15 floats in native call\n - S8139421, PR2851: PPC64LE: MacroAssembler::bxx64_patchable\n kill register R12\n","modified":"2026-02-04T04:26:40.621694Z","published":"2016-04-05T12:38:37Z","related":["CVE-2016-0636"],"upstream":["CVE-2016-0636"],"references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2016/suse-su-20160959-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/972468"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-0636"}],"affected":[{"package":{"name":"java-1_7_0-openjdk","ecosystem":"SUSE:Linux Enterprise Desktop 12","purl":"pkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Desktop%2012"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.7.0.99-27.1"}]}],"ecosystem_specific":{"binaries":[{"java-1_7_0-openjdk":"1.7.0.99-27.1","java-1_7_0-openjdk-headless":"1.7.0.99-27.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2016:0959-1.json"}},{"package":{"name":"java-1_7_0-openjdk","ecosystem":"SUSE:Linux Enterprise Desktop 12 SP1","purl":"pkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.7.0.99-27.1"}]}],"ecosystem_specific":{"binaries":[{"java-1_7_0-openjdk":"1.7.0.99-27.1","java-1_7_0-openjdk-headless":"1.7.0.99-27.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2016:0959-1.json"}},{"package":{"name":"java-1_7_0-openjdk","ecosystem":"SUSE:Linux Enterprise Server 12","purl":"pkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2012"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.7.0.99-27.1"}]}],"ecosystem_specific":{"binaries":[{"java-1_7_0-openjdk":"1.7.0.99-27.1","java-1_7_0-openjdk-demo":"1.7.0.99-27.1","java-1_7_0-openjdk-headless":"1.7.0.99-27.1","java-1_7_0-openjdk-devel":"1.7.0.99-27.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2016:0959-1.json"}},{"package":{"name":"java-1_7_0-openjdk","ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12","purl":"pkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.7.0.99-27.1"}]}],"ecosystem_specific":{"binaries":[{"java-1_7_0-openjdk":"1.7.0.99-27.1","java-1_7_0-openjdk-demo":"1.7.0.99-27.1","java-1_7_0-openjdk-headless":"1.7.0.99-27.1","java-1_7_0-openjdk-devel":"1.7.0.99-27.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2016:0959-1.json"}},{"package":{"name":"java-1_7_0-openjdk","ecosystem":"SUSE:Linux Enterprise Server 12 SP1","purl":"pkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.7.0.99-27.1"}]}],"ecosystem_specific":{"binaries":[{"java-1_7_0-openjdk":"1.7.0.99-27.1","java-1_7_0-openjdk-demo":"1.7.0.99-27.1","java-1_7_0-openjdk-headless":"1.7.0.99-27.1","java-1_7_0-openjdk-devel":"1.7.0.99-27.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2016:0959-1.json"}},{"package":{"name":"java-1_7_0-openjdk","ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP1","purl":"pkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.7.0.99-27.1"}]}],"ecosystem_specific":{"binaries":[{"java-1_7_0-openjdk":"1.7.0.99-27.1","java-1_7_0-openjdk-demo":"1.7.0.99-27.1","java-1_7_0-openjdk-headless":"1.7.0.99-27.1","java-1_7_0-openjdk-devel":"1.7.0.99-27.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2016:0959-1.json"}}],"schema_version":"1.7.3"}