You are here
Home > Preporuke > Ranjivosti programskog paketa java-1_7_0-ibm

Ranjivosti programskog paketa java-1_7_0-ibm

SUSE Security Update: Security update for java-1_7_0-ibm
______________________________________________________________________________

Announcement ID: SUSE-SU-2015:0343-1
Rating: important
References: #916265 #916266
Cross-References: CVE-2014-8891 CVE-2014-8892
Affected Products:
SUSE Linux Enterprise Software Development Kit 11 SP3
SUSE Linux Enterprise Server 11 SP3 for VMware
SUSE Linux Enterprise Server 11 SP3
______________________________________________________________________________

An update that fixes two vulnerabilities is now available.

Description:

java-1_7_0-ibm was updated to fix two security issues:

* CVE-2014-8891: Unspecified vulnerability
* CVE-2014-8892: Unspecified vulnerability

Security Issues:

* CVE-2014-8892
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8892>
* CVE-2014-8891
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8891>

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Software Development Kit 11 SP3:

zypper in -t patch sdksp3-java-1_6_0-ibm=10299 sdksp3-java-1_7_0-ibm=10300

– SUSE Linux Enterprise Server 11 SP3 for VMware:

zypper in -t patch slessp3-java-1_6_0-ibm=10299 slessp3-java-1_7_0-ibm=10300

– SUSE Linux Enterprise Server 11 SP3:

zypper in -t patch slessp3-java-1_6_0-ibm=10299 slessp3-java-1_7_0-ibm=10300

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ppc64 s390x x86_64):

java-1_6_0-ibm-devel-1.6.0_sr16.3-0.4.1
java-1_7_0-ibm-devel-1.7.0_sr8.10-0.6.1

– SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64):

java-1_6_0-ibm-1.6.0_sr16.3-0.4.1
java-1_6_0-ibm-fonts-1.6.0_sr16.3-0.4.1

– SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64):

java-1_6_0-ibm-1.6.0_sr16.3-0.4.1
java-1_6_0-ibm-fonts-1.6.0_sr16.3-0.4.1
java-1_6_0-ibm-jdbc-1.6.0_sr16.3-0.4.1
java-1_6_0-ibm-plugin-1.6.0_sr16.3-0.4.1
java-1_7_0-ibm-1.7.0_sr8.10-0.6.1
java-1_7_0-ibm-alsa-1.7.0_sr8.10-0.6.1
java-1_7_0-ibm-jdbc-1.7.0_sr8.10-0.6.1
java-1_7_0-ibm-plugin-1.7.0_sr8.10-0.6.1

– SUSE Linux Enterprise Server 11 SP3 for VMware (i586):

java-1_6_0-ibm-alsa-1.6.0_sr16.3-0.4.1

– SUSE Linux Enterprise Server 11 SP3 (i586 ppc64 s390x x86_64):

java-1_6_0-ibm-1.6.0_sr16.3-0.4.1
java-1_6_0-ibm-fonts-1.6.0_sr16.3-0.4.1
java-1_6_0-ibm-jdbc-1.6.0_sr16.3-0.4.1
java-1_7_0-ibm-1.7.0_sr8.10-0.6.1
java-1_7_0-ibm-jdbc-1.7.0_sr8.10-0.6.1

– SUSE Linux Enterprise Server 11 SP3 (i586 x86_64):

java-1_6_0-ibm-plugin-1.6.0_sr16.3-0.4.1
java-1_7_0-ibm-alsa-1.7.0_sr8.10-0.6.1
java-1_7_0-ibm-plugin-1.7.0_sr8.10-0.6.1

– SUSE Linux Enterprise Server 11 SP3 (i586):

java-1_6_0-ibm-alsa-1.6.0_sr16.3-0.4.1

References:

http://support.novell.com/security/cve/CVE-2014-8891.html
http://support.novell.com/security/cve/CVE-2014-8892.html
https://bugzilla.suse.com/916265
https://bugzilla.suse.com/916266
http://download.suse.com/patch/finder/?keywords=d0fabcb64d4c31a5f5c8a2085498a9f2
http://download.suse.com/patch/finder/?keywords=dd24d5afde779e1651d8cfeb6cdfc2bc


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

SUSE Security Update: Security update for java-1_7_0-ibm
______________________________________________________________________________

Announcement ID: SUSE-SU-2015:0344-1
Rating: important
References: #891701 #901223 #901239 #904889 #916265 #916266

Cross-References: CVE-2014-8891 CVE-2014-8892
Affected Products:
SUSE Linux Enterprise Server 11 SP2 LTSS
______________________________________________________________________________

An update that solves two vulnerabilities and has four
fixes is now available.

Description:

java-1_7_0-ibm was updated to version 1.7.0_sr7.3 to fix 37 security
issues:

* CVE-2014-8891: Unspecified vulnerability (bnc#916266)
* CVE-2014-8892: Unspecified vulnerability (bnc#916265)
* CVE-2014-3065: Unspecified vulnerability in IBM Java Runtime
Environment (JRE) 7 R1 before SR2 (7.1.2.0), 7 before SR8 (7.0.8.0),
6 R1 before SR8 FP2 (6.1.8.2), 6 before SR16 FP2 (6.0.16.2), and
before SR16 FP8 (5.0.16.8) allows local users to execute arbitrary
code via vectors related to the shared classes cache (bnc#904889).
* CVE-2014-3566: The SSL protocol 3.0, as used in OpenSSL through
1.0.1i and other products, uses nondeterministic CBC padding, which
makes it easier for man-in-the-middle attackers to obtain cleartext
data via a padding-oracle attack, aka the “POODLE” issue
(bnc#901223).
* CVE-2014-6513: Unspecified vulnerability in Oracle Java SE 6u81,
7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers
to affect confidentiality, integrity, and availability via vectors
related to AWT (bnc#901239).
* CVE-2014-6456: Unspecified vulnerability in Oracle Java SE 7u67 and
8u20 allows remote attackers to affect confidentiality, integrity,
and availability via unknown vectors (bnc#901239).
* CVE-2014-6503: Unspecified vulnerability in Oracle Java SE 6u81,
7u67, and 8u20 allows remote attackers to affect confidentiality,
integrity, and availability via unknown vectors related to
Deployment, a different vulnerability than CVE-2014-4288,
CVE-2014-6493, and CVE-2014-6532 (bnc#901239).
* CVE-2014-6532: Unspecified vulnerability in Oracle Java SE 6u81,
7u67, and 8u20 allows remote attackers to affect confidentiality,
integrity, and availability via unknown vectors related to
Deployment, a different vulnerability than CVE-2014-4288,
CVE-2014-6493, and CVE-2014-6503 (bnc#901239).
* CVE-2014-4288: Unspecified vulnerability in Oracle Java SE 6u81,
7u67, and 8u20 allows remote attackers to affect confidentiality,
integrity, and availability via unknown vectors related to
Deployment, a different vulnerability than CVE-2014-6493,
CVE-2014-6503, and CVE-2014-6532 (bnc#901239).
* CVE-2014-6493: Unspecified vulnerability in Oracle Java SE 6u81,
7u67, and 8u20 allows remote attackers to affect confidentiality,
integrity, and availability via unknown vectors related to
Deployment, a different vulnerability than CVE-2014-4288,
CVE-2014-6503, and CVE-2014-6532 (bnc#901239).
* CVE-2014-6492: Unspecified vulnerability in Oracle Java SE 6u81,
7u67, and 8u20, when running on Firefox, allows remote attackers to
affect confidentiality, integrity, and availability via unknown
vectors related to Deployment (bnc#901239).
* CVE-2014-6458: Unspecified vulnerability in Oracle Java SE 6u81,
7u67, and 8u20 allows local users to affect confidentiality,
integrity, and availability via unknown vectors related to
Deployment (bnc#901239).
* CVE-2014-6466: Unspecified vulnerability in Oracle Java SE 6u81,
7u67, and 8u20, when running on Internet Explorer, allows local
users to affect confidentiality, integrity, and availability via
unknown vectors related to Deployment (bnc#901239).
* CVE-2014-6506: Unspecified vulnerability in Oracle Java SE 5.0u71,
6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote
attackers to affect confidentiality, integrity, and availability via
unknown vectors related to Libraries (bnc#901239).
* CVE-2014-6476: Unspecified vulnerability in Oracle Java SE 7u67 and
8u20 allows remote attackers to affect integrity via unknown vectors
related to Deployment, a different vulnerability than CVE-2014-6527
(bnc#901239).
* CVE-2014-6515: Unspecified vulnerability in Oracle Java SE 6u81,
7u67, and 8u20 allows remote attackers to affect integrity via
unknown vectors related to Deployment (bnc#901239).
* CVE-2014-6511: Unspecified vulnerability in Oracle Java SE 5.0u71,
6u81, 7u67, and 8u20 allows remote attackers to affect
confidentiality via unknown vectors related to 2D (bnc#901239).
* CVE-2014-6531: Unspecified vulnerability in Oracle Java SE 5.0u71,
6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote
attackers to affect confidentiality via unknown vectors related to
Libraries (bnc#901239).
* CVE-2014-6512: Unspecified vulnerability in Oracle Java SE 5.0u71,
6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and
R28.3.3 allows remote attackers to affect integrity via unknown
vectors related to Libraries (bnc#901239).
* CVE-2014-6457: Unspecified vulnerability in Oracle Java SE 5.0u71,
6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3,
and R28.3.3 allows remote attackers to affect confidentiality and
integrity via vectors related to JSSE (bnc#901239).
* CVE-2014-6527: Unspecified vulnerability in Oracle Java SE 7u67 and
8u20 allows remote attackers to affect integrity via unknown vectors
related to Deployment, a different vulnerability than CVE-2014-6476
(bnc#901239).
* CVE-2014-6502: Unspecified vulnerability in Oracle Java SE 5.0u71,
6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote
attackers to affect integrity via unknown vectors related to
Libraries (bnc#901239).
* CVE-2014-6558: Unspecified vulnerability in Oracle Java SE 5.0u71,
6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and
JRockit R28.3.3 allows remote attackers to affect integrity via
unknown vectors related to Security (bnc#901239).
* CVE-2014-4227: Unspecified vulnerability in Oracle Java SE 6u75,
7u60, and 8u5 allows remote attackers to affect confidentiality,
integrity, and availability via unknown vectors related to
Deployment (bnc#891701).
* CVE-2014-4262: Unspecified vulnerability in Oracle Java SE 5.0u65,
6u75, 7u60, and 8u5 allows remote attackers to affect
confidentiality, integrity, and availability via unknown vectors
related to Libraries (bnc#891701).
* CVE-2014-4219: Unspecified vulnerability in Oracle Java SE 6u75,
7u60, and 8u5 allows remote attackers to affect confidentiality,
integrity, and availability via unknown vectors related to Hotspot
(bnc#891701).
* CVE-2014-4209: Unspecified vulnerability in Oracle Java SE 5.0u65,
6u75, 7u60, and 8u5 allows remote attackers to affect
confidentiality and integrity via vectors related to JMX
(bnc#891701).
* CVE-2014-4220: Unspecified vulnerability in Oracle Java SE 7u60 and
8u5 allows remote attackers to affect integrity via unknown vectors
related to Deployment, a different vulnerability than CVE-2014-4208
(bnc#891701).
* CVE-2014-4268: Unspecified vulnerability in Oracle Java SE 5.0u65,
6u75, 7u60, and 8u5 allows remote attackers to affect
confidentiality via unknown vectors related to Swing (bnc#891701).
* CVE-2014-4218: Unspecified vulnerability in Oracle Java SE 5.0u65,
6u75, 7u60, and 8u5 allows remote attackers to affect integrity via
unknown vectors related to Libraries (bnc#891701).
* CVE-2014-4252: Unspecified vulnerability in Oracle Java SE 5.0u65,
6u75, 7u60, and 8u5 allows remote attackers to affect
confidentiality via unknown vectors related to Security (bnc#891701).
* CVE-2014-4266: Unspecified vulnerability in Oracle Java SE 7u60 and
8u5 allows remote attackers to affect integrity via unknown vectors
related to Serviceability (bnc#891701).
* CVE-2014-4265: Unspecified vulnerability in Oracle Java SE 6u75,
7u60, and 8u5 allows remote attackers to affect integrity via
unknown vectors related to Deployment (bnc#891701).
* CVE-2014-4221: Unspecified vulnerability in Oracle Java SE 7u60 and
8u5 allows remote attackers to affect confidentiality via unknown
vectors related to Libraries (bnc#891701).
* CVE-2014-4263: Unspecified vulnerability in Oracle Java SE 5.0u65,
6u75, 7u60, and 8u5, and JRockit R27.8.2 and R28.3.2, allows remote
attackers to affect confidentiality and integrity via unknown
vectors related to “Diffie-Hellman key agreement (bnc#891701).
* CVE-2014-4244: Unspecified vulnerability in Oracle Java SE 5.0u65,
6u75, 7u60, and 8u5, and JRockit R27.8.2 and JRockit R28.3.2, allows
remote attackers to affect confidentiality and integrity via unknown
vectors related to Security (bnc#891701).
* CVE-2014-4208: Unspecified vulnerability in the Java SE component in
Oracle Java SE 7u60 and 8u5 allows remote attackers to affect
integrity via unknown vectors related to Deployment, a different
vulnerability than CVE-2014-4220 (bnc#891701).

Security Issues:

* CVE-2014-8892
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8892>
* CVE-2014-8891
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8891>

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Server 11 SP2 LTSS:

zypper in -t patch slessp2-java-1_7_0-ibm=10324

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Server 11 SP2 LTSS (i586 x86_64):

java-1_7_0-ibm-1.7.0_sr8.10-0.6.4
java-1_7_0-ibm-alsa-1.7.0_sr8.10-0.6.4
java-1_7_0-ibm-devel-1.7.0_sr8.10-0.6.4
java-1_7_0-ibm-jdbc-1.7.0_sr8.10-0.6.4
java-1_7_0-ibm-plugin-1.7.0_sr8.10-0.6.4

– SUSE Linux Enterprise Server 11 SP2 LTSS (s390x):

java-1_7_0-ibm-1.7.0_sr8.10-0.6.5
java-1_7_0-ibm-devel-1.7.0_sr8.10-0.6.5
java-1_7_0-ibm-jdbc-1.7.0_sr8.10-0.6.5

References:

http://support.novell.com/security/cve/CVE-2014-8891.html
http://support.novell.com/security/cve/CVE-2014-8892.html
https://bugzilla.suse.com/891701
https://bugzilla.suse.com/901223
https://bugzilla.suse.com/901239
https://bugzilla.suse.com/904889
https://bugzilla.suse.com/916265
https://bugzilla.suse.com/916266
http://download.suse.com/patch/finder/?keywords=89dfde7681a3e8ac7832df50d44019ed


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

Top
More in Preporuke
Ranjivosti programskog paketa ntp

Izdane su zakpre za otlanjanje pet ranjivosti kod programskog paketa ntp za HP-UX Ranjivosti su posljedica generiranja slabih autentikacijskih i...

Close