Login
Newsletter
Werbung
Sicherheit: Zwei Probleme in java-1_6_0-ibm
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in java-1_6_0-ibm
ID: SUSE-SU-2015:0392-1
Distribution: SUSE
Plattformen: SUSE Linux Enterprise Server 11 SP1 LTSS, SUSE Linux Enterprise Server 11 SP2 LTSS
Datum: Sa, 28. Februar 2015, 10:40
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8891
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8892
Applikationen: IBM JDK for Linux

Originalnachricht

 
   SUSE Security Update: Security update for java-1_6_0-ibm
______________________________________________________________________________

Announcement ID:    SUSE-SU-2015:0392-1
Rating:             important
References:         #592934 #891700 #901223 #904889 #916265 #916266 
                    
Cross-References:   CVE-2014-8891 CVE-2014-8892
Affected Products:
                    SUSE Linux Enterprise Server 11 SP2 LTSS
                    SUSE Linux Enterprise Server 11 SP1 LTSS
______________________________________________________________________________

   An update that solves two vulnerabilities and has four
   fixes is now available.

Description:


   java-1_6_0-ibm has been updated to version 1.6.0_sr16.3 to fix 30 security
   issues:

       * CVE-2014-8891: Unspecified vulnerability (bnc#916266)
       * CVE-2014-8892: Unspecified vulnerability (bnc#916265)
       * CVE-2014-3065: Unspecified vulnerability in IBM Java Runtime
         Environment (JRE) 7 R1 before SR2 (7.1.2.0), 7 before SR8 (7.0.8.0),
         6 R1 before SR8 FP2 (6.1.8.2), 6 before SR16 FP2 (6.0.16.2), and
         before SR16 FP8 (5.0.16.8) allowed local users to execute arbitrary
         code via vectors related to the shared classes cache (bnc#904889).
       * CVE-2014-3566: The SSL protocol 3.0, as used in OpenSSL through
         1.0.1i and other products, used nondeterministic CBC padding, which
         made it easier for man-in-the-middle attackers to obtain cleartext
         data via a padding-oracle attack, aka the "POODLE" issue
         (bnc#901223).
       * CVE-2014-6513: Unspecified vulnerability in Oracle Java SE 6u81,
         7u67, and 8u20, and Java SE Embedded 7u60, allowed remote attackers
         to affect confidentiality, integrity, and availability via vectors
         related to AWT (bnc#904889).
       * CVE-2014-6503: Unspecified vulnerability in Oracle Java SE 6u81,
         7u67, and 8u20 allowed remote attackers to affect confidentiality,
         integrity, and availability via unknown vectors related to
         Deployment, a different vulnerability than CVE-2014-4288,
         CVE-2014-6493, and CVE-2014-6532 (bnc#904889).
       * CVE-2014-6532: Unspecified vulnerability in Oracle Java SE 6u81,
         7u67, and 8u20 allowed remote attackers to affect confidentiality,
         integrity, and availability via unknown vectors related to
         Deployment, a different vulnerability than CVE-2014-4288,
         CVE-2014-6493, and CVE-2014-6503 (bnc#904889).
       * CVE-2014-4288: Unspecified vulnerability in Oracle Java SE 6u81,
         7u67, and 8u20 allowed remote attackers to affect confidentiality,
         integrity, and availability via unknown vectors related to
         Deployment, a different vulnerability than CVE-2014-6493,
         CVE-2014-6503, and CVE-2014-6532 (bnc#904889).
       * CVE-2014-6493: Unspecified vulnerability in Oracle Java SE 6u81,
         7u67, and 8u20 allowed remote attackers to affect confidentiality,
         integrity, and availability via unknown vectors related to
         Deployment, a different vulnerability than CVE-2014-4288,
         CVE-2014-6503, and CVE-2014-6532 (bnc#904889).
       * CVE-2014-6492: Unspecified vulnerability in Oracle Java SE 6u81,
         7u67, and 8u20, when running on Firefox, allowed remote attackers to
         affect confidentiality, integrity, and availability via unknown
         vectors related to Deployment (bnc#904889).
       * CVE-2014-6458: Unspecified vulnerability in Oracle Java SE 6u81,
         7u67, and 8u20 allowed local users to affect confidentiality,
         integrity, and availability via unknown vectors related to
         Deployment (bnc#904889).
       * CVE-2014-6466: Unspecified vulnerability in Oracle Java SE 6u81,
         7u67, and 8u20, when running on Internet Explorer, allowed local
         users to affect confidentiality, integrity, and availability via
         unknown vectors related to Deployment (bnc#904889).
       * CVE-2014-6506: Unspecified vulnerability in Oracle Java SE 5.0u71,
         6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allowed remote
         attackers to affect confidentiality, integrity, and availability via
         unknown vectors related to Libraries (bnc#904889).
       * CVE-2014-6515: Unspecified vulnerability in Oracle Java SE 6u81,
         7u67, and 8u20 allowed remote attackers to affect integrity via
         unknown vectors related to Deployment (bnc#904889).
       * CVE-2014-6511: Unspecified vulnerability in Oracle Java SE 5.0u71,
         6u81, 7u67, and 8u20 allowed remote attackers to affect
         confidentiality via unknown vectors related to 2D (bnc#904889).
       * CVE-2014-6531: Unspecified vulnerability in Oracle Java SE 5.0u71,
         6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allowed remote
         attackers to affect confidentiality via unknown vectors related to
         Libraries (bnc#904889).
       * CVE-2014-6512: Unspecified vulnerability in Oracle Java SE 5.0u71,
         6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and
         R28.3.3 allowed remote attackers to affect integrity via unknown
         vectors related to Libraries (bnc#904889).
       * CVE-2014-6457: Unspecified vulnerability in Oracle Java SE 5.0u71,
         6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3,
         and R28.3.3 allowed remote attackers to affect confidentiality and
         integrity via vectors related to JSSE (bnc#904889).
       * CVE-2014-6502: Unspecified vulnerability in Oracle Java SE 5.0u71,
         6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allowed remote
         attackers to affect integrity via unknown vectors related to
         Libraries (bnc#904889).
       * CVE-2014-6558: Unspecified vulnerability in Oracle Java SE 5.0u71,
         6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and
         JRockit R28.3.3 allowed remote attackers to affect integrity via
         unknown vectors related to Security (bnc#904889).
       * CVE-2014-4227: Unspecified vulnerability in Oracle Java SE 6u75,
         7u60, and 8u5 allowed remote attackers to affect confidentiality,
         integrity, and availability via unknown vectors related to
         Deployment (bnc#891700).
       * CVE-2014-4262: Unspecified vulnerability in Oracle Java SE 5.0u65,
         6u75, 7u60, and 8u5 allowed remote attackers to affect
         confidentiality, integrity, and availability via unknown vectors
         related to Libraries (bnc#891700).
       * CVE-2014-4219: Unspecified vulnerability in Oracle Java SE 6u75,
         7u60, and 8u5 allowed remote attackers to affect confidentiality,
         integrity, and availability via unknown vectors related to Hotspot
         (bnc#891700).
       * CVE-2014-4209: Unspecified vulnerability in Oracle Java SE 5.0u65,
         6u75, 7u60, and 8u5 allowed remote attackers to affect
         confidentiality and integrity via vectors related to JMX
         (bnc#891700).
       * CVE-2014-4268: Unspecified vulnerability in Oracle Java SE 5.0u65,
         6u75, 7u60, and 8u5 allowed remote attackers to affect
         confidentiality via unknown vectors related to Swing (bnc#891700).
       * CVE-2014-4218: Unspecified vulnerability in Oracle Java SE 5.0u65,
         6u75, 7u60, and 8u5 allowed remote attackers to affect integrity via
         unknown vectors related to Libraries (bnc#891700).
       * CVE-2014-4252: Unspecified vulnerability in Oracle Java SE 5.0u65,
         6u75, 7u60, and 8u5 allowed remote attackers to affect
         confidentiality via unknown vectors related to Security (bnc#891700).
       * CVE-2014-4265: Unspecified vulnerability in Oracle Java SE 6u75,
         7u60, and 8u5 allowed remote attackers to affect integrity via
         unknown vectors related to Deployment (bnc#891700).
       * CVE-2014-4263: Unspecified vulnerability in Oracle Java SE 5.0u65,
         6u75, 7u60, and 8u5, and JRockit R27.8.2 and R28.3.2, allowed remote
         attackers to affect confidentiality and integrity via unknown
         vectors related to "Diffie-Hellman key agreement (bnc#891700).
       * CVE-2014-4244: Unspecified vulnerability in Oracle Java SE 5.0u65,
         6u75, 7u60, and 8u5, and JRockit R27.8.2 and JRockit R28.3.2,
         allowed remote attackers to affect confidentiality and integrity via
         unknown vectors related to Security (bnc#891700).

   This non-security bug has also been fixed:

       * Fix update-alternatives list (bnc#592934)

   Security Issues:

       * CVE-2014-8892
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8892>
       * CVE-2014-8891
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8891>


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 11 SP2 LTSS:

      zypper in -t patch slessp2-java-1_6_0-ibm=10353

   - SUSE Linux Enterprise Server 11 SP1 LTSS:

      zypper in -t patch slessp1-java-1_6_0-ibm=10354

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 s390x x86_64):

      java-1_6_0-ibm-1.6.0_sr16.3-0.4.5
      java-1_6_0-ibm-devel-1.6.0_sr16.3-0.4.5
      java-1_6_0-ibm-fonts-1.6.0_sr16.3-0.4.5
      java-1_6_0-ibm-jdbc-1.6.0_sr16.3-0.4.5

   - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 x86_64):

      java-1_6_0-ibm-plugin-1.6.0_sr16.3-0.4.5

   - SUSE Linux Enterprise Server 11 SP2 LTSS (i586):

      java-1_6_0-ibm-alsa-1.6.0_sr16.3-0.4.5

   - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64):

      java-1_6_0-ibm-1.6.0_sr16.3-0.4.5
      java-1_6_0-ibm-fonts-1.6.0_sr16.3-0.4.5
      java-1_6_0-ibm-jdbc-1.6.0_sr16.3-0.4.5

   - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 x86_64):

      java-1_6_0-ibm-plugin-1.6.0_sr16.3-0.4.5

   - SUSE Linux Enterprise Server 11 SP1 LTSS (i586):

      java-1_6_0-ibm-alsa-1.6.0_sr16.3-0.4.5


References:

   http://support.novell.com/security/cve/CVE-2014-8891.html
   http://support.novell.com/security/cve/CVE-2014-8892.html
   https://bugzilla.suse.com/592934
   https://bugzilla.suse.com/891700
   https://bugzilla.suse.com/901223
   https://bugzilla.suse.com/904889
   https://bugzilla.suse.com/916265
   https://bugzilla.suse.com/916266
   ?keywords=96da2c614827c23087d5b86b253f5d98
   ?keywords=cfef74a50dd3fd4a378c3d05db361851

-- 
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung